Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html

Overview

General Information

Sample URL:https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html
Analysis ID:1621016
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)
Detected non-DNS traffic on DNS port
Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1984,i,17330487147047784293,10461812476316702075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • HxOutlook.exe (PID: 7096 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca MD5: 6F8EAC2C377C8F16D91CB5AC8B8DBF5F)
  • HxAccounts.exe (PID: 6244 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca MD5: 6FEB00C9A2C3FF66230658B3012BAB6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.htmlAvira URL Cloud: detection malicious, Label: phishing

Phishing

barindex
Uses IPFS gateway to access IPFS content in browser (often used in phishing/scams)
Source: https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.htmlHTTP Parser: Gateway: ipfs.io
Source: global trafficTCP traffic: 192.168.2.4:56624 -> 162.159.36.2:53
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: ipfs.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: ipfs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: ipfs.io
Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/c
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/ccacheFileFullNotificationPercentagecacheMemoryFullNotificationPer
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://test-exp-s2s.msedge.net/ab/ge
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.aadrm.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.aadrm.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.cortana.ai
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.diagnostics.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.microsoftstream.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.office.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.onedrive.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://api.scheduler.
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmp, 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://app.powerbi.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://augloop.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://augloop.office.com/v2
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: HxAccounts.exe, 0000000C.00000002.2557077710.00000280D7400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az804205.vo.msecnd.net/
Source: HxAccounts.exe, 0000000C.00000002.2557077710.00000280D7400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az804205.vo.msecnd.net/f
Source: HxAccounts.exe, 0000000C.00000002.2557077710.00000280D7400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://az815563.vo.msecnd.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://canary.designerapp.
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/create-module
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.entity.
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://clients.config.office.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://clients.config.office.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/arbitrarycodeguard
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.net/config/v1/
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.net/config/v1/(
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.net/config/v1/exportaddressfilterhttps://config.edge.skype.com/config/v1/
Source: HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.net/config/v1/stricthandlechecksexportaddressfilterplus
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cortana.ai
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cortana.ai/api
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://cr.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://d.docs.live.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://dev.cortana.ai
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://devnull.onenote.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://directory.services.
Source: chromecache_49.2.drString found in binary or memory: https://docs.ipfs.tech/install/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ecs.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://edge.skype.com/rps
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://graph.ppe.windows.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://graph.windows.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://graph.windows.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ic3.teams.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://invites.office.com/
Source: chromecache_49.2.drString found in binary or memory: https://ipfs.tech
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://lifecycle.office.com
Source: HxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: HxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://login.microsoftonline.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://login.microsoftonline.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: HxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmp, 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://login.windows.local
Source: HxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local/
Source: HxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net
Source: HxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://make.powerautomate.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://management.azure.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://management.azure.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://management.core.windows.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://messaging.action.office.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://messaging.office.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://mss.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ncus.contentsync.
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ncus.pagecontentsync.
Source: HxAccounts.exe, 0000000C.00000002.2557110575.00000280D7413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nexus.officeapps.live.com0E
Source: HxAccounts.exe, 0000000C.00000002.2557110575.00000280D7413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nexusrules.officeapps.live.comp=A
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://officeapps.live.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://officepyservice.office.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://onedrive.live.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://otelrules.azureedge.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://outlook.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://outlook.office.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://outlook.office365.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://outlook.office365.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://planner.cloud.microsoft
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://powerlift.acompli.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://prod.support.office.com/InAppHelp
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://res.cdn.office.net
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://service.powerapps.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://settings.outlook.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://staging.cortana.ai
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://storage.azure.com/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://substrate.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://syncservice.o365syncservice.com/"
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://teams.cloud.microsoft/ups/global/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://webshell.suite.office.com
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://wus2.contentsync.
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 15E130C1-563E-49BE-A942-513754545333.7.drString found in binary or memory: https://www.yammer.com
Source: HxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmp, HxAccounts.exe, 0000000C.00000002.2559959712.00000280DD871000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com
Source: HxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com/
Source: HxAccounts.exe, 0000000C.00000002.2560436286.00000280DD979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com5
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: classification engineClassification label: mal52.phis.win@19/9@8/4
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppDataJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1984,i,17330487147047784293,10461812476316702075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html"
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1984,i,17330487147047784293,10461812476316702075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: microsoft.applications.telemetry.windows.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msoimm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso40uiimm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso30imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso20imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.core.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.word.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso20imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso50imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso20imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.model.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.applicationdata.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxcomm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.connectivity.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.hostname.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.energy.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rometadata.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.view.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxshared.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.viewmodel.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: clipc.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.resources.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profext.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hx.mail.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: threadpoolwinrt.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.graphics.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxcalendar.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.controls.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.remotedesktop.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.systemid.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.retailinfo.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winrttracing.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: photometadatahandler.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ploptin.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: webservices.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataaccountapis.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.accountscontrol.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: accountsrt.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: aphostclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.model.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: microsoft.applications.telemetry.windows.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso30imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: office.ui.xaml.hxaccounts.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.applicationdata.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxcomm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.connectivity.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.hostname.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.energy.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rometadata.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.accountscontrol.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.security.authentication.web.core.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vaultcli.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.controls.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profext.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: winrttracing.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.resources.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msftedit.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: globinputhost.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.graphics.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wuceffects.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: threadpoolwinrt.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeFile opened: C:\Windows\SYSTEM32\msftedit.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeKey opened: \REGISTRY\A\{942b5717-9294-28a9-2ae6-0c0f5158500d}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office Test\Special\PerfImmJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: settings.dat.7.drBinary or memory string: VMware, Inc. VMware20,1NE
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
svc.ms-acdc-teams.office.com
52.123.243.71
truefalse
    		high
    www.google.com
    		142.250.181.228
    		truefalse
      		high
      ipfs.io
      		209.94.90.1
      		truefalse
        		high
        241.42.69.40.in-addr.arpa
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://ipfs.io/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.jsfalse
            		high
            https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.htmlfalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://api.diagnosticssdf.office.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                		high
                https://login.microsoftonline.com/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                  		high
                  https://shell.suite.office.com:144315E130C1-563E-49BE-A942-513754545333.7.drfalse
                    		high
                    https://designerapp.azurewebsites.net15E130C1-563E-49BE-A942-513754545333.7.drfalse
                      		high
                      https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize15E130C1-563E-49BE-A942-513754545333.7.drfalse
                        		high
                        https://autodiscover-s.outlook.com/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                          		high
                          https://useraudit.o365auditrealtimeingestion.manage.office.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                            		high
                            https://outlook.office365.com/connectors15E130C1-563E-49BE-A942-513754545333.7.drfalse
                              		high
