Edit tour

Windows Analysis Report
https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.html

Overview

General Information

Sample URL:	https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.html
Analysis ID:	1631331
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Yara detected HtmlPhish44

AI detected suspicious Javascript

HTML page contains suspicious base64 encoded javascript

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Potential browser exploit detected (process start blacklist hit)

Sigma detected: Use Short Name Path in Command Line

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6244 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2064,i,3868021277802058061,4394939141066936881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1564 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 2148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.html" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\download.htm MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\download.htm MD5: E81F54E6C1129887AEA47E7D092680BF)

iexplore.exe (PID: 6828 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Downloads\download.htm MD5: CFE2E6942AC1B72981B3105E22D3224E)

iexplore.exe (PID: 1704 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6828 CREDAT:9474 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)

ie_to_edge_stub.exe (PID: 6848 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=503be MD5: 89CF8972D683795DAB6901BC9456675D)

ssvagent.exe (PID: 4952 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)

ie_to_edge_stub.exe (PID: 2612 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=503be MD5: 89CF8972D683795DAB6901BC9456675D)

msedge.exe (PID: 1288 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=503be MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1048 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7944 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4192 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8020 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7420 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cookie_exporter.exe (PID: 8228 cmdline: cookie_exporter.exe --cookie-json=1116 MD5: 3DD7152D6D33725EA5958D7DE2586B97)

msedge.exe (PID: 8044 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7480 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

ssvagent.exe (PID: 2452 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\Downloads\download (1).htm.crdownload	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security
C:\Users\user\Downloads\download.htm.crdownload	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

Sigma Signatures

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine|base64offset|contains: w, Image: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, NewProcessName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, OriginalFileName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, ParentCommandLine: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6828 CREDAT:9474 /prefetch:2, ParentImage: C:\Program Files (x86)\Internet Explorer\iexplore.exe, ParentProcessId: 1704, ParentProcessName: iexplore.exe, ProcessCommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, ProcessId: 4952, ProcessName: ssvagent.exe

Sigma detected: Modification of IE Registry Settings

Source: Registry Key set

Author: frack113: Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Program Files\Internet Explorer\iexplore.exe, ProcessId: 6828, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish44

Source: Yara match	File source: C:\Users\user\Downloads\download (1).htm.crdownload, type: DROPPED
Source: Yara match	File source: C:\Users\user\Downloads\download.htm.crdownload, type: DROPPED

AI detected suspicious Javascript

Source: 0.13.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Downloads/download.htm... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob` and `decodeURIComponent` to decode and execute remote code is a clear indicator of malicious intent. Additionally, the script appears to be sending user data to an untrusted domain, which poses a significant risk of data theft or other malicious activities. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
Source: 0.14.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Downloads/download%20(1).h... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` to decode base64-encoded strings, followed by `eval()` to execute the decoded content, poses a significant security risk. Additionally, the script appears to be sending user data to an untrusted domain, which is a clear indicator of malicious intent. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.

HTML page contains suspicious base64 encoded javascript

Source: file:///C:/Users/user/Downloads/download.htm

HTTP Parser: Base64 decoded: <script>

Source: https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.html	HTTP Parser: No favicon
Source: https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.html	HTTP Parser: No favicon
Source: https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/download.htm	HTTP Parser: No favicon

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Source: global traffic	TCP traffic: 192.168.2.17:61029 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.17:61012 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.35
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.75
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.67
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.210
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.210
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.210
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.210
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.210
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.210
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.210
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.210
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.210
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.13.80

