Edit tour

Windows Analysis Report
https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com

Overview

General Information

Sample URL:	https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com
Analysis ID:	1631118
Infos:

Detection

Score:	52
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Phishing site or detected (based on various text indicators)

Creates files inside the system directory

Deletes files inside the Windows folder

URL contains potential PII (phishing indication)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7048 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 2924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,12757131733041611598,6350675229214870562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com" MD5: E81F54E6C1129887AEA47E7D092680BF)

msedge.exe (PID: 3460 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6740 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7596 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5292 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7744 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6696 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6688 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6052 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3492 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6420 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

HTTP traffic detected: POST /report/v4?s=NgZOjetePjEBaEf%2FijXCgFBLbotolZRnbtlb2u2XEQAgPyKFs%2B7JOoKuxy7%2FUrOKxrO%2BwzD49bk5vMEG14u06UkvIto2JE%2Fx7NzmqfBqZ4MDwHgQCXO%2BFOUg7eI3GmyNBZc2u19k8XnX4nU9vCMXXeSWffL5QqGOErgkqfAc HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 477Content-Type: application/reports+jsonOrigin: https://zsharepointonlinems.mysteriousroutes.it.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 06 Mar 2025 15:51:31 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400cf-cache-status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ai7kkgD%2Bbd7FcuwhUhqEy3f3RuPHMoRZIUpV3YDy3po09hH5ipqtbEvxKi4xgVl1UW%2FrKiObvF%2BQsfDnEZeT0%2FpezoSocxfUePcJdLWlJquyTZ6PX2AxNyiCOcdeON%2FxBgvRhUE5hDwcLMeWCvUHeBqawmhdRxOTgfMSf%2F%2Bu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91c303d638f73075-SEAalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=56848&min_rtt=56302&rtt_var=16782&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2861&recv_bytes=1292&delivery_rate=49389&cwnd=251&unsent_bytes=0&cid=cbc6bc2b31bde82c&ts=8721&x=0"

Source: History.9.dr	String found in binary or memory: http://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/
Source: Network Action Predictor.9.dr	String found in binary or memory: https://6829421110-1317754460.cos.ap-tokyo.myqcloud.com/
Source: Reporting and NEL.10.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v4?s=GRJ%2FiSacFZ4lNfFoHq7BuznVRfcCCRv9QVngYd4PWQPzyLKYZ%2Fl6%2F
Source: Reporting and NEL.10.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v4?s=Pyy%2FlnTkeFmlk5DVL9UUr4KyUkWsvv6SnDU9jhvEY2N8QerYW90BQWOUt
Source: Network Action Predictor.9.dr	String found in binary or memory: https://ajax.googleapis.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://bard.google.com/
Source: Reporting and NEL.10.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Network Action Predictor.9.dr	String found in binary or memory: https://cdnjs.cloudflare.com/
Source: offscreendocument_main.js.9.dr, service_worker_bin_prod.js.9.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: Web Data.9.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.9.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 000003.log5.9.dr	String found in binary or memory: https://challenges.cloudflare.com
Source: Network Action Predictor.9.dr, 000003.log1.9.dr	String found in binary or memory: https://challenges.cloudflare.com/
Source: Session_13385749863304732.9.dr	String found in binary or memory: https://challenges.cloudflare.com/3b8809be-90e2-452c-8000-ad63f9dba10f
Source: Session_13385749863304732.9.dr	String found in binary or memory: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/7tk1c/0x4A
Source: Session_13385749863304732.9.dr	String found in binary or memory: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/zg25v/0x4A
Source: manifest.json.9.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.9.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 3cefe837-dd1a-4862-9a5d-45a305448c12.tmp.10.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.9.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 3cefe837-dd1a-4862-9a5d-45a305448c12.tmp.10.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: Network Action Predictor.9.dr	String found in binary or memory: https://code.jquery.com/
Source: Reporting and NEL.10.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: Reporting and NEL.10.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json0.9.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.9.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.9.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.9.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.9.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log9.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log9.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log11.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.9.dr, 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.9.dr, 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.9.dr, 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.9.dr, 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log9.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.9.dr, 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.9.dr, 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.9.dr, 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.9.dr, 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log10.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCate
Source: 000003.log9.9.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://gaana.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://m.kugou.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://m.soundcloud.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://m.vk.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: Network Action Predictor.9.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://music.amazon.com
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://music.apple.com
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://music.yandex.com
Source: 000003.log5.9.dr	String found in binary or memory: https://ntp.msn.com
Source: 000003.log1.9.dr	String found in binary or memory: https://ntp.msn.com/
Source: Session_13385749863304732.9.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://open.spotify.com
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: Network Action Predictor.9.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://tidal.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.9.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.9.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.9.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://vibe.naver.com/today
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://web.telegram.org/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://web.whatsapp.com
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: Favicons.9.dr	String found in binary or memory: https://www.aliexpress.com/
Source: Favicons.9.dr	String found in binary or memory: https://www.amazon.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.deezer.com/
Source: content_new.js.9.dr, content.js.9.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.9.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.instagram.com
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.last.fm/
Source: Favicons.9.dr	String found in binary or memory: https://www.live.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.messenger.com
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: Favicons.9.dr	String found in binary or memory: https://www.netflix.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.office.com
Source: Favicons.9.dr	String found in binary or memory: https://www.office.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: Favicons.9.dr	String found in binary or memory: https://www.reddit.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.tiktok.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://www.youtube.com
Source: Favicons.9.dr	String found in binary or memory: https://www.youtube.com/
Source: 5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	String found in binary or memory: https://y.music.163.com/m/
Source: Session_13385749863304732.9.dr	String found in binary or memory: https://zsharepointonlinems.mysteriousroutes.it.com
Source: Network Action Predictor.9.dr, Session_13385749863304732.9.dr, 000003.log1.9.dr	String found in binary or memory: https://zsharepointonlinems.mysteriousroutes.it.com/
Source: Session_13385749863304732.9.dr	String found in binary or memory: https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/
Source: Shortcuts.9.dr	String found in binary or memory: https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck
Source: History.9.dr	String found in binary or memory: https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/0
Source: Network Action Predictor.9.dr	String found in binary or memory: https://zsharepointonlinems.mysteriousroutes.it.com/kopes/#fuck

Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50029 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443

Source: unknown

HTTPS traffic detected: 13.107.4.254:443 -> 192.168.2.17:49947 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir7048_1306176585

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir7048_1306176585

Jump to behavior

Source: classification engine

Classification label: mal52.phis.win@86/280@38/33

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C9C464-D84.pma

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\06a79c79-13f0-450f-ad01-872366f727e1.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,12757131733041611598,6350675229214870562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5292 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6696 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6052 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6420 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1940,i,12757131733041611598,6350675229214870562,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=5292 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6696 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6052 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6420 --field-trial-handle=2036,i,12057156871441710212,12234677776707747760,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Web Data.9.dr	Binary or memory string: ms.portal.azure.comVMware20,11696586537
Source: Web Data.9.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696586537u
Source: Web Data.9.dr	Binary or memory string: AMC password management pageVMware20,11696586537
Source: Web Data.9.dr	Binary or memory string: turbotax.intuit.comVMware20,11696586537t
Source: Web Data.9.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537
Source: Web Data.9.dr	Binary or memory string: discord.comVMware20,11696586537f
Source: Web Data.9.dr	Binary or memory string: dev.azure.comVMware20,11696586537j
Source: Web Data.9.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696586537
Source: Web Data.9.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537x
Source: Web Data.9.dr	Binary or memory string: tasks.office.comVMware20,11696586537o
Source: Web Data.9.dr	Binary or memory string: bankofamerica.comVMware20,11696586537x
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696586537
Source: Web Data.9.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696586537
Source: Web Data.9.dr	Binary or memory string: interactivebrokers.comVMware20,11696586537
Source: Web Data.9.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696586537h
Source: Web Data.9.dr	Binary or memory string: global block list test formVMware20,11696586537
Source: Web Data.9.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696586537\|UE
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696586537]
Source: Web Data.9.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696586537d
Source: Web Data.9.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537}
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696586537
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696586537p
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696586537z
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696586537n
Source: Web Data.9.dr	Binary or memory string: outlook.office.comVMware20,11696586537s
Source: Web Data.9.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696586537}
Source: Web Data.9.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696586537
Source: Web Data.9.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537^
Source: Web Data.9.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696586537x
Source: Web Data.9.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696586537~
Source: Web Data.9.dr	Binary or memory string: outlook.office365.comVMware20,11696586537t