                              https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                		high
                                https://cdn.entity.15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                  		high
                                  https://api.addins.omex.office.net/appinfo/query15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                    		high
                                    https://clients.config.office.net/user/v1.0/tenantassociationkey15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                      		high
                                      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                        		high
                                        https://powerlift.acompli.net15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                          		high
                                          https://rpsticket.partnerservices.getmicrosoftkey.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                            		high
                                            https://lookup.onenote.com/lookup/geolocation/v115E130C1-563E-49BE-A942-513754545333.7.drfalse
                                              		high
                                              https://cortana.ai15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                		high
                                                https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                  		high
                                                  https://notification.m365.svc.cloud.microsoft/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                    		high
                                                    https://cloudfiles.onenote.com/upload.aspx15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                      		high
                                                      https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                        		high
                                                        https://entitlement.diagnosticssdf.office.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                          		high
                                                          https://api.aadrm.com/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                            		high
                                                            https://ofcrecsvcapi-int.azurewebsites.net/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                              		high
                                                              https://canary.designerapp.15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                		high
                                                                https://ic3.teams.office.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                  		high
                                                                  https://config.edge.skype.net/config/v1/HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.yammer.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                      		high
                                                                      https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                        		high
                                                                        https://api.microsoftstream.com/api/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                          		high
                                                                          https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                            		high
                                                                            https://cr.office.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                              		high
                                                                              https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                		high
                                                                                https://messagebroker.mobile.m365.svc.cloud.microsoft15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                  		high
                                                                                  https://otelrules.svc.static.microsoft15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                    		high
                                                                                    https://portal.office.com/account/?ref=ClientMeControl15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                      		high
                                                                                      https://clients.config.office.net/c2r/v1.0/DeltaAdvisory15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                        		high
                                                                                        https://edge.skype.com/registrar/prod15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                          		high
                                                                                          https://graph.ppe.windows.net15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                            		high
                                                                                            https://res.getmicrosoftkey.com/api/redemptionevents15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                              		high
                                                                                              https://powerlift-frontdesk.acompli.net15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                		high
                                                                                                https://officeci.azurewebsites.net/api/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                  		high
                                                                                                  https://sr.outlook.office.net/ws/speech/recognize/assistant/work15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                    		high
                                                                                                    https://xsts.auth.xboxlive.com5HxAccounts.exe, 0000000C.00000002.2560436286.00000280DD979000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://api.scheduler.15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                        		high
                                                                                                        https://my.microsoftpersonalcontent.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                          		high
                                                                                                          https://store.office.cn/addinstemplate15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                            		high
                                                                                                            https://api.aadrm.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                              		high
                                                                                                              https://edge.skype.com/rps15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                		high
                                                                                                                https://outlook.office.com/autosuggest/api/v1/init?cvid=15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                  		high
                                                                                                                  https://globaldisco.crm.dynamics.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                    		high
                                                                                                                    https://messaging.engagement.office.com/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                      		high
                                                                                                                      https://ipfs.techchromecache_49.2.drfalse
                                                                                                                        		high
                                                                                                                        https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                          		high
                                                                                                                          https://dev0-api.acompli.net/autodetect15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                            		high
                                                                                                                            https://www.odwebp.svc.ms15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                              		high
                                                                                                                              https://api.diagnosticssdf.office.com/v2/feedback15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                		high
                                                                                                                                https://api.powerbi.com/v1.0/myorg/groups15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                  		high
                                                                                                                                  https://web.microsoftstream.com/video/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                    		high
                                                                                                                                    https://api.addins.store.officeppe.com/addinstemplate15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                      		high
                                                                                                                                      https://graph.windows.net15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                        		high
                                                                                                                                        https://dataservice.o365filtering.com/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                          		high
                                                                                                                                          https://officesetup.getmicrosoftkey.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                            		high
                                                                                                                                            https://analysis.windows.net/powerbi/api15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                              		high
                                                                                                                                              https://prod-global-autodetect.acompli.net/autodetect15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                		high
                                                                                                                                                https://substrate.office.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://login.windows.net/HxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://outlook.office365.com/autodiscover/autodiscover.json15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://consent.config.office.com/consentcheckin/v1.0/consents15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://notification.m365.svc.cloud.microsoft/PushNotifications.Register15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://d.docs.live.net15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://safelinks.protection.outlook.com/api/GetPolicy15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://ncus.contentsync.15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://syncservice.o365syncservice.com/"15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://weather.service.msn.com/data.aspx15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://apis.live.net/v5.0/HxAccounts.exe, 0000000C.00000002.2557174028.00000280D742B000.00000004.00000020.00020000.00000000.sdmp, 15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://officepyservice.office.net/service.functionality15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://messaging.lifecycle.office.com/15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://planner.cloud.microsoft15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://mss.office.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://pushchannel.1drv.ms15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://xsts.auth.xboxlive.com/HxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://management.azure.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://outlook.office365.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://login.windows.netHxAccounts.exe, 0000000C.00000002.2560306295.00000280DD938000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://wus2.contentsync.15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://incidents.diagnostics.office.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://clients.config.office.net/user/v1.0/ios15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://make.powerautomate.com15E130C1-563E-49BE-A942-513754545333.7.drfalse
                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                  239.255.255.250
                                                                                                                                                                                                                  		unknownReserved
                                                                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                                                                  142.250.181.228
                                                                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                  209.94.90.1
                                                                                                                                                                                                                  		ipfs.ioUnited States
                                                                                                                                                                                                                  		40680PROTOCOLUSfalse

