Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
f492136216_mpengine_dll

Overview

General Information

Sample name:f492136216_mpengine_dll
Analysis ID:1633297
MD5:43ce103f140c264057fd10b20a2696a1
SHA1:417cd9d11a2178cf049ed1aa5008efd4e1c4c296
SHA256:a306792b6c08194ae9df7e7e7a75b65f728abe8ef212ec711f5b1108c4ce1ef5
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Found strings related to Crypto-Mining
Maps a DLL or memory area into another process
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections
Stores large binary data to the registry
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w11x64_office
  • loaddll64.exe (PID: 7076 cmdline: loaddll64.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 3728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
    • cmd.exe (PID: 376 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",#1 MD5: 428CEC6B0034E0F183EB5BAE887BE480)
      • rundll32.exe (PID: 3548 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",#1 MD5: C87FA6FC1D294962EABE44509FE1921C)
        • WerFault.exe (PID: 4972 cmdline: C:\Windows\system32\WerFault.exe -u -p 3548 -s 452 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
    • rundll32.exe (PID: 6028 cmdline: rundll32.exe C:\Users\user\Desktop\f492136216_mpengine_dll.dll,FreeSigFiles MD5: C87FA6FC1D294962EABE44509FE1921C)
      • WerFault.exe (PID: 2720 cmdline: C:\Windows\system32\WerFault.exe -u -p 6028 -s 436 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
    • rundll32.exe (PID: 3296 cmdline: rundll32.exe C:\Users\user\Desktop\f492136216_mpengine_dll.dll,GetSigFiles MD5: C87FA6FC1D294962EABE44509FE1921C)
      • WerFault.exe (PID: 6340 cmdline: C:\Windows\system32\WerFault.exe -u -p 3296 -s 440 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
    • rundll32.exe (PID: 6992 cmdline: rundll32.exe C:\Users\user\Desktop\f492136216_mpengine_dll.dll,MpBootStrap MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 6376 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",FreeSigFiles MD5: C87FA6FC1D294962EABE44509FE1921C)
      • WerFault.exe (PID: 6128 cmdline: C:\Windows\system32\WerFault.exe -u -p 6376 -s 436 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
    • rundll32.exe (PID: 4112 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",GetSigFiles MD5: C87FA6FC1D294962EABE44509FE1921C)
      • WerFault.exe (PID: 816 cmdline: C:\Windows\system32\WerFault.exe -u -p 4112 -s 436 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
    • rundll32.exe (PID: 1972 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpBootStrap MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 5924 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",rsignal MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 3452 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",__rsignal MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 1144 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerWrite MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 6216 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerSetSize MD5: C87FA6FC1D294962EABE44509FE1921C)
      • WerFault.exe (PID: 1176 cmdline: C:\Windows\system32\WerFault.exe -u -p 6216 -s 444 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
    • rundll32.exe (PID: 7044 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerRead MD5: C87FA6FC1D294962EABE44509FE1921C)
      • WerFault.exe (PID: 6264 cmdline: C:\Windows\system32\WerFault.exe -u -p 7044 -s 444 MD5: 5A849C27C4796C1A7C22C572D8EAF95D)
    • rundll32.exe (PID: 3360 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerOpenObject MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 1828 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerOpen MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 6960 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerGetNext MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 1252 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerFreeObjectInfo MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 6548 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerDelete MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 2220 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerCommit MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 4052 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerCloseObject MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 2244 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerClose MD5: C87FA6FC1D294962EABE44509FE1921C)
    • rundll32.exe (PID: 1136 cmdline: rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerAnalyze MD5: C87FA6FC1D294962EABE44509FE1921C)
  • EXCEL.EXE (PID: 6056 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\LSBIHQFDVT.xlsx" MD5: F9F7B6C42211B06E7AC3E4B60AA8FB77)
  • POWERPNT.EXE (PID: 5708 cmdline: "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE" MD5: 60E58060E6B6C8E4918851AC6A9DD340)
    • ai.exe (PID: 3672 cmdline: "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exe" "E98E54CA-9ED0-4A3C-82B1-435F18C73083" "E93A25E5-42BA-4E85-BCDE-30443779E8E4" "5708" "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx" MD5: 0ED71A2D20424DC7942E810F359DA066)
  • WebViewHost.exe (PID: 7048 cmdline: "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exe" MD5: 737C3D5A23C7B81B3969762D79E817BD)
    • msedgewebview2.exe (PID: 1444 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --mojo-named-platform-channel-pipe=7048.1824.9230578198698244367 MD5: 7333249A2DA2F769900496F812DFBD57)
      • msedgewebview2.exe (PID: 7088 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=100.0.4896.75 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=100.0.1185.36 --initial-client-data=0x138,0x13c,0x140,0x114,0x148,0x7ff9a2d6d840,0x7ff9a2d6d850,0x7ff9a2d6d860 MD5: 7333249A2DA2F769900496F812DFBD57)
      • msedgewebview2.exe (PID: 5876 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:2 MD5: 7333249A2DA2F769900496F812DFBD57)
      • msedgewebview2.exe (PID: 6068 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:3 MD5: 7333249A2DA2F769900496F812DFBD57)
      • msedgewebview2.exe (PID: 848 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2396 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:8 MD5: 7333249A2DA2F769900496F812DFBD57)
      • msedgewebview2.exe (PID: 6336 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=3993088734 --mojo-platform-channel-handle=3196 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:1 MD5: 7333249A2DA2F769900496F812DFBD57)
      • msedgewebview2.exe (PID: 9128 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22621.3672 --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:2 MD5: 7333249A2DA2F769900496F812DFBD57)
  • msedge.exe (PID: 6992 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" MD5: 438D99FEE85BB97BDE75E5F1C9EDCACA)
    • msedge.exe (PID: 7344 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:3 MD5: 438D99FEE85BB97BDE75E5F1C9EDCACA)
    • identity_helper.exe (PID: 7692 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8 MD5: 799B8192198E431938AD498DA9EFE217)
    • identity_helper.exe (PID: 7784 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8 MD5: 799B8192198E431938AD498DA9EFE217)
    • msedge.exe (PID: 9000 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5332 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8 MD5: 438D99FEE85BB97BDE75E5F1C9EDCACA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 20.189.173.24, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6056, Protocol: tcp, SourceIp: 192.168.2.24, SourceIsIpv6: false, SourcePort: 53984
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.24, DestinationIsIpv6: false, DestinationPort: 53984, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 6056, Protocol: tcp, SourceIp: 20.189.173.24, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: msedgewebview2.exe, 00000043.00000002.4204364356.0000194400284000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_14b985f9-9

Bitcoin Miner

barindex
Found strings related to Crypto-Mining
Source: msedgewebview2.exe, 00000043.00000002.4279167843.0000194400A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: jsecoin.com/
Source: msedgewebview2.exe, 00000043.00000002.4283001270.0000194400A80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "coinhive.com
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:54024 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:54023 version: TLS 1.2
Source: f492136216_mpengine_dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: Binary string: BTR.pdbGCTL source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLDriver.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLD.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: '.PDBD source: msedgewebview2.exe, 00000043.00000002.4308313748.0000194400BD4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: offreg.pdbH source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLDriver.pdbGCTL source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: MsMpEngCP.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: BTR.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: MsMpEngSvc.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: mpengine.pdb source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: MsMpEngSvc.pdbGCTL source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLD.pdbGCTL source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: MsMpEngCP.pdbGCTL source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: offreg.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: ".ASAX",".ASC",".ASCX",".ASF",".ASHX",".ASM",".ASMX",".ASP",".ASPX",".ASX",".AU",".AVCI",".AVCS",".AVI",".AW",".BAS",".BAT",".BAY",".BCP",".BIN",".BKF",".BLG",".BMP",".BSC",".C",".CAMP",".CAP",".CAT",".CC",".CCPROJ",".CD",".CDA",".CDMP",".CDX",".CDXML",".CER",".CGM",".CHK",".CHM",".CLS",".CMD",".COD",".COFFEE",".COM",".COMPOSITEFONT",".CONFIG",".CONTACT",".COVERAGE",".CPL",".CPP",".CR2",".CRL",".CRT",".CRTX",".CRW",".CS",".CSA",".CSH",".CSHADER",".CSHTML",".CSPROJ",".CSS",".CSV",".CUR",".CXX",".DAT",".DATASOURCE",".DB",".DBG",".DBS",".DCR",".DCS",".DCT",".DCTX",".DCTXC",".DDS",".DEF",".DEPLOYPROJ",".DEPS",".DER",".DESKLINE",".DESKTHEMEPACK",".DET",".DEVICEMANIFEST-MS",".DEVICEMETADATA-MS",".DGML",".DIAGCAB",".DIAGCFG",".DIAGPKG",".DIAGSESSION",".DIB",".DIC",".DIFF",".DISCO",".DIVX",".DIZ",".DLL",".DL_",".DMP",".DNG",".DOC",".DOCHTML",".DOCM",".DOCMHTML",".DOCX",".DOCXML",".DOS",".DOT",".DOTHTML",".DOTM",".DOTX",".DQY",".DRF",".DRV",".DSGL",".DSH",".DSHADER",".DSN",".DSP",".DSW",".DTCP-IP",".DTD",".DVR-MS",".DWFX",".EASMX",".EC3",".EDMX",".EDRWX",".EIP",".ELM",".EMF",".EML",".EPRTX",".EPS",".EPUB",".ERF",".ETL",".ETP",".EVT",".EVTX",".EXC",".EXP",".EXT",".EX_",".EYB",".FAQ",".FBX",".FDM",".FFF",".FH",".FIF",".FILTERS",".FKY",".FLAC",".FND",".FNT",".FON",".FX",".GCSX",".GENERICTEST",".GHI",".GIF",".GLB",".GLOX",".GLTF",".GMMP",".GQSX",".GRA",".GROUP",".GRP",".GSH",".GSHADER",".GZ",".H",".HD3D",".HDMP",".HDP",".HEIC",".HEICS",".HEIF",".HEIFS",".HH",".HHC",".HLP",".HLSL",".HLSLI",".HOL",".HPP",".HPX",".HSH",".HSHADER",".HTA",".HTC",".HTM",".HTML",".HTT",".HTW",".HTX",".HXA",".HXC",".HXD",".HXE",".HXF",".HXH",".HXI",".HXK",".HXQ",".HXR",".HXS",".HXT",".HXV",".HXW",".HXX",".I",".IBQ",".ICC",".ICL",".ICM",".ICO",".ICS",".IDB",".IDL",".IDQ",".IIQ",".ILK",".IMC",".IMESX",".INC",".INF",".INI",".INL",".INV",".INX",".IN_",".IPP",".IQY",".ITRACE",".IVF",".JAR",".JAVA",".JBF",".JFIF",".JFR",".JOB",".JOD",".JPE",".JPEG",".JPG",".JPS",".JS",".JSE",".JSON",".JSONID",".JSPROJ",".JSX",".JTX",".JXR",".K25",".KCI",".KDC",".KDMP",".LABEL",".LACCDB",".LATEX",".LDB",".LESS",".LEX",".LGN",".LIB",".LIC",".LNK",".LOCAL",".LOG",".LPCM",".LST",".LZH",".M14",".M1V",".M2T",".M2TS",".M2V",".M3U",".M4A",".M4B",".M4P",".M4R",".M4V",".MAD",".MAF",".MAG",".MAK",".MAM",".MAN",".MANIFEST",".MAP",".MAPIMAIL",".MAQ",".MAR",".MARKDOWN",".MAS",".MASTER",".MAT",".MAU",".MAV",".MAW",".MD",".MDA",".MDB",".MDBHTML",".MDC",".MDE",".MDMP",".MDN",".MDP",".MDT",".MDTXT",".MDW",".MEF",".MFCRIBBON-MS",".MHT",".MHTML",".MID",".MIDI",".MK",".MK3D",".MKA",".MKV",".MLC",".MLPD",".MMF",".MOD",".MOS",".MOV",".MOVIE",".MP2",".MP2V",".MP3",".MP4",".MP4V",".MPA",".MPE",".MPEG",".MPG",".MPO",".MPV2",".MRW",".MS-LOCKSCREENCOMPONENT-PRIMARY",".MS-WINDOWS-STORE-LICENSE",".MSC",".MSEPUB",".MSG",".MSI",".MSIX",".MSIXBUNDLE",".MSP",".MSRCINCIDENT",".MSU",".MTS",".MTX",".MV",".MYDOCS",".NATVIS",".NCB",".NEF",".NFO",".NK2",".NLS",".NRW",".NST",".NUSPEC",".NVR",".OBJ",".OCSMEET",".OCX",".OC_",".ODC",".ODCCUBEFILE","
Source: Binary string: mpengine.pdbOGPS source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: .PDBP source: msedgewebview2.exe, 00000049.00000003.3484708302.00007BA400BC0000.00000004.00000800.00020000.00000000.sdmp