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/	0%	Avira URL Cloud	safe
https://drive-daily-4.corp.google.com/	0%	Avira URL Cloud	safe
https://drive-daily-2.corp.google.com/	0%	Avira URL Cloud	safe
https://zsharepointonlinems.mysteriousroutes.it.com	0%	Avira URL Cloud	safe
https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/0	0%	Avira URL Cloud	safe
https://drive-daily-1.corp.google.com/	0%	Avira URL Cloud	safe
https://drive-staging.corp.google.com/	0%	Avira URL Cloud	safe
https://drive-daily-5.corp.google.com/	0%	Avira URL Cloud	safe
https://drive-preprod.corp.google.com/	0%	Avira URL Cloud	safe
https://6829421110-1317754460.cos.ap-tokyo.myqcloud.com/	0%	Avira URL Cloud	safe
https://6829421110.sbs/google.php	100%	Avira URL Cloud	malware
https://zsharepointonlinems.mysteriousroutes.it.com/	0%	Avira URL Cloud	safe
https://6829421110-1317754460.cos.ap-tokyo.myqcloud.com/bootstrap.min.js	0%	Avira URL Cloud	safe
https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
jsdelivr.map.fastly.net	151.101.193.229	true	false	high
chrome.cloudflare-dns.com	162.159.61.3	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
a416.dscd.akamai.net	2.22.242.11	true	false	high
a-0003.a-msedge.net	204.79.197.203	true	false	high
c-msn-pme.trafficmanager.net	13.74.129.1	true	false	high
zsharepointonlinems.mysteriousroutes.it.com	172.67.195.199	true	false	unknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
ax-0001.ax-msedge.net	150.171.28.10	true	false	high
challenges.cloudflare.com	104.18.94.41	true	false	high
sb.scorecardresearch.com	18.245.60.107	true	false	high
www.google.com	142.250.181.228	true	false	high
s-part-0048.t-0009.t-msedge.net	13.107.246.76	true	false	high
googlehosted.l.googleusercontent.com	142.250.181.225	true	false	high
e28578.d.akamaiedge.net	95.101.182.64	true	false	high
assets.msn.com	unknown	unknown	false	high
cdn.jsdelivr.net	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-3.2.1.slim.min.js	false		high
https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.b5cf3a02ea9d69064409.js	false		high
https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js	false		high
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91c30381acd3bc73&lang=auto	false		high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741276274037&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741276274033&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false		high
https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com	false		unknown
https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.5d0f28115e15fcff20c5.js	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	false		high
https://c.msn.com/c.gif?rnd=1741276273648&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=b7f07aab37074938a30380b463f54e37&activityId=b7f07aab37074938a30380b463f54e37&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0	false		high
https://bzib.nelreports.net/api/report?cat=bingbusiness	false		high
https://assets.msn.com/statics/icons/favicon_newtabpage.png	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91c3041288d6bc73&lang=auto	false		high
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg	false		high
https://cdn.jsdelivr.net/gh/pranaynamnaik/files@latest/micro-123787483.png	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=91c304b91b6ebc73&lang=auto	false		high
https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1454838735:1741273893:XxnJTITZTQDYFSKepyRnX6vF5gWV2MNlYr5LqD0DDqc/91c3041288d6bc73/MXJuxAAYCTE6DauL7sxqEQDY196uhfX81_iOL2EJlpk-1741276301-1.1.1.1-H3yMVDog6hPSI08xRTBq.qbiqNjwsa_iZvBB20AaaFvlqRJxLG.dbWAulSUqgk9H	false		high
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741276274030&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://6829421110-1317754460.cos.ap-tokyo.myqcloud.com/bootstrap.min.js	false	Avira URL Cloud: safe	unknown
https://6829421110.sbs/google.php	false	Avira URL Cloud: malware	unknown
https://a.nel.cloudflare.com/report/v4?s=NgZOjetePjEBaEf%2FijXCgFBLbotolZRnbtlb2u2XEQAgPyKFs%2B7JOoKuxy7%2FUrOKxrO%2BwzD49bk5vMEG14u06UkvIto2JE%2Fx7NzmqfBqZ4MDwHgQCXO%2BFOUg7eI3GmyNBZc2u19k8XnX4nU9vCMXXeSWffL5QqGOErgkqfAc	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Web Data.9.dr	false		high
https://duckduckgo.com/ac/?q=	Web Data.9.dr	false		high
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://www.last.fm/	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://deff.nelreports.net/api/report?cat=msn	Reporting and NEL.10.dr	false		high
https://docs.google.com/	manifest.json0.9.dr	false		high
https://www.youtube.com	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://www.instagram.com	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://web.skype.com/?browsername=edge_canary_shoreline	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://drive.google.com/	manifest.json0.9.dr	false		high
https://www.netflix.com/	Favicons.9.dr	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://www.messenger.com	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://outlook.office.com/mail/compose?isExtension=true	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://stackpath.bootstrapcdn.com/	Network Action Predictor.9.dr	false		high
https://www.reddit.com/	Favicons.9.dr	false		high
https://challenges.cloudflare.com/3b8809be-90e2-452c-8000-ad63f9dba10f	Session_13385749863304732.9.dr	false		high
https://unitedstates4.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.9.dr	false		high
https://i.y.qq.com/n2/m/index.html	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://www.deezer.com/	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://www.office.com/	Favicons.9.dr	false		high
https://web.telegram.org/	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://cdnjs.cloudflare.com/	Network Action Predictor.9.dr	false		high