                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                  192.168.2.4

                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                  Analysis ID:1621016
                                                                                                                                                                                                                  Start date and time:2025-02-21 14:37:26 +01:00
                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                  Overall analysis duration:0h 3m 48s
                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                  Cookbook file name:browseurl.jbs
                                                                                                                                                                                                                  Sample URL:https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html
                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                  Number of analysed new started processes analysed:14
                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                  Classification:mal52.phis.win@19/9@8/4

                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, HxTsr.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 216.58.206.35, 74.125.71.84, 142.250.186.142, 216.58.206.78, 172.217.16.206, 142.250.185.206, 199.232.214.172, 2.23.77.188, 142.250.184.206, 172.217.23.110, 52.109.32.97, 142.250.184.227, 34.104.35.123, 142.250.184.238, 2.18.97.153, 20.109.210.53, 13.107.5.88, 52.123.243.71, 40.69.42.241, 40.127.240.158, 52.149.20.212, 13.107.246.45
                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, outlookmobile-office365-tas.msedge.net, redirector.gvt1.com, edgedl.me.gvt1.com, config.officeapps.live.com, update.googleapis.com, officeclient.microsoft.com, settings.data.microsoft.com, clients.l.google.com, ukw-azsc-config.officeapps.live.com, config.edge.skype.com, europe.configsvc1.live.com.akadns.net, mira.config.skype.com
                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                  • VT rate limit hit for: https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html

                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                  No simulations

                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData\Local\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\15E130C1-563E-49BE-A942-513754545333

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):180384
                                                                                                                                                                                                                  Entropy (8bit):5.296018682463768
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:1536:CrVwPRAqJbz4wglE0Qe7HWKQjj/hMpcAZl1p5ihs7gXXdEVJnaOBIY5YdGVF8S7B:yMe7HWKQjj//Xi1LB
                                                                                                                                                                                                                  MD5:A02456F6B8084DE3107009F56E636496
                                                                                                                                                                                                                  SHA1:3B8933A0371D59B78CE8AC355FB886DC58B8FA33
                                                                                                                                                                                                                  SHA-256:9A2D139259531FF65A0BBAD4EA936C0D8D0146AAF5B7F0CB3A4C55EC5DD91E98
                                                                                                                                                                                                                  SHA-512:859BE96DBF81C465B26C379D79980E595AE641C56CF6077EAE4B37223DEA9FA23E5F11559CFC9F1EDEED7D3A6A76E456303F674F4DE1418BDD1E00C4F9CD7345
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2025-02-21T13:38:48">.. Build: 16.0.18413.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results?fullframe=yes</o:url>.. <o:ticket o:policy="DELEGATION" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Bearer {}" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.Resourc

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxAccountsAlwaysOnLog.etl

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):0.12538317482402658
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:YRVXPqF69Fq5jMF+K8CkRKQ1UMCl2M+aqc2EfK8C8c3P:Yz1v+Kfk9SMClCaoEfKf86
                                                                                                                                                                                                                  MD5:A4AA70F7C0BC598A0D4FC2BDA5222103
                                                                                                                                                                                                                  SHA1:8A7B86D056E9CEFB735DAE486A7FDEFE89A06F07
                                                                                                                                                                                                                  SHA-256:CFE452A4272315F32828E249894319BE696F219F4132266B53727298A8AB2FA9
                                                                                                                                                                                                                  SHA-512:65159562C4ECF03576255E9B20DE462E711E0E27BF4925BEF3C470E2B7254A451D65625289C00AD1B078713A6E7BA8E4380B2FA47AD7EAA5211AC9DE292E14B2
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview:............................................................................d.......d....O(.....................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................s...............Y.e...........H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g.g.e.r...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.A.c.c.o.u.n.t.s.A.l.w.a.y.s.O.n.L.o.g...e.t.l...........P.P.....d.....).....................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxmAlwaysOnLog.etl