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f49_947b7a77823a5c3ea6875ffeb475dc2d683e0ad_f57ee189_dcb11083-6f80-4133-b34b-9c7ee9435c63\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f49_c0df74bb54e4f08084322f66c6b21d309f547efd_f57ee189_77df8745-0db2-41cc-a051-be826814a071\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueueJump to behavior
Source: global trafficTCP traffic: 192.168.2.24:63504 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:52278 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:58289 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:56663 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.24:61057 -> 1.1.1.1:53
Source: Joe Sandbox ViewIP Address: 13.107.6.156 13.107.6.156
Source: Joe Sandbox ViewIP Address: 23.199.48.23 23.199.48.23
Source: Joe Sandbox ViewIP Address: 18.238.49.74 18.238.49.74
Source: Joe Sandbox ViewIP Address: 20.125.209.212 20.125.209.212
Source: Joe Sandbox ViewJA3 fingerprint: 258a5a1e95b8a911872bae9081526644
Source: global trafficHTTP traffic detected: GET /pwa?version=18.2411.1163.0&capabilities=interopPromise HTTP/1.1Host: www.microsoft365.comConnection: keep-aliveaccept-language: en-CHUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Service-Worker-Navigation-Preload: trueSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pglt-edgeChromium-ntp=2083; sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8
Source: global trafficHTTP traffic detected: GET /apc/trans.gif?95fb53530d0f87341ee42270dfe987d6 HTTP/1.1Referer: https://www.bing.com/WS/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CH,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.18.9.23720; 10.0.0.0.22631.4169) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: 90b684f42d95e8b91254d94f12feeea5.clo.footprintdns.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.867cdfd625d830718faf.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Origin: https://ntp.msn.comsec-ch-ua-arch: "x86"sec-ch-viewport-width: 1280sec-ch-ua-platform-version: "15.0.0"downlink: 1.45sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-ua-model: sec-ch-ua-platform: "Windows"device-memory: 8sec-ch-ua-bitness: "64"rtt: 500sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-full-version: "100.0.1185.36"ect: 3gsec-ch-dpr: 1sec-ch-prefers-color-scheme: lightAccept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1280sec-ch-ua-platform-version: "15.0.0"downlink: 1.45sec-ch-ua-bitness: "64"sec-ch-ua-model: sec-ch-ua-platform: "Windows"device-memory: 8rtt: 500sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-full-version: "100.0.1185.36"sec-ch-prefers-color-scheme: lightsec-ch-dpr: 1ect: 3gAccept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38
Source: global trafficHTTP traffic detected: GET /apc/trans.gif?f35a0cfdd01dc49b968f3530e2daaaf3 HTTP/1.1Referer: https://www.bing.com/WS/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CH,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.18.9.23720; 10.0.0.0.22631.4169) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: 90b684f42d95e8b91254d94f12feeea5.clo.footprintdns.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.4fa8815283fe3d88a934.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.5d0f28115e15fcff20c5.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.a1e626d952b002612af0.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.c64f021441815c638c7a.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1741589624001&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=cb8e3dc701464ab0a8a0f07fac0e4665&activityId=cb8e3dc701464ab0a8a0f07fac0e4665&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38
Source: global trafficHTTP traffic detected: GET /b?rn=1741589624002&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26content%3D1%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=004ABE65C0E662FD0B62AB35C1E763F0&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=CB8E3DC7-0146-4AB0-A8A0-F07FAC0E4665&ocid=pdp-peregrine&cm=en-us&it=app&user=m-004ABE65C0E662FD0B62AB35C1E763F0&scn=APP_ANON&source=market-consolidation HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=trueUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pglt-edgeChromium-ntp=2083; _C_Auth=; sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38If-None-Match: 0x8DD16773E2AD59BIf-Modified-Since: Sat, 07 Dec 2024 04:25:55 GMT
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741589624000&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 3689sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38
Source: global trafficHTTP traffic detected: GET /b2?rn=1741589624002&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26content%3D1%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=004ABE65C0E662FD0B62AB35C1E763F0&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UID=1DCc04c268dbb9d56c4f55d1741589624
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1741589624001&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=cb8e3dc701464ab0a8a0f07fac0e4665&activityId=cb8e3dc701464ab0a8a0f07fac0e4665&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=FF47F31EE4084990B2A1F9F42C50A940&MUID=14EA2E828C4D639509943BD28D2B6272 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; SM=T; msnup=%7B%22cnex%22%3A%22no%22%7D
Source: global trafficHTTP traffic detected: GET /cksync.php?type=nms&cs=3&ovsid=004ABE65C0E662FD0B62AB35C1E763F0&gdpr=0&gdpr_consent= HTTP/1.1Host: hbx.media.netConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sg/msn/1/cm?taboola_hm=004ABE65C0E662FD0B62AB35C1E763F0&gdpr=0&gdpr_consent= HTTP/1.1Host: trc.taboola.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /uidmappixel?ext_uid=004ABE65C0E662FD0B62AB35C1E763F0&pname=MSN&gdpr=0&gdpr_consent= HTTP/1.1Host: sync.outbrain.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /mapuid?suid=004ABE65C0E662FD0B62AB35C1E763F0&sid=16&gdpr=0&gdpr_consent= HTTP/1.1Host: eb2.3lift.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /m?cdsp=516415&c=004ABE65C0E662FD0B62AB35C1E763F0&mode=inverse&msn_src=ntp&&gdpr=0&gdpr_consent= HTTP/1.1Host: cm.mgid.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: OPTIONS /auction HTTP/1.1Host: srtb.msn.comConnection: keep-aliveAccept: */*Access-Control-Request-Method: POSTAccess-Control-Request-Headers: cache-control,content-type,x-ms-flightid,x-ms-numberline,x-msedge-clientid,x-msedge-marketOrigin: https://ntp.msn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Sec-Fetch-Mode: corsSec-Fetch-Site: same-siteSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /setuid?partner=microsoftSsp&dbredirect=true&dnt=0&gdpr=0&gdpr_consent= HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sync/msn?gdpr=0&gdpr_consent= HTTP/1.1Host: pr-bh.ybp.yahoo.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /mail/u/0/ HTTP/1.1Host: mail.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sync?ssp=msn&id=004ABE65C0E662FD0B62AB35C1E763F0&gdpr=0&gdpr_consent= HTTP/1.1Host: code.yengo.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /getuid?ld=1&gdpr=0&cmp_cs=&us_privacy= HTTP/1.1Host: eb2.3lift.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: POST /auction HTTP/1.1Host: srtb.msn.comConnection: keep-aliveContent-Length: 2532sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"X-MSEdge-ClientID: 14EA2E828C4D639509943BD28D2B6272sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36x-ms-flightId: msnallexpusers,prg-sp-liveapi,prg-fin-compof,prg-fin-hpoflio,prg-fin-poflio,prg-hp-cwtrfl-infc2,prg-1sw-cc-calfbv,1s-webembeddings-fbv6,prg-1sw-sa-calfbv,c-prg-msn-blsbidmho,prg-views-stagec,update-hide-c,1s-otdmktexpnc,prg-fin-staging,prg-1sw-sacsic,prg-1sw-sa-sppcvf-t1,1s-unclk-c-an,traffic-p1-nyld-t,prg-1sw-ldny-transit,prg-1sw-tran-trd,prg-fin-inctr,prg-adspeek,prg-1sw-optaad,btie-bidscaling1-t,ads-cfv42tied,btie-msanrr-t13,btie-ad-logo-cf3,1s-ads-ntplogo,prg-ad-logo-ar-cf,prg-ad-logo-only-cf,1s-fcrypt,prg-ctr-pnpc,1s-ntf1-rankfebc,prg-pr2-ntf-dmsdtbr,1s-wpo-pr2-dmsd,prg-1sw-dmpren,prg-1sw-sdcdp2,prg-1sw-sdpvp2,prg-dm-title,prg-upsaip-w1-t,ads-gemrtbintc,1s-rpssecautht,jj_fac_c,prg-pr2-muidsync,chatn_v2_t1,1s-wpo-pr1-r1infprev,1s-ntf2-prwradarkc,1s-shp-affdayp2-t,1s-shp-affbafidp2,prg-2-affbfill-t,2412-i-ncof-t,cptest-msn-muid-c,1s-notifmapping,prg-sh-lowinv1,prg-sh-lowinv,prg-wx-dhgrd-c,prg-sh-dealsdaypdp,prg-sh-rmitmlnk-c,nopinglancecardit,prg-wx-hflq,prg-1sw-clatrl,prg-xandr-tlmtry,prg-cg-ad-ref-if-2,1s-wpo-skdc-revwpo3,prg-1sw-uclem,ads-nopostsq-t,ads-nopostsq,fv-spt-staginc,1s-uasdisf-t,ads-creativelog-c,ads-anjson-migt,fv-cgsb-stage,sh-bdvid,prg-sh-bd-video,ads-nooutbrain,release-outlook-app,ads-prcrid-bi,ads-fbk-gserver,prg-cg-ab-testing,prg-1sw-wxrvlocds-c,1s-p2-bg-appanon,ads-bcn-cndomain,1s-blis-nocache,prg-cg-int-ad-pod,msph-benchmark,prg-pr2-lifecyclebac,1s-routenotexpc,prg-1sw-wxnhcolk,prg-1sw-sa-dnec,prg-1sw-crypinf,prg-wx-nsever,prg-1sw-cryptren,cg-ad-user-ci-ctr,1s-ntf1-dynprev,prg-webwi-stag,msph-adsrevpd,prg-cg-zhcnfx,prg-cg-lstfix,prg-wx-cwaze,prg-cg-game-exp-11,prg-cg-game-exp-1,prg-pr2-sdprodctrl,prg-1sw-tbrfltr,1s-uup-acthistory,1s-cntravelerv2,1s-cntravelercookiev2,1s-p2-usedashcm,prg-fin-rmar,prg-wx-pwafull,cg-new-xnpl-ctr,prg-wx-psn,msph-helpbot,prg-1sw-wxomghd,2412-i-paykv2-t,prg-1sw-wxomghdnr,history_native_c,2501-dis-scw-t,prg-pr2-wwidgets-t,2412-i-fcopilot-t,1s-prg1-weath-clndrt,2410-bcopilotn-t,bing_native_chat_t,1s-unifdmodls,msphxap-batch5,prg-1s-dwvid-wpo,1s-wpo-ntp-videos,1s-newsfeed-worknews,prg-cg-excludemcgt2,prg-1sw-repmcg,prg-cg-fmcgjbi,prg-cg-fmocgjbi,prg-pr2-dis-signal,bing_uni_iab_t,prg-pr2-imghttd-t,prg-pr2-imghtdd-t,prg-pr2-cstmztion-fture,1s-cstmztion-preview,1s-wx2-lwc,prg-1sw-wcro-ghads,1s-p1-promotedondmd,1s-p1-ua4osvhw,1s-wpo-pr1-promad,prg-1sw-hovertime,prg-1sw-twinshellwc,1s-wx-newswtxt,prg-1sw-wxaqifctc,prg-wtch-relfeed-t2,prg-revi-nocache,prg-revi-sagervpa,prg-wtch-feedrelvid,msphxap-batch6,travel_sma_tf,prg-cg-countermoniccc,1s-ntf-wxnewuvidx,prg-ad-slug-modi,prg-wx-bigads,prg-wx-alertpwac,
Source: global trafficHTTP traffic detected: GET /visitor/sync?uid=9871605be8d4b2a982914bf5c9348e7b&name=MSN&visitor=004ABE65C0E662FD0B62AB35C1E763F0&external=true&gdpr=0&gdpr_consent= HTTP/1.1Host: visitor.omnitagjs.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cs/msn?id=004ABE65C0E662FD0B62AB35C1E763F0&gdpr=0&gdpr_consent= HTTP/1.1Host: trace.mediago.ioConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /oRTB?redirect={PubRedirectUrl}&gdpr=0&gdpr_consent= HTTP/1.1Host: sync.inmobi.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cs/msn?id=004ABE65C0E662FD0B62AB35C1E763F0&gdpr=0&gdpr_consent= HTTP/1.1Host: trace.popin.ccConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __mguid_=44ffa69be4a5e3ae1msvnp00m4gvuela
Source: global trafficHTTP traffic detected: GET /getuid?https://c.bing.com/c.gif?anx_uid=$UID&Red3=MSAN_pd&gdpr=0&gdpr_consent= HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=river&i=1&p=edgechrntp&l=en-us&d=bing&b=Edg&a=e054328b-a970-4251-b286-c55887426102&ii=1&c=12386452388389141971&bid=bd089227-80ba-499a-b76f-5daa174a2b2f&tid=edgechrntp-river-1&ptid=edgechrntp-peekriver-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=resriver&i=1&p=edgechrntp&l=en-us&d=bing&b=Edg&a=4edd1710-7d0d-4b3f-9148-e4a638417285&ii=1&c=18368377465139431179&bid=bd089227-80ba-499a-b76f-5daa174a2b2f&tid=edgechrntp-resriver-1&ptid=edgechrntp-resriver-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272
Source: global trafficHTTP traffic detected: GET /mapuid?member=280&user=14EA2E828C4D639509943BD28D2B6272;&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fm.adnxs.com%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D14EA2E828C4D639509943BD28D2B6272%2526gdpr%253D0%2526gdpr_consent%253D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pglt-edgeChromium-ntp=2083; _C_Auth=; pglt-edgeChromium-dhp=2083; sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; ai_session=VAKzteJDYnVxyk5xI1I8nc|1741589623997|1741589623997; sptmarket_restored=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272
Source: global trafficHTTP traffic detected: GET /sync?redirect=%7BPubRedirectUrl%7D&gdpr_consent=&gdpr=0&us_privacy=&gdpr_pd=&source=5&google_push=&retry= HTTP/1.1Host: sync.inmobi.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741589627773&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 4824sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741589627779&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 6206sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272
Source: global trafficHTTP traffic detected: GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc.bing.com%2Fc.gif%3Fanx_uid%3D%24UID%26Red3%3DMSAN_pd%26gdpr%3D0%26gdpr_consent%3D HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uuid2=9147571901648394411