https://challenges.cloudflare.com/	Network Action Predictor.9.dr, 000003.log1.9.dr	false		high
https://maxcdn.bootstrapcdn.com/	Network Action Predictor.9.dr	false		high
https://cdnjs.cloudflare.com/ajax/libs/mathjax/	offscreendocument_main.js.9.dr, service_worker_bin_prod.js.9.dr	false		high
https://drive-daily-2.corp.google.com/	manifest.json0.9.dr	false	Avira URL Cloud: safe	unknown
https://www.amazon.com/	Favicons.9.dr	false		high
https://drive-daily-4.corp.google.com/	manifest.json0.9.dr	false	Avira URL Cloud: safe	unknown
https://vibe.naver.com/today	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://challenges.cloudflare.com	000003.log5.9.dr	false		high
https://unitedstates1.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.9.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Web Data.9.dr	false		high
https://drive-daily-1.corp.google.com/	manifest.json0.9.dr	false	Avira URL Cloud: safe	unknown
https://excel.new?from=EdgeM365Shoreline	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://www.youtube.com/	Favicons.9.dr	false		high
https://drive-daily-5.corp.google.com/	manifest.json0.9.dr	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=GRJ%2FiSacFZ4lNfFoHq7BuznVRfcCCRv9QVngYd4PWQPzyLKYZ%2Fl6%2F	Reporting and NEL.10.dr	false		high
https://www.google.com/chrome	content_new.js.9.dr, content.js.9.dr	false		high
https://www.tiktok.com/	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://chromewebstore.google.com/	manifest.json.9.dr	false		high
https://drive-preprod.corp.google.com/	manifest.json0.9.dr	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://chrome.google.com/webstore/	manifest.json.9.dr	false		high
https://y.music.163.com/m/	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://unitedstates2.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.9.dr	false		high
https://bard.google.com/	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://web.whatsapp.com	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://m.kugou.com/	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://www.office.com	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://outlook.live.com/mail/0/	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://powerpoint.new?from=EdgeM365Shoreline	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	Web Data.9.dr	false		high
https://tidal.com/	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://ntp.msn.com	000003.log5.9.dr	false		high
https://zsharepointonlinems.mysteriousroutes.it.com	Session_13385749863304732.9.dr	false	Avira URL Cloud: safe	unknown
https://gaana.com/	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://drive-staging.corp.google.com/	manifest.json0.9.dr	false	Avira URL Cloud: safe	unknown
https://outlook.live.com/mail/compose?isExtension=true	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	Web Data.9.dr	false		high
https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/0	History.9.dr	false	Avira URL Cloud: safe	unknown
https://6829421110-1317754460.cos.ap-tokyo.myqcloud.com/	Network Action Predictor.9.dr	false	Avira URL Cloud: safe	unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://ntp.msn.com/	000003.log1.9.dr	false		high
https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers	Reporting and NEL.10.dr	false		high
https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck	Shortcuts.9.dr	false	Avira URL Cloud: safe	unknown
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start	Session_13385749863304732.9.dr	false		high
https://latest.web.skype.com/?browsername=edge_canary_shoreline	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://zsharepointonlinems.mysteriousroutes.it.com/	Network Action Predictor.9.dr, Session_13385749863304732.9.dr, 000003.log1.9.dr	false	Avira URL Cloud: safe	unknown
https://word.new?from=EdgeM365Shoreline	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high
https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp.9.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.200.88.31	unknown	United States	16625	AKAMAI-ASUS	false
172.67.195.199	zsharepointonlinems.mysteriousroutes.it.com	United States	13335	CLOUDFLARENETUS	false
151.101.193.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
2.22.242.11	a416.dscd.akamai.net	European Union	20940	AKAMAI-ASN1EU	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
162.159.61.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
69.49.246.64	unknown	United States	46606	UNIFIEDLAYER-AS-1US	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
95.101.182.64	e28578.d.akamaiedge.net	European Union	20940	AKAMAI-ASN1EU	false
18.245.60.107	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
104.21.60.104	unknown	United States	13335	CLOUDFLARENETUS	false
23.200.88.27	unknown	United States	16625	AKAMAI-ASUS	false
43.128.240.50	unknown	Japan	4249	LILLY-ASUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
23.57.90.73	unknown	United States	35994	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.10.207	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
20.189.173.12	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
150.171.28.10	ax-0001.ax-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.74.129.1	c-msn-pme.trafficmanager.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
151.101.1.229	unknown	United States	54113	FASTLYUS	false
151.101.65.229	unknown	United States	54113	FASTLYUS	false
23.57.90.160	unknown	United States	35994	AKAMAI-ASUS	false
104.18.11.207	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.181.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false
104.117.182.35	unknown	United States	20940	AKAMAI-ASN1EU	false
204.79.197.203	a-0003.a-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.5
192.168.2.17