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                  Entropy (8bit):0.12080778494195124
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:12:kHXPqF69Fq5jMDnB8C8RKQ1UMCl2M+aqc2EOCNv:I1FBf89SMClCaoEFl
                                                                                                                                                                                                                  MD5:1CD308C3ADB7D72401D815A7AE8170EC
                                                                                                                                                                                                                  SHA1:2012BE5F29D837DB24D46BD539DF5A25BF5A894E
                                                                                                                                                                                                                  SHA-256:45F7EE021101475D8FCABEFC239E53DB2353C037A0597E8366A4FE1882706A89
                                                                                                                                                                                                                  SHA-512:2DA8657B4C6E85CC6A01A09FFEE586F8894F6994C7D11C5728E53EE467A84DB2C2E8D94F13E3FF14E5B520E0EA9E42758EB2410A7D2B8292AA7818947DA5424A
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview:............................................................................B...h.......<,......................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................s..............?..e...........H.x.M.A.l.w.a.y.s.O.n.L.o.g...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.a.c.k.a.g.e.s.\.m.i.c.r.o.s.o.f.t...w.i.n.d.o.w.s.c.o.m.m.u.n.i.c.a.t.i.o.n.s.a.p.p.s._.8.w.e.k.y.b.3.d.8.b.b.w.e.\.L.o.c.a.l.S.t.a.t.e.\.H.x.m.A.l.w.a.y.s.O.n.L.o.g...e.t.l.............P.P.h..............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):524288
                                                                                                                                                                                                                  Entropy (8bit):0.11360201228708662
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:+JC/34akh8N/y+e5/d+ulAvykbseBGIYawg8Ul49Ys3GxjRbt0Gsj:uC/34akxflErN349Ys3G7t0
                                                                                                                                                                                                                  MD5:F56CD7FF23417D0E9C19453FD6FF84BA
                                                                                                                                                                                                                  SHA1:2F23A3F945E4AEE34208DE033C21097E76DC900F
                                                                                                                                                                                                                  SHA-256:2B7FD850AF22861E19339FA83C26C9723F55C0CBE6E8A67DE3FA0918254E6DB6
                                                                                                                                                                                                                  SHA-512:F8F2298F0DA7238BAE3F0E20C35D2A006EB0B7861D8600037BCF1E53ECD5523D7E193BB6708A311D1150915BE547EF4E54946D5BE901838932B1543603CC6B67
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview:regf........b.Q.7.................. .... ......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm:.....................................................................................................................................................................................................................................................................................................................................................p0........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                  Chrome Cache Entry: 47

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (1238)
                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                  Size (bytes):1239
                                                                                                                                                                                                                  Entropy (8bit):5.068464054671174
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:ch63Cf5W8QPIHRZ3hwVFS39bYGwNef1yTZsNUkQ1sZmSuLqNWRco5Jcn5IKM6cuY:C6SQnw/x+SR8ZZkQbp1RZ5JwiKMm7Zc
                                                                                                                                                                                                                  MD5:9E8F56E8E1806253BA01A95CFC3D392C
                                                                                                                                                                                                                  SHA1:A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
                                                                                                                                                                                                                  SHA-256:2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
                                                                                                                                                                                                                  SHA-512:63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  URL:https://ipfs.io/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
                                                                                                                                                                                                                  Preview:!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href")||""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

                                                                                                                                                                                                                  Chrome Cache Entry: 48

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (1238)
                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                  Size (bytes):1239
                                                                                                                                                                                                                  Entropy (8bit):5.068464054671174
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:24:ch63Cf5W8QPIHRZ3hwVFS39bYGwNef1yTZsNUkQ1sZmSuLqNWRco5Jcn5IKM6cuY:C6SQnw/x+SR8ZZkQbp1RZ5JwiKMm7Zc
                                                                                                                                                                                                                  MD5:9E8F56E8E1806253BA01A95CFC3D392C
                                                                                                                                                                                                                  SHA1:A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
                                                                                                                                                                                                                  SHA-256:2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
                                                                                                                                                                                                                  SHA-512:63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Preview:!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href")||""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

                                                                                                                                                                                                                  Chrome Cache Entry: 49

                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (1632)
                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                  Size (bytes):6751
                                                                                                                                                                                                                  Entropy (8bit):5.476621054651082
                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                  SSDEEP:96:yhp3MuQi5MtjyV3Y5exszQucQ0JF06vSOGWK1Ieq72uLSi:yhp3MuQi5LVlxuifo6vSmWqKTi
                                                                                                                                                                                                                  MD5:B35AC21142B335B05037E40AF8D7553D
                                                                                                                                                                                                                  SHA1:F8F41265FECE9B2AF77C7265E3028F88E7930D17
                                                                                                                                                                                                                  SHA-256:375A30177F689DA79EC93CC1F48E1B5C0729BBAC8F1F093400E10A162CBE000E
                                                                                                                                                                                                                  SHA-512:FA263D740FEC029A9F689C6996B9C20D0CAE17F5822B1BFAB82CDD0D99C969855068943302E211DCF976BA99F905474CEE271C74E2BE591DDA8ACB36EED323BE
                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  URL:https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html
                                                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="utf-8" />.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<link rel="shortcut icon". href="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlo89/56ZQ/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACUjDu1lo89/6mhTP+zrVP/nplD/5+aRK8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHNiIS6Wjz3/ubFY/761W/+vp1D/urRZ/8vDZf/GvmH/nplD/1BNIm8AAAAAAAAAAAAAAAAAAAAAAAAAAJaPPf+knEj/vrVb/761W/++tVv/r6dQ/7q0Wf/Lw2X/y8Nl/8vDZf+tpk7/nplD/wAAAAAAAAAAAAAAAJaPPf+2rVX/vrVb/761W/++tVv/vrVb/6+nUP+6tFn/y8Nl/8vDZf/Lw2X/y8Nl/8G6Xv+emUP/AAAAAAAAAACWjz3/vrVb/761W/++tVv/vrVb/761W/+vp1D/urRZ/8vDZf/Lw2X/y8Nl/8vDZf/Lw2X/nplD/wAAAAAAAAAAlo89/761W/++tVv/vrVb/761W/++tVv/r6dQ/7q0Wf/Lw2X/y8Nl/8vDZf/Lw2X/y8Nl/56ZQ/8AAAAAAAAAAJaPPf++tVv/vrVb/761W/++tVv/vbRa/5aPPf+emUP/y8Nl/8vDZf/Lw2X/y8Nl/8vDZf+emUP/AAAAAAAAAACWjz3/vrVb/761W/++tVv/vrVb/5q