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A1%7D%5D%2C%22ts%22%3A1741298978%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://player.flipsnack.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://player.flipsnack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A6%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%7D%5D%2C%22ts%22%3A1741298978%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://player.flipsnack.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://player.flipsnack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A1%7D%5D%2C%22ts%22%3A1741298978%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A6%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%7D%5D%2C%22ts%22%3A1741298978%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A2%2C%22d%22%3A0%2C%22s%22%3A0%7D%2C%7B%22eid%22%3A9%2C%22pageIndex%22%3A0%7D%2C%7B%22eid%22%3A3%2C%22t%22%3A5005%7D%2C%7B%22eid%22%3A10%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%2C%22t%22%3A5005%7D%5D%2C%22ts%22%3A1741298983%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://player.flipsnack.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://player.flipsnack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A2%2C%22d%22%3A0%2C%22s%22%3A0%7D%2C%7B%22eid%22%3A9%2C%22pageIndex%22%3A0%7D%2C%7B%22eid%22%3A3%2C%22t%22%3A5005%7D%2C%7B%22eid%22%3A10%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%2C%22t%22%3A5005%7D%5D%2C%22ts%22%3A1741298983%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A3%2C%22t%22%3A4999%7D%2C%7B%22eid%22%3A10%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%2C%22t%22%3A4999%7D%5D%2C%22ts%22%3A1741298988%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://player.flipsnack.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://player.flipsnack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A7%2C%22elid%22%3A1%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%7D%5D%2C%22ts%22%3A1741298990%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://player.flipsnack.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://player.flipsnack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A3%2C%22t%22%3A4999%7D%2C%7B%22eid%22%3A10%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%2C%22t%22%3A4999%7D%5D%2C%22ts%22%3A1741298988%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A3%2C%22t%22%3A5001%7D%2C%7B%22eid%22%3A10%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%2C%22t%22%3A5001%7D%5D%2C%22ts%22%3A1741298993%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://player.flipsnack.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://player.flipsnack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A7%2C%22elid%22%3A1%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%7D%5D%2C%22ts%22%3A1741298993%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Origin: https://player.flipsnack.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://player.flipsnack.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A7%2C%22elid%22%3A1%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%7D%5D%2C%22ts%22%3A1741298990%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A3%2C%22t%22%3A5001%7D%2C%7B%22eid%22%3A10%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%2C%22t%22%3A5001%7D%5D%2C%22ts%22%3A1741298993%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /756737886395/flip-sts?Action=SendMessage&MessageBody=%7B%22ih%22%3A%229f05e4292870404db949cfa962261d57%22%2C%22ch%22%3A%22u3wt6g4f0g%22%2C%22cih%22%3A%22d40d5e19078c5c1af50cf8i147162492%22%2C%22e%22%3A%5B%7B%22eid%22%3A7%2C%22elid%22%3A1%2C%22pid%22%3A%22l6BWTtRg93oNxKHI%22%7D%5D%2C%22ts%22%3A1741298993%7D HTTP/1.1Host: sqs.us-east-1.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Ad_brx23lef_cW590ESOTTAroOhZ9si0XFJIUC52j2ILHW1VLB5ou6c0RgLWwGr1aRJJZ0WPNyiPBYgIpWfykvhKW-6BLzMRsp9ykw5f6ReBQmPpO6WB9pcSJPfykLTHDjYAxlKa5bf72z8tHS5eXuTavTP1h4WZBjSs/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: Favicons.20.dr	String found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.facebook.com/&origin=PinningWizard equals www.facebook.com (Facebook)
Source: Favicons.20.dr	String found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.youtube.com/&origin=PinningWizard equals www.youtube.com (Youtube)
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: "url": "http://www.facebook.com/" equals www.facebook.com (Facebook)
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: "url": "http://www.twitter.com/" equals www.twitter.com (Twitter)
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: "url": "http://www.youtube.com/" equals www.youtube.com (Youtube)
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: SiteList.xml.20.dr	String found in binary or memory: <site url="www.yahoo.co.jp"> equals www.yahoo.com (Yahoo)
Source: Favicons.20.dr	String found in binary or memory: ?https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: Favicons.20.dr	String found in binary or memory: https://edge.microsoft.com/favicon/v1?client=chrome_desktop&nfrp=2&check_seen=true&size=32&min_size=16&max_size=256&fallback_opts=TYPE,SIZE,URL&url=https://www.youtube.com/&origin=PinningWizard equals www.youtube.com (Youtube)
Source: Favicons.20.dr	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chromecache_266.1.dr, chromecache_250.1.dr	String found in binary or memory: return f}qG.K="internal.enableAutoEventOnTimer";var cc=wa(["data-gtm-yt-inspected-"]),sG=["www.youtube.com","www.youtube-nocookie.com"],tG,uG=!1; equals www.youtube.com (Youtube)
Source: chromecache_266.1.dr, chromecache_250.1.dr	String found in binary or memory: var FF=function(a,b,c,d,e){var f=CC("fsl",c?"nv.mwt":"mwt",0),g;g=c?CC("fsl","nv.ids",[]):CC("fsl","ids",[]);if(!g.length)return!0;var k=HC(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);R(121);if(m==="https://www.facebook.com/tr/")return R(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!pB(k,rB(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.flipsnack.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.flipsnack.com
Source: global traffic	DNS traffic detected: DNS query: player.flipsnack.com
Source: global traffic	DNS traffic detected: DNS query: api.flipsnack.com
Source: global traffic	DNS traffic detected: DNS query: d1fpu6k62r548q.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: content-private.flipsnack.com
Source: global traffic	DNS traffic detected: DNS query: d3u72tnj701eui.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: sqs.us-east-1.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: ownd.lomiva3pt.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net