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1631118
Start date and time:	2025-03-06 16:49:44 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@86/280@38/33

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.35, 142.250.186.110, 142.250.185.142, 66.102.1.84, 172.217.23.110, 142.250.185.174, 142.250.184.238, 142.250.186.46, 216.58.212.142, 216.58.206.78, 13.107.42.16, 204.79.197.239, 13.107.21.239, 13.107.6.158, 20.93.72.182, 199.232.214.172, 2.23.227.208, 2.23.227.215, 142.250.186.174, 88.221.110.195, 88.221.110.179, 2.19.11.109, 2.19.11.113, 2.22.242.121, 2.22.242.82, 142.250.74.195, 142.250.186.78, 142.250.185.195, 142.250.181.238, 142.250.185.110, 142.251.214.131, 142.250.189.195, 4.175.87.197, 204.79.197.200, 51.132.193.105, 204.79.197.222, 94.245.104.56, 20.190.160.132, 13.107.246.76, 4.144.165.14, 13.107.246.40, 23.51.57.215, 13.107.22.239, 23.56.210.93, 52.139.252.32, 23.57.90.70, 142.251.32.106, 20.75.60.91
Excluded domains from analysis (whitelisted): fp.msedge.net, cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, update.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, www.bing.com, bingadsedgeextension-prod.trafficmanager.net, ajax.googleapis.com, prod-atm-wds-edge.trafficmanager.net, aadcdn.msauth.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c-ring.msedge.net, edgedl.me.gvt1.com, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, browser.pipe.aria.microsoft.com, config.edge.skype.com.trafficmanager.net, arc.msn.com, go.microsoft.com, redirector.gvt1.com, www.bing.com.edgekey.net, th
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	67029
Entropy (8bit):	6.103160291614157
Encrypted:	false
SSDEEP:	1536:mMk16zRRSVnmJi5wWiITaU90TpzZrEP+pasyTCrxfoZYRvI:mMYOGMgaWwpImrV8MA
MD5:	96B7DF24A69A2776AD3D3529F7CFE70A
SHA1:	9F6A0F20B4C5E3F9AD6A39CB6F67369840450BC6
SHA-256:	9CFEB16390A8A04CE00DABEBFF470969B7EC052A7E1982346D38FE153A0561AD
SHA-512:	1013AE2F0B3DF40CF5576FED4AF516A22BAA50BBA88E1F43AD1DA190FF90FF14C45A38D2722B622A420C56E94E0A97E28A4D6A24D463F5BEC87BA8C1E8E2E804
Malicious:	false
Reputation:	low
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"7f19b722-e98a-485b-b609-47fb0971052a"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

Source: https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com	HTTP Parser: No favicon
Source: https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.4.254
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.4.254
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.4.254
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.4.254
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.12
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.88.27
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.182.35

Source: global traffic	DNS traffic detected: DNS query: zsharepointonlinems.mysteriousroutes.it.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0733df7e-9878-4995-9017-ef28e819b425.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\119dd1c0-7a04-490b-bebc-9f9481a592eb.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6e15a76f-2ef3-4a90-8ae4-277772ab8f7c.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8315619c-ed65-47c5-966e-b214e5ac1229.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\68c9ca58-a158-4cab-8270-ee87d22f365d.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67C9C464-D84.pma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1f4ef26c-240e-40b0-8ec0-03a47ded4f2b.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\27998642-78cd-456d-ab20-e82bcc63b7de.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3a6e9fc4-2d14-42b1-8463-f51271622322.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5a780dd6-0ae5-40e1-a48e-a563af3c4c4c.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6db438ed-c8d1-483c-9cab-947c05898fb1.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\89f742b0-64ff-4a1b-9494-89635c674891.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\941efe58-e579-41a5-8850-c95aebba6090.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9ad8cdfc-de6f-47f2-840c-0f4801ea015a.tmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Windows Analysis Report
https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.com