                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                  No static file info

                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Feb 21, 2025 14:38:22.063462019 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.608767986 CET49738443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.608825922 CET44349738142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.608913898 CET49738443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.609117031 CET49738443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.609131098 CET44349738142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:28.273798943 CET44349738142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:28.274138927 CET49738443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:38:28.274166107 CET44349738142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:28.275285959 CET44349738142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:28.275350094 CET49738443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:38:28.276902914 CET49738443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:38:28.276983976 CET44349738142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:28.328022003 CET49738443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:38:28.328046083 CET44349738142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:28.374908924 CET49738443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.766266108 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.766396999 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.766558886 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.766648054 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.766705036 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.766762972 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.767003059 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.767018080 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.767164946 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.767214060 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.242274046 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.242605925 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.242639065 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.244304895 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.244379997 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.249087095 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.249186039 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.249250889 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.261415005 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.261785030 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.261863947 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.263345003 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.263442039 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.265546083 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.265666008 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.291378021 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.294847012 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.294899940 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.314816952 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.314857960 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.345204115 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.360414028 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.372878075 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373001099 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373076916 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373152018 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373224974 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373238087 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373269081 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373294115 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373313904 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373342037 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373579025 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.373661995 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.374056101 CET49740443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.374099970 CET44349740209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.396514893 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.439340115 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.500900984 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.501159906 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.501252890 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.507302999 CET49741443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.507364035 CET44349741209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.535161972 CET49743443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.535223961 CET44349743209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.535433054 CET49743443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.535665989 CET49743443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.535685062 CET44349743209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.998121023 CET44349743209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.998459101 CET49743443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.998541117 CET44349743209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.000036001 CET44349743209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.000116110 CET49743443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.000492096 CET49743443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.000581980 CET44349743209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.000641108 CET49743443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.000658035 CET44349743209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.044538021 CET49743443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.136039972 CET44349743209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.136157990 CET44349743209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.136243105 CET49743443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.137118101 CET49743443192.168.2.4209.94.90.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:31.137161016 CET44349743209.94.90.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:38.184000969 CET44349738142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:38.184077978 CET44349738142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:38.184299946 CET49738443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:38:38.658585072 CET49738443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:38:38.658672094 CET44349738142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:50.635304928 CET5662453192.168.2.4162.159.36.2
                                                                                                                                                                                                                  Feb 21, 2025 14:38:50.640400887 CET5356624162.159.36.2192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:50.640512943 CET5662453192.168.2.4162.159.36.2
                                                                                                                                                                                                                  Feb 21, 2025 14:38:50.645937920 CET5356624162.159.36.2192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:51.126846075 CET5662453192.168.2.4162.159.36.2
                                                                                                                                                                                                                  Feb 21, 2025 14:38:51.135828018 CET5662453192.168.2.4162.159.36.2
                                                                                                                                                                                                                  Feb 21, 2025 14:38:51.141215086 CET5356624162.159.36.2192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:51.141326904 CET5662453192.168.2.4162.159.36.2
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.454257011 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.454329967 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.459551096 CET8049723199.232.210.172192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.459613085 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.459794044 CET8049724199.232.210.172192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.460247993 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.667726994 CET56710443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.667776108 CET44356710142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.667848110 CET56710443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.668148994 CET56710443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.668167114 CET44356710142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:28.306320906 CET44356710142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:28.306740046 CET56710443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:39:28.306751013 CET44356710142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:28.307280064 CET44356710142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:28.308015108 CET56710443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:39:28.308084011 CET44356710142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:28.360245943 CET56710443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:39:38.210566044 CET44356710142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:38.210644007 CET44356710142.250.181.228192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:38.210757971 CET56710443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:39:38.659400940 CET56710443192.168.2.4142.250.181.228
                                                                                                                                                                                                                  Feb 21, 2025 14:39:38.659436941 CET44356710142.250.181.228192.168.2.4

                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                  Feb 21, 2025 14:38:23.818912029 CET53510991.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:23.962409973 CET53598991.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:24.936578035 CET53602991.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.600177050 CET4930453192.168.2.41.1.1.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.600327015 CET6306753192.168.2.41.1.1.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.607661963 CET53493041.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.607678890 CET53630671.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.756052971 CET5050653192.168.2.41.1.1.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.756285906 CET6513953192.168.2.41.1.1.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.763416052 CET53505061.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.765717983 CET53651391.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.525721073 CET4989253192.168.2.41.1.1.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.526016951 CET6130353192.168.2.41.1.1.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.534637928 CET53613031.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.534663916 CET53498921.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:39.024403095 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                  Feb 21, 2025 14:38:41.993240118 CET53602711.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:50.634617090 CET5352638162.159.36.2192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:38:51.183083057 CET5098553192.168.2.41.1.1.1
                                                                                                                                                                                                                  Feb 21, 2025 14:38:51.305861950 CET53509851.1.1.1192.168.2.4
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.658869982 CET6404753192.168.2.41.1.1.1
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.666150093 CET53640471.1.1.1192.168.2.4