Source: unknown

DoH DNS queries detected: name: bzib.nelreports.net

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: 0458E697B47A444498D41DD0C00B4C40 Ref B: BL2AA2030101049 Ref C: 2025-03-06T22:11:04ZDate: Thu, 06 Mar 2025 22:11:04 GMTConnection: closeContent-Length: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: 1B8970F795A24780A9E4D7AAC4B3E67C Ref B: BL2AA2010204021 Ref C: 2025-03-06T22:11:08ZDate: Thu, 06 Mar 2025 22:11:08 GMTConnection: closeContent-Length: 0

Source: chromecache_281.1.dr, chromecache_274.1.dr, chromecache_279.1.dr, chromecache_247.1.dr, chromecache_238.1.dr, chromecache_236.1.dr, chromecache_243.1.dr, chromecache_269.1.dr, chromecache_264.1.dr, chromecache_256.1.dr, chromecache_237.1.dr, chromecache_263.1.dr, chromecache_277.1.dr, chromecache_283.1.dr	String found in binary or memory: http://queue.amazonaws.com/doc/2012-11-05/
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: http://www.amazon.com/
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: http://www.google.com/
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: http://www.live.com/
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: http://www.nytimes.com/
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: http://www.reddit.com/
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: http://www.twitter.com/
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: http://www.wikipedia.com/
Source: bd1d6d40-29cf-43da-a1e9-e139bc97681b.tmp.20.dr	String found in binary or memory: http://www.youtube.com/
Source: chromecache_250.1.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://bard.google.com/
Source: chromecache_240.1.dr, chromecache_266.1.dr, chromecache_260.1.dr, chromecache_250.1.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: service_worker_bin_prod.js.20.dr, offscreendocument_main.js.20.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: Web Data.20.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.20.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.20.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json.20.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chromecache_266.1.dr, chromecache_250.1.dr	String found in binary or memory: https://ct.capterra.com/capterra_tracker.gif
Source: manifest.json0.20.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json0.20.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.20.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.20.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.20.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log2.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log2.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log0.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr, HubApps Icons.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log2.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr, HubApps Icons.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log2.20.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://gaana.com/
Source: chromecache_250.1.dr	String found in binary or memory: https://google.com
Source: chromecache_250.1.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://m.kugou.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://m.soundcloud.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://m.vk.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://music.amazon.com
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://music.apple.com
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://music.yandex.com
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://open.spotify.com
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: chromecache_250.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_240.1.dr, chromecache_266.1.dr, chromecache_260.1.dr, chromecache_250.1.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: chromecache_250.1.dr	String found in binary or memory: https://px.ads.linkedin.com/collect?
Source: chromecache_266.1.dr, chromecache_250.1.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: chromecache_240.1.dr, chromecache_266.1.dr, chromecache_260.1.dr, chromecache_250.1.dr	String found in binary or memory: https://td.doubleclick.net
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://tidal.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://twitter.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://vibe.naver.com/today
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://web.telegram.org/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://web.whatsapp.com
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: Favicons.20.dr	String found in binary or memory: https://www.aliexpress.com/
Source: Favicons.20.dr	String found in binary or memory: https://www.amazon.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.deezer.com/
Source: chromecache_250.1.dr	String found in binary or memory: https://www.google.com
Source: content_new.js.20.dr, content.js.20.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.20.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_250.1.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_250.1.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_240.1.dr, chromecache_266.1.dr, chromecache_260.1.dr, chromecache_250.1.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_240.1.dr, chromecache_266.1.dr, chromecache_260.1.dr, chromecache_250.1.dr	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.instagram.com
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.last.fm/
Source: Favicons.20.dr	String found in binary or memory: https://www.live.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.messenger.com
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: Favicons.20.dr	String found in binary or memory: https://www.netflix.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.office.com
Source: Favicons.20.dr	String found in binary or memory: https://www.office.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: Favicons.20.dr	String found in binary or memory: https://www.reddit.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.tiktok.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://www.youtube.com
Source: Favicons.20.dr	String found in binary or memory: https://www.youtube.com/
Source: 8e4c9558-56d8-40ff-a0be-c3a260df2ce3.tmp.20.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61106
Source: unknown	Network traffic detected: HTTP traffic on port 61101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61102
Source: unknown	Network traffic detected: HTTP traffic on port 61015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61104
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61077
Source: unknown	Network traffic detected: HTTP traffic on port 61106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61094
Source: unknown	Network traffic detected: HTTP traffic on port 61136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61087
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61089
Source: unknown	Network traffic detected: HTTP traffic on port 61017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61019
Source: unknown	Network traffic detected: HTTP traffic on port 61100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61098
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61132
Source: unknown	Network traffic detected: HTTP traffic on port 61037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61016
Source: unknown	Network traffic detected: HTTP traffic on port 61054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61030
Source: unknown	Network traffic detected: HTTP traffic on port 61134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61028
Source: unknown	Network traffic detected: HTTP traffic on port 61019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61040
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61041
Source: unknown	Network traffic detected: HTTP traffic on port 61028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61039
Source: unknown	Network traffic detected: HTTP traffic on port 61102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61032
Source: unknown	Network traffic detected: HTTP traffic on port 61039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61154
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61037
Source: unknown	Network traffic detected: HTTP traffic on port 61014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61038
Source: unknown	Network traffic detected: HTTP traffic on port 61056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61052
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61042
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61046
Source: unknown	Network traffic detected: HTTP traffic on port 61053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 61030 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61061
Source: unknown	Network traffic detected: HTTP traffic on port 61086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61056
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 61033 -> 443