Source: global trafficHTTP traffic detected: GET /bounce?%2Fmapuid%3Fmember%3D280%26user%3D14EA2E828C4D639509943BD28D2B6272%3B%26gdpr%3D0%26gdpr_consent%3D%26redir%3Dhttps%253A%252F%252Fm.adnxs.com%252Fseg%253Fadd%253D5159620%2526redir%253Dhttps%25253A%25252F%25252Fib.adnxs.com%25252Fsetuid%25253Fentity%25253D483%252526code%25253D14EA2E828C4D639509943BD28D2B6272%252526gdpr%25253D0%252526gdpr_consent%25253D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uuid2=9147571901648394411
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741589627786&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 4994sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; _C_ETH=1
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=infopane&i=3&p=edgechrntp&l=en-us&d=bing&b=Edg&a=69bc68ee-2fb8-4d4e-86e6-43a1932d60c7&ii=1&c=3218573740883118758&bid=7b702774-ea3c-44bf-a833-8a8d2f260b88&tid=edgechrntp-infopane-3&ptid=edgechrntp-peekinfopane-1&t=type.msft-content-card&dec=1_6-1_6 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; cbypass=1741589632556
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=infopane&i=11&p=edgechrntp&l=en-us&d=bing&b=Edg&a=f3665dc3-8ae5-4c7f-bb7c-11b5ed41f48b&ii=1&c=3884589492546529060&bid=7b702774-ea3c-44bf-a833-8a8d2f260b88&tid=edgechrntp-infopane-11&ptid=edgechrntp-peekInfopane-2&t=type.msft-content-card&dec=1_6-1_6 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; cbypass=1741589632556
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741589627790&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 5274sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; _C_ETH=1
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=infopane&i=15&p=edgechrntp&l=en-us&d=bing&b=Edg&a=4a2a739f-0c15-4861-8a85-ff0d1adb09e7&ii=1&c=16501832393738519325&bid=7b702774-ea3c-44bf-a833-8a8d2f260b88&tid=edgechrntp-infopane-15&ptid=edgechrntp-peekinfopane-3&t=type.msft-content-card&dec=1-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; cbypass=1741589632556
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=resinfopane&i=6&p=edgechrntp&l=en-us&d=bing&b=Edg&a=0f1bcfc9-fe2f-4c39-ba92-b6fad69f20c6&ii=1&c=13192095998113398718&bid=7b702774-ea3c-44bf-a833-8a8d2f260b88&tid=edgechrntp-resinfopane-6&ptid=edgechrntp-resinfopane-1&t=type.msft-content-card&dec=1-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; cbypass=1741589632556
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741589629720&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 21665sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; cbypass=1741589632556
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741589630280&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 5849sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; cbypass=1741589632556
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741589632133&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 6290sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; _C_ETH=1; cbypass=1741589635696
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741589633488&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 6301sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; _C_ETH=1; cbypass=1741589635696
Source: global trafficHTTP traffic detected: POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741589636817&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1Host: browser.events.data.msn.comConnection: keep-aliveContent-Length: 6222sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; _C_ETH=1; cbypass=1741589635696
Source: global trafficHTTP traffic detected: POST /log?hasfast=true&authuser=0&format=json HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 580sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Content-Type: text/plain;charset=UTF-8sec-ch-ua-model: sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-ua-platform-version: "15.0.0"sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version: "100.0.1185.36"sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: POST /log?hasfast=true&authuser=0&format=json HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 580sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Content-Type: text/plain;charset=UTF-8sec-ch-ua-model: sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-ua-platform-version: "15.0.0"sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version: "100.0.1185.36"sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "100.0.1185.36"sec-ch-ua-platform-version: "15.0.0"sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /mail/gxlu?email=higoto%40gmail.com&zx=1741589652566 HTTP/1.1Host: mail.google.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "100.0.1185.36"sec-ch-ua-platform-version: "15.0.0"sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=522=UpqdbF_OD0tQ_vesNBFXoPcLKQVMGYATWxWs0aWjaUgdyUp1mOWJ5aEhS3T4YveZWEOEYTLFOEwnkv1lSKqsTVSHy9YiOhCaNHaiugAuO5uK7wsueIALyikKh1-gryDYJPTkqI-FC5U0mGUvMrbBVBhNjeQc35Ys2_HK6FzNP34vzSJtFrdsZMZ38-WH9EUcNpDxDeez
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&prerender=1 HTTP/1.1Host: ntp.msn.comConnection: keep-alivedevice-memory: 8sec-ch-dpr: 1sec-ch-viewport-width: 1280rtt: 200downlink: 6.5ect: 4gsec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "100.0.1185.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "15.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-prefers-color-scheme: lightUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Service-Worker-Navigation-Preload: trueSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pglt-edgeChromium-ntp=2083; _C_Auth=; pglt-edgeChromium-dhp=2083; sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; ai_session=VAKzteJDYnVxyk5xI1I8nc|1741589623997|1741589623997; sptmarket_restored=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; msaoptout=0; _C_ETH=1; cbypass=1741589635696
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=trueUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pglt-edgeChromium-ntp=2083; _C_Auth=; pglt-edgeChromium-dhp=2083; sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; ai_session=VAKzteJDYnVxyk5xI1I8nc|1741589623997|1741589623997; sptmarket_restored=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; msaoptout=0; cbypass=1741589635696If-None-Match: 0x8DD5DE828A345FCIf-Modified-Since: Sat, 08 Mar 2025 02:23:05 GMT
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.gmail.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.206.35
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.206.35
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.206.35
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.206.35
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: unknownTCP traffic detected without corresponding DNS query: 2.21.65.154
Source: global trafficHTTP traffic detected: GET /pwa?version=18.2411.1163.0&capabilities=interopPromise HTTP/1.1Host: www.microsoft365.comConnection: keep-aliveaccept-language: en-CHUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Service-Worker-Navigation-Preload: trueSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pglt-edgeChromium-ntp=2083; sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8
Source: global trafficHTTP traffic detected: GET /apc/trans.gif?95fb53530d0f87341ee42270dfe987d6 HTTP/1.1Referer: https://www.bing.com/WS/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CH,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.18.9.23720; 10.0.0.0.22631.4169) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: 90b684f42d95e8b91254d94f12feeea5.clo.footprintdns.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.867cdfd625d830718faf.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Origin: https://ntp.msn.comsec-ch-ua-arch: "x86"sec-ch-viewport-width: 1280sec-ch-ua-platform-version: "15.0.0"downlink: 1.45sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-ua-model: sec-ch-ua-platform: "Windows"device-memory: 8sec-ch-ua-bitness: "64"rtt: 500sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-full-version: "100.0.1185.36"ect: 3gsec-ch-dpr: 1sec-ch-prefers-color-scheme: lightAccept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1280sec-ch-ua-platform-version: "15.0.0"downlink: 1.45sec-ch-ua-bitness: "64"sec-ch-ua-model: sec-ch-ua-platform: "Windows"device-memory: 8rtt: 500sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-full-version: "100.0.1185.36"sec-ch-prefers-color-scheme: lightsec-ch-dpr: 1ect: 3gAccept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38
Source: global trafficHTTP traffic detected: GET /apc/trans.gif?f35a0cfdd01dc49b968f3530e2daaaf3 HTTP/1.1Referer: https://www.bing.com/WS/InitAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5Accept-Language: en-CH,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.18.9.23720; 10.0.0.0.22631.4169) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22631Host: 90b684f42d95e8b91254d94f12feeea5.clo.footprintdns.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.4fa8815283fe3d88a934.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.5d0f28115e15fcff20c5.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.a1e626d952b002612af0.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.c64f021441815c638c7a.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1741589624001&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=cb8e3dc701464ab0a8a0f07fac0e4665&activityId=cb8e3dc701464ab0a8a0f07fac0e4665&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38
Source: global trafficHTTP traffic detected: GET /b?rn=1741589624002&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26content%3D1%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=004ABE65C0E662FD0B62AB35C1E763F0&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=CB8E3DC7-0146-4AB0-A8A0-F07FAC0E4665&ocid=pdp-peregrine&cm=en-us&it=app&user=m-004ABE65C0E662FD0B62AB35C1E763F0&scn=APP_ANON&source=market-consolidation HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=trueUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pglt-edgeChromium-ntp=2083; _C_Auth=; sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _C_ETH=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38If-None-Match: 0x8DD16773E2AD59BIf-Modified-Since: Sat, 07 Dec 2024 04:25:55 GMT
Source: global trafficHTTP traffic detected: GET /b2?rn=1741589624002&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26content%3D1%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=004ABE65C0E662FD0B62AB35C1E763F0&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UID=1DCc04c268dbb9d56c4f55d1741589624
Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1741589624001&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=cb8e3dc701464ab0a8a0f07fac0e4665&activityId=cb8e3dc701464ab0a8a0f07fac0e4665&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=FF47F31EE4084990B2A1F9F42C50A940&MUID=14EA2E828C4D639509943BD28D2B6272 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; MUID=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; SM=T; msnup=%7B%22cnex%22%3A%22no%22%7D
Source: global trafficHTTP traffic detected: GET /cksync.php?type=nms&cs=3&ovsid=004ABE65C0E662FD0B62AB35C1E763F0&gdpr=0&gdpr_consent= HTTP/1.1Host: hbx.media.netConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sg/msn/1/cm?taboola_hm=004ABE65C0E662FD0B62AB35C1E763F0&gdpr=0&gdpr_consent= HTTP/1.1Host: trc.taboola.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /uidmappixel?ext_uid=004ABE65C0E662FD0B62AB35C1E763F0&pname=MSN&gdpr=0&gdpr_consent= HTTP/1.1Host: sync.outbrain.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /mapuid?suid=004ABE65C0E662FD0B62AB35C1E763F0&sid=16&gdpr=0&gdpr_consent= HTTP/1.1Host: eb2.3lift.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /m?cdsp=516415&c=004ABE65C0E662FD0B62AB35C1E763F0&mode=inverse&msn_src=ntp&&gdpr=0&gdpr_consent= HTTP/1.1Host: cm.mgid.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /setuid?partner=microsoftSsp&dbredirect=true&dnt=0&gdpr=0&gdpr_consent= HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sync/msn?gdpr=0&gdpr_consent= HTTP/1.1Host: pr-bh.ybp.yahoo.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /mail/u/0/ HTTP/1.1Host: mail.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sync?ssp=msn&id=004ABE65C0E662FD0B62AB35C1E763F0&gdpr=0&gdpr_consent= HTTP/1.1Host: code.yengo.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /getuid?ld=1&gdpr=0&cmp_cs=&us_privacy= HTTP/1.1Host: eb2.3lift.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /visitor/sync?uid=9871605be8d4b2a982914bf5c9348e7b&name=MSN&visitor=004ABE65C0E662FD0B62AB35C1E763F0&external=true&gdpr=0&gdpr_consent= HTTP/1.1Host: visitor.omnitagjs.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cs/msn?id=004ABE65C0E662FD0B62AB35C1E763F0&gdpr=0&gdpr_consent= HTTP/1.1Host: trace.mediago.ioConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /oRTB?redirect={PubRedirectUrl}&gdpr=0&gdpr_consent= HTTP/1.1Host: sync.inmobi.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cs/msn?id=004ABE65C0E662FD0B62AB35C1E763F0&gdpr=0&gdpr_consent= HTTP/1.1Host: trace.popin.ccConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __mguid_=44ffa69be4a5e3ae1msvnp00m4gvuela