                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.600177050 CET192.168.2.41.1.1.10x5168Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.600327015 CET192.168.2.41.1.1.10x2e37Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.756052971 CET192.168.2.41.1.1.10x12e4Standard query (0)ipfs.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.756285906 CET192.168.2.41.1.1.10x618cStandard query (0)ipfs.io65IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.525721073 CET192.168.2.41.1.1.10x2128Standard query (0)ipfs.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.526016951 CET192.168.2.41.1.1.10xc789Standard query (0)ipfs.io65IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:51.183083057 CET192.168.2.41.1.1.10xedd6Standard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.658869982 CET192.168.2.41.1.1.10x5475Standard query (0)www.google.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.607661963 CET1.1.1.1192.168.2.40x5168No error (0)www.google.com142.250.181.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:27.607678890 CET1.1.1.1192.168.2.40x2e37No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.763416052 CET1.1.1.1192.168.2.40x12e4No error (0)ipfs.io209.94.90.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:29.765717983 CET1.1.1.1192.168.2.40x618cNo error (0)ipfs.io65IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.534637928 CET1.1.1.1192.168.2.40xc789No error (0)ipfs.io65IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:30.534663916 CET1.1.1.1192.168.2.40x2128No error (0)ipfs.io209.94.90.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:49.635144949 CET1.1.1.1192.168.2.40x2a30No error (0)svc.ha-teams.office.comsvc.ms-acdc-teams.office.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:49.635144949 CET1.1.1.1192.168.2.40x2a30No error (0)svc.ms-acdc-teams.office.com52.123.243.71A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:49.635144949 CET1.1.1.1192.168.2.40x2a30No error (0)svc.ms-acdc-teams.office.com52.123.243.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:49.635144949 CET1.1.1.1192.168.2.40x2a30No error (0)svc.ms-acdc-teams.office.com52.123.243.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:49.635144949 CET1.1.1.1192.168.2.40x2a30No error (0)svc.ms-acdc-teams.office.com52.123.243.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:38:51.305861950 CET1.1.1.1192.168.2.40xedd6Name error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                                                  Feb 21, 2025 14:39:27.666150093 CET1.1.1.1192.168.2.40x5475No error (0)www.google.com142.250.181.228A (IP address)IN (0x0001)false

                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                  • ipfs.io
                                                                                                                                                                                                                  • https:

                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  0192.168.2.449740209.94.90.14436100C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC732OUTGET /ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html HTTP/1.1
                                                                                                                                                                                                                  Host: ipfs.io
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                  Sec-Fetch-User: ?1
                                                                                                                                                                                                                  Sec-Fetch-Dest: document
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC295INHTTP/1.1 410 Gone
                                                                                                                                                                                                                  Date: Fri, 21 Feb 2025 13:38:30 GMT
                                                                                                                                                                                                                  Content-Type: text/html
                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Cache-Control: public, max-age=31560000, immutable
                                                                                                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                                                                                                  Age: 8198
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 9157231b7b9c19c3-EWR
                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC1074INData Raw: 31 61 35 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 0a 20 20 20 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 62 61 73 65 36 34 2c 41 41 41 42 41 41 45 41 45 42 41 41 41 41 45 41 49 41 42 6f 42 41 41 41 46 67 41 41 41 43 67 41 41 41 41 51 41 41 41 41 49 41 41 41 41 41 45 41
                                                                                                                                                                                                                  Data Ascii: 1a5f<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0"><link rel="shortcut icon" href="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEA
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC1369INData Raw: 2b 74 56 76 2f 73 71 6c 53 2f 35 36 5a 51 2f 2f 4c 78 57 62 2f 30 4d 6c 70 2f 39 44 4a 61 66 2f 4b 77 32 58 2f 6f 4a 74 45 2f 37 2b 33 58 50 2f 4c 77 32 58 2f 79 38 4e 6c 2f 35 36 5a 51 2f 38 41 41 41 41 41 41 41 41 41 41 4a 61 50 50 66 2b 39 74 46 72 2f 6d 4a 45 2b 2f 37 47 73 55 76 2f 52 79 6d 72 2f 30 63 70 71 2f 39 48 4b 61 76 2f 52 79 6d 72 2f 30 63 70 71 2f 39 48 4b 61 76 2b 78 72 46 4c 2f 6e 70 6c 44 2f 38 76 44 5a 66 2b 65 6d 55 50 2f 41 41 41 41 41 41 41 41 41 41 43 57 6a 7a 33 2f 6f 70 35 47 2f 39 48 4b 61 76 2f 52 79 6d 72 2f 30 63 70 71 2f 39 48 4b 61 76 2f 52 79 6d 72 2f 30 63 70 71 2f 39 48 4b 61 76 2f 52 79 6d 72 2f 30 63 70 71 2f 39 48 4b 61 76 2b 69 6e 6b 62 2f 6e 70 6c 44 2f 77 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 4b 4b 65 52 76
                                                                                                                                                                                                                  Data Ascii: +tVv/sqlS/56ZQ//LxWb/0Mlp/9DJaf/Kw2X/oJtE/7+3XP/Lw2X/y8Nl/56ZQ/8AAAAAAAAAAJaPPf+9tFr/mJE+/7GsUv/Rymr/0cpq/9HKav/Rymr/0cpq/9HKav+xrFL/nplD/8vDZf+emUP/AAAAAAAAAACWjz3/op5G/9HKav/Rymr/0cpq/9HKav/Rymr/0cpq/9HKav/Rymr/0cpq/9HKav+inkb/nplD/wAAAAAAAAAAAAAAAKKeRv
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC1369INData Raw: 0a 09 63 6f 6c 6f 72 3a 20 23 31 31 37 65 62 33 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 61 3a 68 6f 76 65 72 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 62 30 65 39 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 7d 0a 0a 61 3a 61 63 74 69 76 65 2c 0a 61 3a 76 69 73 69 74 65 64 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 31 31 37 65 62 33 3b 0a 7d 0a 0a 2e 66 6c 65 78 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 7d 0a 0a 2e 66 6c 65 78 2d 77 72 61 70 20 7b 0a 09 66 6c 65 78 2d 66 6c 6f 77 3a 20 77 72 61 70 3b 0a 7d 0a 0a 2e 66 6c 65 78 2d 73 68 72 69 6e 6b 20 7b 0a 09 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 20 31 3b 0a 7d 0a 0a 2e 6d 6c 2d 61 75 74 6f 20 7b 0a 09 6d
                                                                                                                                                                                                                  Data Ascii: color: #117eb3;text-decoration: none;}a:hover {color: #00b0e9;text-decoration: underline;}a:active,a:visited {color: #117eb3;}.flex {display: flex;}.flex-wrap {flex-flow: wrap;}.flex-shrink {flex-shrink: 1;}.ml-auto {m
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC1369INData Raw: 69 6f 6e 3a 6e 6f 74 28 3a 6c 61 73 74 2d 63 68 69 6c 64 29 20 7b 0a 09 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 64 61 72 6b 2d 77 68 69 74 65 29 3b 0a 7d 0a 0a 6d 61 69 6e 20 73 65 63 74 69 6f 6e 20 68 65 61 64 65 72 20 7b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 76 61 72 28 2d 2d 6e 65 61 72 2d 77 68 69 74 65 29 3b 0a 7d 0a 0a 2e 67 72 69 64 20 7b 0a 09 64 69 73 70 6c 61 79 3a 20 67 72 69 64 3b 0a 09 6f 76 65 72 66 6c 6f 77 2d 78 3a 20 61 75 74 6f 3b 0a 7d 0a 0a 2e 67 72 69 64 20 2e 67 72 69 64 20 7b 0a 09 6f 76 65 72 66 6c 6f 77 2d 78 3a 20 76 69 73 69 62 6c 65 3b 0a 7d 0a 0a 2e 67 72 69 64 20 3e 20 64 69 76 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 2e 37 65 6d 3b 0a 09 62 6f 72 64 65
                                                                                                                                                                                                                  Data Ascii: ion:not(:last-child) {border-bottom: 1px solid var(--dark-white);}main section header {background-color: var(--near-white);}.grid {display: grid;overflow-x: auto;}.grid .grid {overflow-x: visible;}.grid > div {padding: .7em;borde
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC1369INData Raw: 0a 09 09 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 09 7d 0a 0a 09 23 6d 61 69 6e 20 68 65 61 64 65 72 2c 0a 09 2e 69 70 66 73 2d 68 61 73 68 2c 0a 09 62 6f 64 79 20 7b 0a 09 09 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 09 7d 0a 0a 09 23 6d 61 69 6e 2c 0a 09 23 6d 61 69 6e 20 68 65 61 64 65 72 20 7b 0a 09 09 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 09 7d 0a 0a 09 61 2c 0a 09 61 3a 76 69 73 69 74 65 64 20 7b 0a 09 09 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 09 7d 0a 0a 09 61 5b 68 72 65 66 5d 3a 61 66 74 65 72 20 7b 0a 09 09 63 6f 6e 74 65 6e 74 3a 22 20 28 22 20 61 74 74 72 28 68 72 65 66 29 20 22 29 22 0a 09 7d 0a 7d 0a 0a 40 6d 65 64 69 61 20 6f 6e
                                                                                                                                                                                                                  Data Ascii: display: none;}#main header,.ipfs-hash,body {color: #000;}#main,#main header {border-color: #000;}a,a:visited {color: #000;text-decoration: underline;}a[href]:after {content:" (" attr(href) ")"}}@media on
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC209INData Raw: 61 73 6f 6e 20 77 68 79 20 69 74 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 62 6c 6f 63 6b 65 64 2e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 73 65 63 74 69 6f 6e 3e 0a 20 20 20 20 3c 2f 6d 61 69 6e 3e 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: ason why it should not be blocked. </p> </section> </main><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body></html>
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  1192.168.2.449741209.94.90.14436100C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC643OUTGET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
                                                                                                                                                                                                                  Host: ipfs.io
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                  Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                                                  Referer: https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC425INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Fri, 21 Feb 2025 13:38:30 GMT
                                                                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                                                                  Content-Length: 1239
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Last-Modified: Tue, 18 Feb 2025 13:53:01 GMT
                                                                                                                                                                                                                  ETag: "67b490bd-4d7"
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 9157231c4fa041d3-EWR
                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                  Expires: Sun, 23 Feb 2025 13:38:30 GMT
                                                                                                                                                                                                                  Cache-Control: max-age=172800
                                                                                                                                                                                                                  Cache-Control: public
                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC944INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 74 72 79 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 63 6f 6e 73 6f 6c 65 29 72 65 74 75 72 6e 3b 22 65 72 72 6f 72 22 69 6e 20 63 6f 6e 73 6f 6c 65 3f 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 65 29 3a 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 65 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 72 65 74 75 72 6e 20 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 27 3c 61 20 68 72 65 66 3d 22 27 2b 65 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2b 27 22 3e 3c 2f 61 3e 27 2c 64 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 30 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 68 72 65 66
                                                                                                                                                                                                                  Data Ascii: !function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC295INData Raw: 68 28 63 29 7b 65 28 63 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 74 72 79 7b 63 28 74 29 2c 6f 28 74 29 2c 61 28 74 29 7d 63 61 74 63 68 28 72 29 7b 65 28 72 29 7d 7d 76 61 72 20 6c 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 22 2c 75 3d 22 2e 5f 5f 63 66 5f 65 6d 61 69 6c 5f 5f 22 2c 66 3d 22 64 61 74 61 2d 63 66 65 6d 61 69 6c 22 2c 64 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 69 28 64 6f 63 75 6d 65 6e 74 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 73 63 72 69 70 74 73 5b 64 6f 63 75 6d 65 6e 74 2e 73 63 72 69 70 74 73 2e 6c 65 6e 67 74
                                                                                                                                                                                                                  Data Ascii: h(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r)}}var l="/cdn-cgi/l/email-protection#",u=".__cf_email__",f="data-cfemail",d=document.createElement("div");i(document),function(){var e=document.currentScript||document.scripts[document.scripts.lengt