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6244_1199667142

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6244_1199667142

Jump to behavior

Source: classification engine

Classification label: mal56.phis.win@101/326@45/24

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\7048983f-f789-47e3-bc9f-76470bff3e0e.tmp

Jump to behavior

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFF26E2AE447EB92AC.TMP

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System information queried: HandleInformation

Jump to behavior

Source: C:\Program Files\Internet Explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2064,i,3868021277802058061,4394939141066936881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1564 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.html"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\download.htm
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Downloads\download.htm
Source: unknown	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Downloads\download.htm
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6828 CREDAT:9474 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=503be
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=503be
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=503be
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4192 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7420 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7480 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1116
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2064,i,3868021277802058061,4394939141066936881,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1564 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6828 CREDAT:9474 /prefetch:2	Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=503be	Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=503be	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=503be	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=4192 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7420 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7480 --field-trial-handle=2036,i,14288656337038041693,1823975807247018659,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1116	Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge_elf.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winnsi.dll	Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\Office\16.0\Lync

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: Web Data.20.dr	Binary or memory string: ms.portal.azure.comVMware20,11696586537
Source: Web Data.20.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696586537u
Source: Web Data.20.dr	Binary or memory string: AMC password management pageVMware20,11696586537
Source: Web Data.20.dr	Binary or memory string: turbotax.intuit.comVMware20,11696586537t
Source: Web Data.20.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537
Source: Web Data.20.dr	Binary or memory string: discord.comVMware20,11696586537f
Source: Web Data.20.dr	Binary or memory string: dev.azure.comVMware20,11696586537j
Source: Web Data.20.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696586537
Source: Web Data.20.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537x
Source: Web Data.20.dr	Binary or memory string: tasks.office.comVMware20,11696586537o
Source: Web Data.20.dr	Binary or memory string: bankofamerica.comVMware20,11696586537x
Source: Web Data.20.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696586537
Source: Web Data.20.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696586537
Source: Web Data.20.dr	Binary or memory string: interactivebrokers.comVMware20,11696586537
Source: Web Data.20.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696586537h
Source: Web Data.20.dr	Binary or memory string: global block list test formVMware20,11696586537
Source: cookie_exporter.exe, 0000001B.00000002.4611454797.0000026156845000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.20.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696586537\|UE
Source: Web Data.20.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696586537]
Source: Web Data.20.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696586537d
Source: Web Data.20.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537}
Source: Web Data.20.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696586537
Source: Web Data.20.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696586537p
Source: Web Data.20.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696586537z
Source: Web Data.20.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696586537n
Source: Web Data.20.dr	Binary or memory string: outlook.office.comVMware20,11696586537s
Source: Web Data.20.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696586537}
Source: Web Data.20.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696586537
Source: Web Data.20.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537^
Source: Web Data.20.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696586537x
Source: Web Data.20.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696586537~
Source: Web Data.20.dr	Binary or memory string: outlook.office365.comVMware20,11696586537t

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=503be

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Exploitation for Client Execution	1 Browser Extensions	11 Process Injection	11 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	11 Process Injection	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	4 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	3 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.html