Source: global trafficHTTP traffic detected: GET /getuid?https://c.bing.com/c.gif?anx_uid=$UID&Red3=MSAN_pd&gdpr=0&gdpr_consent= HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=river&i=1&p=edgechrntp&l=en-us&d=bing&b=Edg&a=e054328b-a970-4251-b286-c55887426102&ii=1&c=12386452388389141971&bid=bd089227-80ba-499a-b76f-5daa174a2b2f&tid=edgechrntp-river-1&ptid=edgechrntp-peekriver-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=resriver&i=1&p=edgechrntp&l=en-us&d=bing&b=Edg&a=4edd1710-7d0d-4b3f-9148-e4a638417285&ii=1&c=18368377465139431179&bid=bd089227-80ba-499a-b76f-5daa174a2b2f&tid=edgechrntp-resriver-1&ptid=edgechrntp-resriver-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272
Source: global trafficHTTP traffic detected: GET /mapuid?member=280&user=14EA2E828C4D639509943BD28D2B6272;&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fm.adnxs.com%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D14EA2E828C4D639509943BD28D2B6272%2526gdpr%253D0%2526gdpr_consent%253D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pglt-edgeChromium-ntp=2083; _C_Auth=; pglt-edgeChromium-dhp=2083; sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; ai_session=VAKzteJDYnVxyk5xI1I8nc|1741589623997|1741589623997; sptmarket_restored=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272
Source: global trafficHTTP traffic detected: GET /sync?redirect=%7BPubRedirectUrl%7D&gdpr_consent=&gdpr=0&us_privacy=&gdpr_pd=&source=5&google_push=&retry= HTTP/1.1Host: sync.inmobi.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc.bing.com%2Fc.gif%3Fanx_uid%3D%24UID%26Red3%3DMSAN_pd%26gdpr%3D0%26gdpr_consent%3D HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uuid2=9147571901648394411
Source: global trafficHTTP traffic detected: GET /bounce?%2Fmapuid%3Fmember%3D280%26user%3D14EA2E828C4D639509943BD28D2B6272%3B%26gdpr%3D0%26gdpr_consent%3D%26redir%3Dhttps%253A%252F%252Fm.adnxs.com%252Fseg%253Fadd%253D5159620%2526redir%253Dhttps%25253A%25252F%25252Fib.adnxs.com%25252Fsetuid%25253Fentity%25253D483%252526code%25253D14EA2E828C4D639509943BD28D2B6272%252526gdpr%25253D0%252526gdpr_consent%25253D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uuid2=9147571901648394411
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=infopane&i=3&p=edgechrntp&l=en-us&d=bing&b=Edg&a=69bc68ee-2fb8-4d4e-86e6-43a1932d60c7&ii=1&c=3218573740883118758&bid=7b702774-ea3c-44bf-a833-8a8d2f260b88&tid=edgechrntp-infopane-3&ptid=edgechrntp-peekinfopane-1&t=type.msft-content-card&dec=1_6-1_6 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; cbypass=1741589632556
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=infopane&i=11&p=edgechrntp&l=en-us&d=bing&b=Edg&a=f3665dc3-8ae5-4c7f-bb7c-11b5ed41f48b&ii=1&c=3884589492546529060&bid=7b702774-ea3c-44bf-a833-8a8d2f260b88&tid=edgechrntp-infopane-11&ptid=edgechrntp-peekInfopane-2&t=type.msft-content-card&dec=1_6-1_6 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; cbypass=1741589632556
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=infopane&i=15&p=edgechrntp&l=en-us&d=bing&b=Edg&a=4a2a739f-0c15-4861-8a85-ff0d1adb09e7&ii=1&c=16501832393738519325&bid=7b702774-ea3c-44bf-a833-8a8d2f260b88&tid=edgechrntp-infopane-15&ptid=edgechrntp-peekinfopane-3&t=type.msft-content-card&dec=1-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; cbypass=1741589632556
Source: global trafficHTTP traffic detected: GET /notify/served?rid=cb8e3dc701464ab0a8a0f07fac0e4665&r=resinfopane&i=6&p=edgechrntp&l=en-us&d=bing&b=Edg&a=0f1bcfc9-fe2f-4c39-ba92-b6fad69f20c6&ii=1&c=13192095998113398718&bid=7b702774-ea3c-44bf-a833-8a8d2f260b88&tid=edgechrntp-resinfopane-6&ptid=edgechrntp-resinfopane-1&t=type.msft-content-card&dec=1-1 HTTP/1.1Host: srtb.msn.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: USRLOC=; _EDGE_V=1; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; cbypass=1741589632556
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "100.0.1185.36"sec-ch-ua-platform-version: "15.0.0"sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rules/rule170146v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120201v19s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.18129; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /mail/gxlu?email=higoto%40gmail.com&zx=1741589652566 HTTP/1.1Host: mail.google.comConnection: keep-alivesec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "100.0.1185.36"sec-ch-ua-platform-version: "15.0.0"sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-model: sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=522=UpqdbF_OD0tQ_vesNBFXoPcLKQVMGYATWxWs0aWjaUgdyUp1mOWJ5aEhS3T4YveZWEOEYTLFOEwnkv1lSKqsTVSHy9YiOhCaNHaiugAuO5uK7wsueIALyikKh1-gryDYJPTkqI-FC5U0mGUvMrbBVBhNjeQc35Ys2_HK6FzNP34vzSJtFrdsZMZ38-WH9EUcNpDxDeez
Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&prerender=1 HTTP/1.1Host: ntp.msn.comConnection: keep-alivedevice-memory: 8sec-ch-dpr: 1sec-ch-viewport-width: 1280rtt: 200downlink: 6.5ect: 4gsec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "100.0.1185.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "15.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: " Not A;Brand";v="99.0.0.0", "Chromium";v="100.0.1185.36", "Microsoft Edge";v="100.0.1185.36"sec-ch-prefers-color-scheme: lightUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Service-Worker-Navigation-Preload: trueSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pglt-edgeChromium-ntp=2083; _C_Auth=; pglt-edgeChromium-dhp=2083; sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; ai_session=VAKzteJDYnVxyk5xI1I8nc|1741589623997|1741589623997; sptmarket_restored=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; msaoptout=0; _C_ETH=1; cbypass=1741589635696
Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=trueUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pglt-edgeChromium-ntp=2083; _C_Auth=; pglt-edgeChromium-dhp=2083; sptmarket=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; USRLOC=; MUIDB=004ABE65C0E662FD0B62AB35C1E763F0; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=6aef895b-7882-4f77-b0ae-6734b488fce8; _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; ai_session=VAKzteJDYnVxyk5xI1I8nc|1741589623997|1741589623997; sptmarket_restored=en-US||us|en-us|en-us|en||cf=8|RefA=1B31AA27F6324A9F8365A0E1A9A52B6D.RefC=2024-12-09T10:20:34Z; msnup=%7B%22cnex%22%3A%22no%22%7D; MUID=14EA2E828C4D639509943BD28D2B6272; msaoptout=0; cbypass=1741589635696If-None-Match: 0x8DD5DE828A345FCIf-Modified-Since: Sat, 08 Mar 2025 02:23:05 GMT
Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.gmail.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: msedgewebview2.exe, 00000043.00000003.3578980818.0000194400FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: undation_override":{"applications":[{"applied_policy":"OptIn","domain":"youtube.com","path_exclude":["/shorts","/kids"],"subdomain_exclude":["tv.youtube.com","studio.youtube.com","vr.youtube.com"]}],"policies":[{"name":"OptIn","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"prism_explorer_override":{"applications":[{"applied_policy":"OptOut","domain":"2mdn.net"},{"applied_policy":"OptOut","domain":"img-s-msn-com.akamaized.net"},{"applied_policy":"OptOut","domain":"azurewebsites.net"},{"applied_policy":"OptOut","domain":"bing-exp.*"},{"applied_policy":"OptOut","domain":"bing.com"},{"applied_policy":"OptOut","domain":"www.caisse-epargne.fr"},{"applied_policy":"OptOut","domain":"codepen.io"},{"applied_policy":"OptOut","domain":"create.microsoft.com"},{"applied_policy":"OptOut","domain":"defenderrazor.com"},{"applied_policy":"OptOut","domain":"designer.microsoft.com"},{"applied_policy":"OptOut","domain":"dongardner.com"},{"applied_policy":"OptOut","domain":"duckduckgo.com"},{"applied_policy":"OptOut","domain":"facebook.com"},{"applied_policy":"OptOut","domain":"free-freecell-solitaire.com"},{"applied_policy":"OptOut","domain":"google.*"},{"applied_policy":"OptOut","domain":"googlesyndication.com"},{"applied_policy":"OptOut","domain":"igo-werbeartikel.*"},{"applied_policy":"OptOut","domain":"igo-objetspub.*"},{"applied_policy":"OptOut","domain":"igoprofil.*"},{"applied_policy":"OptOut","domain":"igopromo.*"},{"applied_policy":"OptOut","domain":"instagram.com"},{"applied_policy":"OptOut","domain":"linkedin.*"},{"applied_policy":"OptOut","domain":"live.com"},{"applied_policy":"OptOut","domain":"mapquest.*"},{"applied_policy":"OptOut","domain":"netflix.*"},{"applied_policy":"OptOut","domain":"office.com"},{"applied_policy":"OptOut","domain":"officeapps.live.com"},{"applied_policy":"OptOut","domain":"openrailwaymap.org"},{"applied_policy":"OptOut","domain":"outbrainimg.com"},{"applied_policy":"OptOut","domain":"pexels.com"},{"applied_policy":"OptOut","domain":"search.naver.com"},{"applied_policy":"OptOut","domain":"search.yahoo.com"},{"applied_policy":"OptOut","domain":"sharepoint.com"},{"applied_policy":"OptOut","domain":"skovik.com"},{"applied_policy":"OptOut","domain":"staging-bing-int.*"},{"applied_policy":"OptOut","domain":"storage.live.com"},{"applied_policy":"OptOut","domain":"svc.ms"},{"applied_policy":"OptOut","domain":"sygic.*"},{"applied_policy":"OptOut","domain":"techcommunity.microsoft.com"},{"applied_policy":"OptOut","domain":"tiktok.com"},{"applied_policy":"OptOut","domain":"twitter.com"},{"applied_policy":"OptOut","domain":"web.whatsapp.com"},{"applied_pol6 equals www.yahoo.com (Yahoo)
Source: msedgewebview2.exe, 00000043.00000003.3578980818.0000194400FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: undation_override":{"applications":[{"applied_policy":"OptIn","domain":"youtube.com","path_exclude":["/shorts","/kids"],"subdomain_exclude":["tv.youtube.com","studio.youtube.com","vr.youtube.com"]}],"policies":[{"name":"OptIn","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"prism_explorer_override":{"applications":[{"applied_policy":"OptOut","domain":"2mdn.net"},{"applied_policy":"OptOut","domain":"img-s-msn-com.akamaized.net"},{"applied_policy":"OptOut","domain":"azurewebsites.net"},{"applied_policy":"OptOut","domain":"bing-exp.*"},{"applied_policy":"OptOut","domain":"bing.com"},{"applied_policy":"OptOut","domain":"www.caisse-epargne.fr"},{"applied_policy":"OptOut","domain":"codepen.io"},{"applied_policy":"OptOut","domain":"create.microsoft.com"},{"applied_policy":"OptOut","domain":"defenderrazor.com"},{"applied_policy":"OptOut","domain":"designer.microsoft.com"},{"applied_policy":"OptOut","domain":"dongardner.com"},{"applied_policy":"OptOut","domain":"duckduckgo.com"},{"applied_policy":"OptOut","domain":"facebook.com"},{"applied_policy":"OptOut","domain":"free-freecell-solitaire.com"},{"applied_policy":"OptOut","domain":"google.*"},{"applied_policy":"OptOut","domain":"googlesyndication.com"},{"applied_policy":"OptOut","domain":"igo-werbeartikel.*"},{"applied_policy":"OptOut","domain":"igo-objetspub.*"},{"applied_policy":"OptOut","domain":"igoprofil.*"},{"applied_policy":"OptOut","domain":"igopromo.*"},{"applied_policy":"OptOut","domain":"instagram.com"},{"applied_policy":"OptOut","domain":"linkedin.*"},{"applied_policy":"OptOut","domain":"live.com"},{"applied_policy":"OptOut","domain":"mapquest.*"},{"applied_policy":"OptOut","domain":"netflix.*"},{"applied_policy":"OptOut","domain":"office.com"},{"applied_policy":"OptOut","domain":"officeapps.live.com"},{"applied_policy":"OptOut","domain":"openrailwaymap.org"},{"applied_policy":"OptOut","domain":"outbrainimg.com"},{"applied_policy":"OptOut","domain":"pexels.com"},{"applied_policy":"OptOut","domain":"search.naver.com"},{"applied_policy":"OptOut","domain":"search.yahoo.com"},{"applied_policy":"OptOut","domain":"sharepoint.com"},{"applied_policy":"OptOut","domain":"skovik.com"},{"applied_policy":"OptOut","domain":"staging-bing-int.*"},{"applied_policy":"OptOut","domain":"storage.live.com"},{"applied_policy":"OptOut","domain":"svc.ms"},{"applied_policy":"OptOut","domain":"sygic.*"},{"applied_policy":"OptOut","domain":"techcommunity.microsoft.com"},{"applied_policy":"OptOut","domain":"tiktok.com"},{"applied_policy":"OptOut","domain":"twitter.com"},{"applied_policy":"OptOut","domain":"web.whatsapp.com"},{"applied_pol6 equals www.youtube.com (Youtube)