                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                  2192.168.2.449743209.94.90.14436100C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                  2025-02-21 13:38:30 UTC393OUTGET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
                                                                                                                                                                                                                  Host: ipfs.io
                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                  2025-02-21 13:38:31 UTC425INHTTP/1.1 200 OK
                                                                                                                                                                                                                  Date: Fri, 21 Feb 2025 13:38:31 GMT
                                                                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                                                                  Content-Length: 1239
                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                  Last-Modified: Mon, 17 Feb 2025 11:53:56 GMT
                                                                                                                                                                                                                  ETag: "67b32354-4d7"
                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                  CF-RAY: 915723203bd6236a-EWR
                                                                                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                  Expires: Sun, 23 Feb 2025 13:38:31 GMT
                                                                                                                                                                                                                  Cache-Control: max-age=172800
                                                                                                                                                                                                                  Cache-Control: public
                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                  2025-02-21 13:38:31 UTC944INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 65 28 65 29 7b 74 72 79 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 63 6f 6e 73 6f 6c 65 29 72 65 74 75 72 6e 3b 22 65 72 72 6f 72 22 69 6e 20 63 6f 6e 73 6f 6c 65 3f 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 65 29 3a 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 65 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 74 28 65 29 7b 72 65 74 75 72 6e 20 64 2e 69 6e 6e 65 72 48 54 4d 4c 3d 27 3c 61 20 68 72 65 66 3d 22 27 2b 65 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2b 27 22 3e 3c 2f 61 3e 27 2c 64 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 30 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 68 72 65 66
                                                                                                                                                                                                                  Data Ascii: !function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,"&quot;")+'"></a>',d.childNodes[0].getAttribute("href
                                                                                                                                                                                                                  2025-02-21 13:38:31 UTC295INData Raw: 68 28 63 29 7b 65 28 63 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 74 72 79 7b 63 28 74 29 2c 6f 28 74 29 2c 61 28 74 29 7d 63 61 74 63 68 28 72 29 7b 65 28 72 29 7d 7d 76 61 72 20 6c 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 22 2c 75 3d 22 2e 5f 5f 63 66 5f 65 6d 61 69 6c 5f 5f 22 2c 66 3d 22 64 61 74 61 2d 63 66 65 6d 61 69 6c 22 2c 64 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 69 28 64 6f 63 75 6d 65 6e 74 29 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 73 63 72 69 70 74 73 5b 64 6f 63 75 6d 65 6e 74 2e 73 63 72 69 70 74 73 2e 6c 65 6e 67 74
                                                                                                                                                                                                                  Data Ascii: h(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r)}}var l="/cdn-cgi/l/email-protection#",u=".__cf_email__",f="data-cfemail",d=document.createElement("div");i(document),function(){var e=document.currentScript||document.scripts[document.scripts.lengt


                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                  Start time:08:38:19
                                                                                                                                                                                                                  Start date:21/02/2025
                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                  Start time:08:38:22
                                                                                                                                                                                                                  Start date:21/02/2025
                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1984,i,17330487147047784293,10461812476316702075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                  Start time:08:38:29
                                                                                                                                                                                                                  Start date:21/02/2025
                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html"
                                                                                                                                                                                                                  Imagebase:0x7ff76e190000
                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                  Start time:08:38:45
                                                                                                                                                                                                                  Start date:21/02/2025
                                                                                                                                                                                                                  Path:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
                                                                                                                                                                                                                  Imagebase:0x7ff6c93d0000
                                                                                                                                                                                                                  File size:2'486'784 bytes
                                                                                                                                                                                                                  MD5 hash:6F8EAC2C377C8F16D91CB5AC8B8DBF5F
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  General

                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                  Start time:08:38:50
                                                                                                                                                                                                                  Start date:21/02/2025
                                                                                                                                                                                                                  Path:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe
                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                  Commandline:"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
                                                                                                                                                                                                                  Imagebase:0x7ff743d30000
                                                                                                                                                                                                                  File size:274'432 bytes
                                                                                                                                                                                                                  MD5 hash:6FEB00C9A2C3FF66230658B3012BAB6A
                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                  No disassembly