Source: msedgewebview2.exe, 00000043.00000003.3447264785.0000194400F13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ":"DrmEdgeUA"},{"domain":"wrc.t-mobile.com","applied_policy":"ChromeUA"},{"domain":"maxdome.de","applied_policy":"ChromeUA"},{"domain":"go.canaldigital.fi","applied_policy":"EdgeUA"},{"domain":"go.canaldigital.no","applied_policy":"EdgeUA"},{"domain":"go.canaldigital.se","applied_policy":"EdgeUA"},{"domain":"canaldigital.dk","subdomain_match":["go","tv"],"applied_policy":"EdgeUA"},{"domain":"la7.it","applied_policy":"ChromeUA"},{"domain":"moneygram.com","applied_policy":"ChromeUA"},{"domain":"blog.esuteru.com","applied_policy":"ChromeUA"},{"domain":"smallbusiness.yahoo.com","path_match":["/businessmaker"],"applied_policy":"ChromeUA"},{"domain":"abc.com","applied_policy":"ChromeUA"},{"domain":"myslate.sixphrase.com","applied_policy":"ChromeUA"},{"domain":"search.norton.com","path_match":["/nsssOnboarding"],"applied_policy":"ChromeUA"},{"domain":"virtualvisitlogin.partners.org","applied_policy":"ChromeUA"},{"domain":"carelogin.bryantelemedicine.com","applied_policy":"ChromeUA"},{"domain":"providerstc.hs.utah.gov","applied_policy":"ChromeUA"},{"domain":"applychildcaresubsidy.alberta.ca","applied_policy":"ChromeUA"},{"domain":"elearning.evn.com.vn","path_match":["/login"],"applied_policy":"ChromeUA"},{"domain":"authoring.amirsys.com","path_match":["/login"],"applied_policy":"ChromeUA"},{"domain":"elearning.seabank.com.vn","path_match":["/login"],"applied_policy":"ChromeUA"},{"domain":"app.fields.corteva.com","path_match":["/login"],"applied_policy":"ChromeUA"},{"domain":"gsq.minornet.com","applied_policy":"ChromeUA"},{"domain":"shop.lic.co.nz","applied_policy":"ChromeUA"},{"domain":"telehealthportal.uofuhealth.org","applied_policy":"ChromeUA"},{"domain":"visitnow.org","applied_policy":"ChromeUA"},{"domain":"www.hotstar.com","path_match":["/in/subscribe/payment/methods/dc","/in/subscribe/payment/methods/cc"],"applied_policy":"ChromeUA"},{"domain":"tryca.st","path_match":["/studio","/publisher"],"applied_policy":"ChromeUA"},{"domain":"astrogo.astro.com.my","applied_policy":"ChromeUA"},{"domain":"app.classkick.com","applied_policy":"ChromeUA"},{"domain":"exchangeservicecenter.com","path_match":["/freeze"],"applied_policy":"ChromeUA"},{"domain":"bancodeoccidente.com.co","path_match":["/portaltransaccional"],"applied_policy":"ChromeUA"},{"domain":"bm.gzekao.cn","path_match":["/tr/webregister/"],"applied_policy":"IEUA"},{"domain":"learning.chungdahm.com","applied_policy":"ChromeUA"},{"domain":"gooroomee.com","applied_policy":"ChromeUA"},{"domain":"tenantev.com","applied_policy":"ChromeUA"},{"domain":"printful.com","path_match":["/dashboard/default"],"applied_policy":"ChromeUA"},{"domain":"fansnet.jp","path_match":["/signin"],"applied_policy":"ChromeUA"},{"domain":"hanafloralpos2.com","applied_policy":"ChromeUA"},{"domain":"elroyalecasinobonuses.com","applied_policy":"ChromeUA"},{"domain":"moji365.com","applied_policy":"ChromeUA"},{"domain":"web2020.atama.plus","applied_policy":"ChromeUA"},{"domain":"elroyalecasino.com","applied_policy":"ChromeUA"},{"domain
Source: msedgewebview2.exe, 00000043.00000002.4279167843.0000194400A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: reroute_info_serializedaggregateintelligence.comGrocery Shopping Networkingraphenedigitalanalytics.indirectresponsegroup.commclearsightinteractive.comconversiondashboard.comiesBrand Affinity Technologiestargetingmarketplace.combrilliancepublishing.comwww.geniegroupltd.co.ukmaillist-manage.com.au/warumbistdusoarm.space/webmessenger.yahoo.com/legalredirect.yahoo.com/cryptominer.msedgedemo.example/worldwidetelescope.org/Publishers Clearing Housemartinimedianetwork.comomsalesforce-communities.commsnprod.oberon-media.commicrosoftedgeinsiders.commicrosoftazuread-sso.commicrosoftedgeinsider.comsensisdigitalmedia.com.auGame Advertising Onlinewebtrackingservices.commaxpointinteractive.comcomgame-advertising-online.comExponential InteractiveExponential Interactivecomplexmedianetwork.comsuccessfultogether.co.uk equals www.yahoo.com (Yahoo)
Source: msedgewebview2.exe, 00000043.00000002.4321742429.0000194400DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: totale.rosettastone.commy.globaluniversity.edulacite.essentialskillsgroup.comsuppliersmx.smp-automotive.comapp.mytaxprepoffice.comnewstudentregistration.nmsu.eduelroyalecasinobonuses.combancodeoccidente.com.coexchangeservicecenter.comtelehealthportal.uofuhealth.orgelearning.seabank.com.vnproviderstc.hs.utah.govcarelogin.bryantelemedicine.comvirtualvisitlogin.partners.orgsmallbusiness.yahoo.comwww.languageacademy.com.aupinfrafacturacion.com.mxsanayisicil.sanayi.gov.trlearning.apaxleaders.edu.vnsyscheck.bridge.psiexams.comvaccinereg.health.nd.govbcpzonasegurabeta.viabcp.comonline.aufratenzur.bawagpsk.comwww.niubizenlinea.com.pecoronavirus.maryland.govonlyonefoodnet.ifresh.co.krlogin.smasheducation.comsigaexplorer.aduanas.gob.doapp.jigsawinteractive.comvroom.truevirtualworld.comsecure.priviahealth.comprepmod.health.state.mn.usexternal_config_domain_actionsbrand equals www.yahoo.com (Yahoo)
Source: msedgewebview2.exe, 00000043.00000003.3578980818.0000194400FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: undation_override":{"applications":[{"applied_policy":"OptIn","domain":"youtube.com","path_exclude":["/shorts","/kids"],"subdomain_exclude":["tv.youtube.com","studio.youtube.com","vr.youtube.com"]}],"policies":[{"name":"OptIn","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"prism_explorer_override":{"applications":[{"applied_policy":"OptOut","domain":"2mdn.net"},{"applied_policy":"OptOut","domain":"img-s-msn-com.akamaized.net"},{"applied_policy":"OptOut","domain":"azurewebsites.net"},{"applied_policy":"OptOut","domain":"bing-exp.*"},{"applied_policy":"OptOut","domain":"bing.com"},{"applied_policy":"OptOut","domain":"www.caisse-epargne.fr"},{"applied_policy":"OptOut","domain":"codepen.io"},{"applied_policy":"OptOut","domain":"create.microsoft.com"},{"applied_policy":"OptOut","domain":"defenderrazor.com"},{"applied_policy":"OptOut","domain":"designer.microsoft.com"},{"applied_policy":"OptOut","domain":"dongardner.com"},{"applied_policy":"OptOut","domain":"duckduckgo.com"},{"applied_policy":"OptOut","domain":"facebook.com"},{"applied_policy":"OptOut","domain":"free-freecell-solitaire.com"},{"applied_policy":"OptOut","domain":"google.*"},{"applied_policy":"OptOut","domain":"googlesyndication.com"},{"applied_policy":"OptOut","domain":"igo-werbeartikel.*"},{"applied_policy":"OptOut","domain":"igo-objetspub.*"},{"applied_policy":"OptOut","domain":"igoprofil.*"},{"applied_policy":"OptOut","domain":"igopromo.*"},{"applied_policy":"OptOut","domain":"instagram.com"},{"applied_policy":"OptOut","domain":"linkedin.*"},{"applied_policy":"OptOut","domain":"live.com"},{"applied_policy":"OptOut","domain":"mapquest.*"},{"applied_policy":"OptOut","domain":"netflix.*"},{"applied_policy":"OptOut","domain":"office.com"},{"applied_policy":"OptOut","domain":"officeapps.live.com"},{"applied_policy":"OptOut","domain":"openrailwaymap.org"},{"applied_policy":"OptOut","domain":"outbrainimg.com"},{"applied_policy":"OptOut","domain":"pexels.com"},{"applied_policy":"OptOut","domain":"search.naver.com"},{"applied_policy":"OptOut","domain":"search.yahoo.com"},{"applied_policy":"OptOut","domain":"sharepoint.com"},{"applied_policy":"OptOut","domain":"skovik.com"},{"applied_policy":"OptOut","domain":"staging-bing-int.*"},{"applied_policy":"OptOut","domain":"storage.live.com"},{"applied_policy":"OptOut","domain":"svc.ms"},{"applied_policy":"OptOut","domain":"sygic.*"},{"applied_policy":"OptOut","domain":"techcommunity.microsoft.com"},{"applied_policy":"OptOut","domain":"tiktok.com"},{"applied_policy":"OptOut","domain":"twitter.com"},{"applied_policy":"OptOut","domain":"web.whatsapp.com"},{"applied_pol equals www.yahoo.com (Yahoo)
Source: msedgewebview2.exe, 00000043.00000003.3578980818.0000194400FF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: undation_override":{"applications":[{"applied_policy":"OptIn","domain":"youtube.com","path_exclude":["/shorts","/kids"],"subdomain_exclude":["tv.youtube.com","studio.youtube.com","vr.youtube.com"]}],"policies":[{"name":"OptIn","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"prism_explorer_override":{"applications":[{"applied_policy":"OptOut","domain":"2mdn.net"},{"applied_policy":"OptOut","domain":"img-s-msn-com.akamaized.net"},{"applied_policy":"OptOut","domain":"azurewebsites.net"},{"applied_policy":"OptOut","domain":"bing-exp.*"},{"applied_policy":"OptOut","domain":"bing.com"},{"applied_policy":"OptOut","domain":"www.caisse-epargne.fr"},{"applied_policy":"OptOut","domain":"codepen.io"},{"applied_policy":"OptOut","domain":"create.microsoft.com"},{"applied_policy":"OptOut","domain":"defenderrazor.com"},{"applied_policy":"OptOut","domain":"designer.microsoft.com"},{"applied_policy":"OptOut","domain":"dongardner.com"},{"applied_policy":"OptOut","domain":"duckduckgo.com"},{"applied_policy":"OptOut","domain":"facebook.com"},{"applied_policy":"OptOut","domain":"free-freecell-solitaire.com"},{"applied_policy":"OptOut","domain":"google.*"},{"applied_policy":"OptOut","domain":"googlesyndication.com"},{"applied_policy":"OptOut","domain":"igo-werbeartikel.*"},{"applied_policy":"OptOut","domain":"igo-objetspub.*"},{"applied_policy":"OptOut","domain":"igoprofil.*"},{"applied_policy":"OptOut","domain":"igopromo.*"},{"applied_policy":"OptOut","domain":"instagram.com"},{"applied_policy":"OptOut","domain":"linkedin.*"},{"applied_policy":"OptOut","domain":"live.com"},{"applied_policy":"OptOut","domain":"mapquest.*"},{"applied_policy":"OptOut","domain":"netflix.*"},{"applied_policy":"OptOut","domain":"office.com"},{"applied_policy":"OptOut","domain":"officeapps.live.com"},{"applied_policy":"OptOut","domain":"openrailwaymap.org"},{"applied_policy":"OptOut","domain":"outbrainimg.com"},{"applied_policy":"OptOut","domain":"pexels.com"},{"applied_policy":"OptOut","domain":"search.naver.com"},{"applied_policy":"OptOut","domain":"search.yahoo.com"},{"applied_policy":"OptOut","domain":"sharepoint.com"},{"applied_policy":"OptOut","domain":"skovik.com"},{"applied_policy":"OptOut","domain":"staging-bing-int.*"},{"applied_policy":"OptOut","domain":"storage.live.com"},{"applied_policy":"OptOut","domain":"svc.ms"},{"applied_policy":"OptOut","domain":"sygic.*"},{"applied_policy":"OptOut","domain":"techcommunity.microsoft.com"},{"applied_policy":"OptOut","domain":"tiktok.com"},{"applied_policy":"OptOut","domain":"twitter.com"},{"applied_policy":"OptOut","domain":"web.whatsapp.com"},{"applied_pol equals www.youtube.com (Youtube)
Source: msedgewebview2.exe, 00000047.00000002.4140402485.00007CB60038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: |X-Omnibox-On-Device-SuggestionsX-GoogApps-Allowed-Domainsharrenmedianetwork.com/zetaemailsolutions.com/martinimedianetwork.com/vanarsdel.msedgedemo.example/maxpointinteractive.com/complexmedianetwork.com/evolvemediametrics.com/coxdigitalsolutions.com/marketingsolutions.yahoo.com/multiplestreammktg.com/sensisdigitalmedia.com.au/yandex.ru/portal/set/anygame-advertising-online.com/stargamesaffiliate.com/inflectionpointmedia.com/tracking.friends2follow.com/www.geniegroupltd.co.ukmaillist-manage.com.au/warumbistdusoarm.space/webmessenger.yahoo.com/legalredirect.yahoo.com/cryptominer.msedgedemo.example/worldwidetelescope.org/salesforceliveagent.com/visualwebsiteoptimizer.com/webtrackingservices.com/graphenedigitalanalytics.in/antifraudjs.friends2follow.com/ =: equals www.yahoo.com (Yahoo)
Source: global trafficDNS traffic detected: DNS query: www.microsoft365.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: outlook.office.com
Source: global trafficDNS traffic detected: DNS query: portal.office.com
Source: global trafficDNS traffic detected: DNS query: substrate.office.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: otelrules.svc.static.microsoft
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Access-Control-Allow-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigrated,DDD-TMPL-Removed,deviceFeatures,Server-Timing,DDD-LocationAssignedAccess-Control-Expose-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigrated,DDD-TMPL-Removed,deviceFeatures,Server-Timing,DDD-LocationAssignedDDD-AuthenticatedWithJwtFlow: FalseDDD-UserType: AnonymousMuidDDD-StrategyExecutionLatency: 00:00:00.0018665,00:00:00.0020520DDD-ActivityId: cbc82ba6-5e3d-49c3-9ad4-1672f1d4464dDDD-TMPL-Removed: FalseDDD-DebugId: cbc82ba6-5e3d-49c3-9ad4-1672f1d4464d|2025-03-10T06:53:44.9749033Z|fabric_msn|NEU-A|News_1077DDD-Auth-Features: AT:NA;DID:m-004ABE65C0E662FD0B62AB35C1E763F0;IT:App;MuidStateOrigin:MuidFromCookieOneWebServiceLatency: 4X-MSEdge-ResponseInfo: 4Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAX-Ceto-ref: 67ce8c7898164cedbc465fe21be2cb1a|AFD:67ce8c7898164cedbc465fe21be2cb1a|2025-03-10T06:53:44.966ZX-MSEdge-Ref: Ref A: 710F553398F1445C879AD57EA38BC824 Ref B: FRA31EDGE0510 Ref C: 2025-03-10T06:53:44ZExpires: Mon, 10 Mar 2025 06:53:44 GMTDate: Mon, 10 Mar 2025 06:53:44 GMTContent-Length: 88Connection: closeSet-Cookie: _C_ETH=1; expires=Sun, 09 Mar 2025 06:53:44 GMT; domain=.msn.com; path=/; secure; httponlySet-Cookie: _C_Auth=Set-Cookie: _EDGE_S=SID=0F24B805FD966FE5003AADAEFC816E38; domain=.msn.com; path=/; httponlyAlt-Svc: h3=":443"; ma=86400Akamai-Request-BC: [a=95.101.182.62,b=599879311,c=g,n=DE_NW_DUSSELDORF,o=20940],[a=204.79.197.203,c=o]Server-Timing: clientrtt; dur=119, clienttt; dur=37, origin; dur=36, cdntime; dur=1, wpo;dur=0,1s;dur=0Akama
Source: msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://169.254.169.254/metadata/instance/compute/location
Source: msedgewebview2.exe, 00000043.00000002.4316614226.0000194400C64000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452
Source: msedgewebview2.exe, 00000043.00000002.4316614226.0000194400C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452http://anglebug.com/3246
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152Allow
Source: msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152lose_context_on_out_of_memoryhttp://anglebug.com/3682http://anglebug.com/472
Source: msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000003.3440846938.00003EE80035B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246
Source: msedgewebview2.exe, 00000043.00000002.4217702458.0000194400364000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682
Source: msedgewebview2.exe, 00000043.00000002.4217702458.0000194400364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682http://crbug.com/941620
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000003.3440846938.00003EE800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722http://anglebug.com/5658
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000003.3440846938.00003EE800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007disable_anisotropic_filteringAllow
Source: msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000003.3440846938.00003EE800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000003.3440846938.00003EE800358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750Allow
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041https://crbug.com/650547ownhttps://crbug.com/6555343http://anglebug.com/3682
Source: msedgewebview2.exe, 00000043.00000003.3510784388.0000194400EEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3566548723.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834827422.00007CB60068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3956549593.00007CB600350000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3478253272.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4133993083.00007CB6002BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3825492658.00007CB600924000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834218674.00007CB6007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: msedgewebview2.exe, 00000043.00000003.3510784388.0000194400EEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4161566995.00007CB6008DC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3566548723.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4124852417.00007CB600237000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834827422.00007CB60068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3956549593.00007CB600350000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3478253272.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3825492658.00007CB600924000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834218674.00007CB6007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751
Source: msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751https://crbug.com/655534forceRobustResourceInitforceInitShaderVariableshttp:
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751sincognito_content_settingsmX
Source: msedgewebview2.exe, 00000043.00000002.4217702458.0000194400364000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
Source: WebViewHost.exe, 00000042.00000002.4117748551.00000164DFF70000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4151104507.000001F96BDAF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl1.ame.gbl/aia/AMERoot_ameroot.crt0
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl1.ame.gbl/crl/ameroot.crl
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl2.ame.gbl/aia/AMERoot_ameroot.crt07
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl2.ame.gbl/crl/ameroot.crl
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.ame.gbl/aia/AMERoot_ameroot.crt07
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl3.ame.gbl/crl/ameroot.crl
Source: msedgewebview2.exe, 00000043.00000003.3510784388.0000194400EEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3566548723.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834827422.00007CB60068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3956549593.00007CB600350000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3478253272.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4133993083.00007CB6002BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3825492658.00007CB600924000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834218674.00007CB6007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: msedgewebview2.exe, 00000043.00000003.3510784388.0000194400EEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4161566995.00007CB6008DC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3566548723.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4124852417.00007CB600237000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834827422.00007CB60068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3956549593.00007CB600350000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3478253272.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3825492658.00007CB600924000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834218674.00007CB6007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
Source: msedgewebview2.exe, 00000043.00000003.3510784388.0000194400EEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3566548723.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834827422.00007CB60068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3956549593.00007CB600350000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3478253272.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4133993083.00007CB6002BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3825492658.00007CB600924000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834218674.00007CB6007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: msedgewebview2.exe, 00000043.00000003.3510784388.0000194400EEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4161566995.00007CB6008DC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3566548723.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4124852417.00007CB600237000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834827422.00007CB60068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3956549593.00007CB600350000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3478253272.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3825492658.00007CB600924000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834218674.00007CB6007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0~
Source: msedgewebview2.exe, 00000043.00000003.3602477016.000001F96BD90000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4125611125.000001F969E2B000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3608957956.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4161566995.00007CB6008DC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4140402485.00007CB60038C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4133993083.00007CB6002BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4137224551.00007CB600324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://e5.i.lencr.org/0A
Source: msedgewebview2.exe, 00000043.00000002.4193456471.000001F971C02000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4152923111.000001F96BDD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lencr.org
Source: msedgewebview2.exe, 00000043.00000002.4174225488.000001F96F065000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4143096950.000001F96BD28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQeEcDJrP2kU%2B9LL2pzIRVgTVStuQQUmc0pw6FYJq96ekyE
Source: msedgewebview2.exe, 00000043.00000003.3602477016.000001F96BD90000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4125611125.000001F969E2B000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3608957956.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4161566995.00007CB6008DC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4140402485.00007CB60038C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4133993083.00007CB6002BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4137224551.00007CB600324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lencr.org0
Source: msedgewebview2.exe, 00000043.00000002.4130133100.000001F969E65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e5.o.lencr.org1.3.6.1.5.5.7.48.2http://e5.i.lencr.org/
Source: msedgewebview2.exe, 00000049.00000003.3633754013.00007BA4012EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fb.me/use-check-prop-types
Source: msedgewebview2.exe, 00000043.00000002.4214120376.0000194400317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://login.microsoftonline.com/
Source: msedgewebview2.exe, 00000043.00000003.3437019239.00001944007E6000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3437019239.00001944007EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://microsoft365.com/pwa
Source: msedgewebview2.exe, 00000047.00000002.4128526112.00007CB600260000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://msedge.b
Source: msedgewebview2.exe, 00000043.00000003.3510784388.0000194400EEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3566548723.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834827422.00007CB60068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3956549593.00007CB600350000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3478253272.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4133993083.00007CB6002BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3825492658.00007CB600924000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834218674.00007CB6007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: msedgewebview2.exe, 00000043.00000003.3510784388.0000194400EEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4161566995.00007CB6008DC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3566548723.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4124852417.00007CB600237000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834827422.00007CB60068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3956549593.00007CB600350000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3478253272.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3825492658.00007CB600924000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834218674.00007CB6007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: msedgewebview2.exe, 00000043.00000003.3587791964.000001F96F066000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3581061002.000001F96F063000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertGlobalRootCA.crt
Source: msedgewebview2.exe, 00000043.00000003.3587791964.000001F96F066000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3581061002.000001F96F063000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4174225488.000001F96F065000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootCA.crlhttp://crl4.digicert.com/Di
Source: msedgewebview2.exe, 00000043.00000002.4214120376.0000194400317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocws.officeapps.live.com/
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/https://permanently-removed.invalid/internal-nacl-pluginmhjfbmdgc
Source: msedgewebview2.exe, 00000043.00000002.4298356762.0000194400B64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/safebrowsing/clientreport/chrome-certs
Source: msedgewebview2.exe, 00000049.00000003.3636265406.00007BA401368000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://react-dnd.github.io/react-dnd/docs/api/drop-target-monitor
Source: msedgewebview2.exe, 00000043.00000003.3510784388.0000194400EEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4161566995.00007CB6008DC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3566548723.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4124852417.00007CB600237000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834827422.00007CB60068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3956549593.00007CB600350000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3478253272.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3825492658.00007CB600924000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3834218674.00007CB6007DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: History.74.drString found in binary or memory: http://www.gmail.com/Gmail
Source: History.74.drString found in binary or memory: http://www.gmail.com/Gmail/
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmp, f492136216_mpengine_dllString found in binary or memory: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmp, f492136216_mpengine_dllString found in binary or memory: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=webMicrosoft
Source: msedgewebview2.exe, 00000043.00000002.4193456471.000001F971C02000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4152923111.000001F96BDD0000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4180738031.000001F970E7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/
Source: msedgewebview2.exe, 00000043.00000002.4128276556.000001F969E4E000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3608957956.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4140402485.00007CB60038C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4133993083.00007CB6002BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4137224551.00007CB600324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: msedgewebview2.exe, 00000043.00000002.4172646934.000001F96F039000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/
Source: msedgewebview2.exe, 00000043.00000002.4128276556.000001F969E4E000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3608957956.00007CB6008F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4140402485.00007CB60038C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4133993083.00007CB6002BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4137224551.00007CB600324000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: msedgewebview2.exe, 00000043.00000002.4217702458.0000194400350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://M365CDN.ne
Source: msedgewebview2.exe, 00000043.00000002.4217702458.0000194400350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://M365CDN.neasur
Source: msedgewebview2.exe, 00000047.00000002.4143273865.00007CB6003C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://M365CDN.nel.m
Source: msedgewebview2.exe, 00000049.00000002.4464903821.00007BA400328000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DU
Source: msedgewebview2.exe, 00000049.00000002.4464903821.00007BA400328000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=NE
Source: msedgewebview2.exe, 00000043.00000002.4230216905.0000194400640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.box.com/api/oauth2/authorize
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: msedgewebview2.exe, 00000043.00000002.4210017415.00001944002D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4462233367.00007BA40029C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: msedgewebview2.exe, 00000049.00000002.4462233367.00007BA40029C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGeteb
Source: History.74.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://mail.google.com/mail/u/0/&emr=1&follow
Source: History.74.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=mail&passive=1209600&osid=1&continue=https://mail.g
Source: History.74.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fmail.google.com%2Fmail%2Fu%2
Source: msedgewebview2.exe, 00000049.00000003.3772813196.00003E7000AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/griffel-css-shorthands
Source: msedgewebview2.exe, 00000049.00000003.3749863643.00003E70009DE000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3793642549.00003E70009D7000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/msaljs/optional-claims
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://alekberg.net/privacy
Source: msedgewebview2.exe, 00000043.00000002.4230216905.0000194400640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.box.com/oauth2/token
Source: msedgewebview2.exe, 00000043.00000002.4230216905.0000194400640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.box.com/oauth2/tokenhttps://account.box.com/api/oauth2/authorizehttps://permanently-remo
Source: msedgewebview2.exe, 00000049.00000003.3612903991.00007BA400FA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.powerplatform.com/.default
Source: msedgewebview2.exe, 00000049.00000003.3612903991.00007BA400FA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.preprod.powerplatform.com/.default
Source: msedgewebview2.exe, 00000049.00000003.3749863643.00003E70009E9000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3793642549.00003E70009D7000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.htm
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://azureedge.net/
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000DC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bit.ly/3cXEKWf
Source: msedgewebview2.exe, 00000043.00000002.4198398302.0000194400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://box.com
Source: msedgewebview2.exe, 00000043.00000002.4198398302.0000194400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://box.comP
Source: msedgewebview2.exe, 00000049.00000003.3615714786.00007BA401254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ccm.mobile.m365.svc.cloud.microsoft
Source: msedgewebview2.exe, 00000049.00000003.3510778794.00007BA401518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ccm.mobile.m365.svc.cloud.microsoftx
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.config.centro.core.microsoft/uxversion
Source: msedgewebview2.exe, 00000047.00000002.4146478041.00007CB60060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com
Source: msedgewebview2.exe, 00000047.00000002.4146478041.00007CB60060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com%
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4278446650.00001944009F0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
Source: msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F28
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstorekgejglhpjiefppelpmljglcjbhoiplfnuser_experience_metrics.reporting_
Source: msedgewebview2.exe, 00000043.00000003.3409572317.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3436675757.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3430227896.00001944003CA000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3437396685.00001944003C9000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: msedgewebview2.exe, 00000043.00000003.3409572317.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3436675757.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3430227896.00001944003CA000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3437396685.00001944003C9000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/recordhttps://permanently-removed.invalid/devicemanagem
Source: msedgewebview2.exe, 00000043.00000002.4315295595.0000194400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium.dns.nextdns.io
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients.config.gcc.office.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients.config.office.net
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4461069245.00007BA400270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: msedgewebview2.exe, 00000049.00000003.3536712801.00007BA4008A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://collectionsshare.edgebrowser.microsoft-falcon.io/
Source: msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://collectionsshare.edgebrowser.microsoft-staging-falcon.io/
Source: msedgewebview2.exe, 00000043.00000002.4245651910.000019440075C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://collectionsshare.edgebrowser.microsoft-testing-falcon.io/
Source: msedgewebview2.exe, 00000043.00000002.4216181484.0000194400334000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/Edge/100.0.1185.36?clientId=-6960702910376187098&agents=Edge
Source: msedgewebview2.exe, 00000049.00000003.3615714786.00007BA401254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://copilot.cloud-dev.microsoft
Source: msedgewebview2.exe, 00000049.00000003.3510778794.00007BA401518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://copilot.cloud-dev.microsoftp
Source: msedgewebview2.exe, 00000049.00000003.3615714786.00007BA401254000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://copilot.cloud.microsoft
Source: msedgewebview2.exe, 00000043.00000002.4210017415.00001944002F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4316614226.0000194400C64000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
Source: msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024force_atomic_value_resolutionemulate_tiny_stencil_texturesselect_view_in_geo
Source: msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024pskip_vs_constant_register_zeroselect_view_in_geometry_shaderrewrite_unary_m
Source: msedgewebview2.exe, 00000043.00000002.4316614226.0000194400C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024skip_vs_constant_register_zero
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547ruleset_version
Source: msedgewebview2.exe, 00000043.00000002.4256020501.0000194400858000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
Source: msedgewebview2.exe, 00000043.00000002.4256020501.0000194400858000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534incognito_content_settingssregular_only_preferencesfileSystem
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000048.00000002.4110989619.000056E200244000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000054.00000002.4004493525.0000145000254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-dogfood.azurewebsites.net/
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-dogfood.azurewebsites.net/https://designerapp-int.azurewebsites.net/
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000048.00000002.4110989619.000056E200244000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000054.00000002.4004493525.0000145000254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-int.azurewebsites.net/
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000048.00000002.4110989619.000056E200244000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000054.00000002.4004493525.0000145000254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-int.azurewebsites.net/https://designerapp-dogfood.azurewebsites.net/https://desi
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000046.00000002.4153569714.00003EE800238000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000048.00000002.4110989619.000056E200244000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000054.00000002.4004493525.0000145000254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/es.net/
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/https://designerapp-dogfood.azurewebsites.net/https://designer
Source: msedgewebview2.exe, 00000049.00000003.3612903991.00007BA400FA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerappservice.officeapps.live.com/designerappservice.all
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://devappglobal.blob.core.windows.net/images/1fae1e74-c74e-41ba-875e-804783f8170a/color/5077ec3
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://devappglobal.blob.core.windows.net/images/1fae1e74-c74e-41ba-875e-804783f8170a/outline/8f7c1
Source: WebViewHost.exe, 00000042.00000003.3436305180.0000038400308000.00000004.00000800.00020000.00000000.sdmp, WebViewHost.exe, 00000042.00000002.4125258941.00000164DFFC8000.00000004.00000020.00020000.00000000.sdmp, WebViewHost.exe, 00000042.00000003.3436305180.00000384002F8000.00000004.00000800.00020000.00000000.sdmp, WebViewHost.exe, 00000042.00000003.3394952722.00000164DFF95000.00000004.00000020.00020000.00000000.sdmp, WebViewHost.exe, 00000042.00000003.3436672188.0000038400308000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3440005297.00001944009A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3436874755.0000194400F00000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3643496345.00003E7000682000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3450506531.00007BA400A78000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3451322756.00007BA400A68000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3686837358.00003E7000502000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://devdiv.visualstudio.com/DevDiv/_git/VS?path=%2Fsrc%2Fbptoob%2FScriptedHost%2FScripts%2F1.8%2
Source: WebViewHost.exe, 00000042.00000003.3436305180.0000038400308000.00000004.00000800.00020000.00000000.sdmp, WebViewHost.exe, 00000042.00000002.4125258941.00000164DFFC8000.00000004.00000020.00020000.00000000.sdmp, WebViewHost.exe, 00000042.00000003.3394856736.00000164DFF85000.00000004.00000020.00020000.00000000.sdmp, WebViewHost.exe, 00000042.00000003.3436305180.00000384002F8000.00000004.00000800.00020000.00000000.sdmp, WebViewHost.exe, 00000042.00000003.3394952722.00000164DFF95000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3440005297.00001944009A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3451322756.00007BA400A6C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3643496345.00003E7000682000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3450506531.00007BA400A78000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3686837358.00003E7000502000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Manifest
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: msedgewebview2.exe, 00000047.00000002.4139533713.00007CB60035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: msedgewebview2.exe, 00000047.00000002.4139533713.00007CB60035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacyquery
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.google/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.sb/privacy/
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.switch.ch/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.switch.ch/dns-queryhttps://dns.quad9.net/dns-queryhttps://chromium.dns.nextdns.iohttps:/
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns64.dns.google/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4139533713.00007CB60035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: msedgewebview2.exe, 00000047.00000002.4139533713.00007CB60035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: msedgewebview2.exe, 00000047.00000002.4139533713.00007CB60035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cox.net/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4139533713.00007CB60035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.quickline.ch/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.xfinity.com/dns-query
Source: msedgewebview2.exe, 00000047.00000002.4133174362.00007CB6002AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net/api/report?TenantId=Edge&DestinationEndpoint=MIRA-SIP-FR4&FrontEn
Source: msedgewebview2.exe, 00000049.00000003.3635462878.00007BA401350000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.c
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/fluentui/wiki/Using-icons
Source: msedgewebview2.exe, 00000049.00000003.3772813196.00003E7000AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/griffel/issues
Source: msedgewebview2.exe, 00000049.00000003.3633470833.00007BA40128E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: msedgewebview2.exe, 00000049.00000003.3408159041.00007BA4006C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3430204009.00007BA4003AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3408374956.00007BA4006C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
Source: msedgewebview2.exe, 00000049.00000003.3408159041.00007BA4006C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3408374956.00007BA4006C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarshark.azurewebsites.net
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarshark.azurewebsites.net/
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarshark.azurewebsites.net/debug
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarshark.azurewebsites.net/debugnc
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarshark.azurewebsites.net/launchcontent
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarshark.azurewebsites.net/launchcontentch
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarshark.azurewebsites.net/module
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarshark.azurewebsites.net/o
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarshark.azurewebsites.nete
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarsshark.azurewebsites.net
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jaguarsshark.azurewebsites.nete
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://localcdn.centro-dev.com:5555
Source: msedgewebview2.exe, 00000049.00000003.3749863643.00003E70009DE000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3793642549.00003E70009D7000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.chinacloudapi.cn
Source: msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.chinacloudapi.cn/
Source: msedgewebview2.exe, 00000043.00000002.4286468376.0000194400AB0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4196364173.000001F971C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: msedgewebview2.exe, 00000047.00000002.4140402485.00007CB60038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
Source: msedgewebview2.exe, 00000043.00000002.4196364173.000001F971C23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/APPDATA=C:
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/Me.srf?wa=wsignin1.0&idpflag=indirect&id=12&wreply=
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/forgetuser
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E70002CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common
Source: msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/
Source: msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/forgetuser
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/logout.srf
Source: msedgewebview2.exe, 00000049.00000003.3596717106.00007BA400A14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/logout.srfx30
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/savedusers?wreply=
Source: msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de
Source: msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us
Source: msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/
Source: msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.partner.microsoftonline.cn/
Source: msedgewebview2.exe, 00000049.00000003.3749863643.00003E70009DE000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3793642549.00003E70009D7000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net
Source: msedgewebview2.exe, 00000049.00000003.3772768377.00003E7000582000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3575240246.00007BA4009D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4412469708.00003E70002CA000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4454013703.00003E7000EC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local
Source: WebViewHost.exe, 00000042.00000002.4120861019.00000164DFF97000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4131375593.000001F969E8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local/
Source: msedgewebview2.exe, 00000043.00000002.4180155731.000001F970E66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net
Source: msedgewebview2.exe, 00000043.00000002.4180155731.000001F970E66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
Source: msedgewebview2.exe, 00000049.00000003.3510778794.00007BA401518000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000312000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m365.cloud.microsoft
Source: msedgewebview2.exe, 00000049.00000003.3510778794.00007BA401518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m365.cloud.microsoftx
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB600230000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DU
Source: msedgewebview2.exe, 00000047.00000002.4142160950.00007CB6003B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=NE
Source: History.74.drString found in binary or memory: https://mail.google.com/mail/u/0/Gmail
Source: History.74.drString found in binary or memory: https://mail.google.com/mail/u/0/Gmail/
Source: WebViewHost.exe, 00000042.00000002.4131174126.0000038400254000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3408910312.0000194400DBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3400774684.0000194400DB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4321742429.0000194400DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoft.microsoftofficehub/
Source: msedgewebview2.exe, 00000047.00000002.4142160950.00007CB6003B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoft365.com
Source: msedgewebview2.exe, 00000043.00000002.4321742429.0000194400DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoft365.com/
Source: msedgewebview2.exe, 00000043.00000002.4321742429.0000194400DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoft365.com/0
Source: msedgewebview2.exe, 00000043.00000002.4315295595.0000194400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoft365.com/0f
Source: msedgewebview2.exe, 00000043.00000002.4308313748.0000194400BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoft365.com/Mozilla/5.0
Source: msedgewebview2.exe, 00000043.00000002.4321742429.0000194400DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoft365.com/ndows/newsbar
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4240821390.0000194400708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoft365.com/om/
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoft365.com/om/ebToCnc01wPyfi04wyV0Tg==able
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nextdns.io/privacy
Source: msedgewebview2.exe, 00000043.00000002.4253395108.0000194400838000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4474765260.00007BA4008C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4462233367.00007BA40029C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.cn/
Source: msedgewebview2.exe, 00000043.00000002.4253395108.0000194400838000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4204364356.0000194400284000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4474765260.00007BA4008C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4462233367.00007BA40029C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/
Source: msedgewebview2.exe, 00000049.00000003.3536712801.00007BA400898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.www.office.com/
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://odvr.nic.cz/doh
Source: msedgewebview2.exe, 00000049.00000003.3625671180.00007BA400A2C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3636265406.00007BA401368000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3776343286.00007BA400A2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.visualstudio.com/OC/_git/M365AdminUX?path=%2Fmodules%2Fhvc-loader
Source: msedgewebview2.exe, 00000049.00000003.3625671180.00007BA400A2C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3636265406.00007BA401368000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3776343286.00007BA400A2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.visualstudio.com/OC/_workitems/edit/2364251
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officehome.cdn.office.net/officestartbundles/park-bundle-icon-48-blue-background.png
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officehome.cdn.office.net/officestartbundles/park-bundle-icon-48-blue-background.pngp
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officehome.cdn.office.net/officestartbundles/park-bundle-icon-48-blue-background.pngpi
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officehome.cdn.office.net/officestartbundles/park-bundle-icon-96-blue-background.png
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officehome.cdn.office.net/officestartbundles/park-bundle-icon-96-blue-background.png6
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officehome.cdn.office.net/officestartbundles/park-bundle-icon-96-blue-background.png65
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/browser?app=MetaOS&fileBrowser=
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook-1.cdn.office.net/yammer/20211004001.2745867/images/YammerLogo-dccc609aadb29dbd2a112a
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook-sdf.office.com
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook-sdf.office.com/hosted/calendar/prepare?&cspoff&features=prepare-hubEnabled
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook-sdf.office.com/tasks?app&branch=anvm-metaos-auth
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/actionsb2netcore
Source: msedgewebview2.exe, 00000049.00000003.3594577454.00007BA400B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/actionsb2netcoreX
Source: msedgewebview2.exe, 00000049.00000003.3510778794.00007BA401518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/h
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/hosted/semanticoverview
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/hosted/semanticoverview?hostApp=hub&isanonymous=true&features=immersive-b
Source: msedgewebview2.exe, 00000049.00000003.3609021863.00007BA40078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/semanticoverview/m365ChatSSO
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office365.com/connectors
Source: msedgewebview2.exe, 00000049.00000003.3594577454.00007BA400B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office365.com/connectorsH
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ow2.res.office365.com/todo/358299_2.43.2/icons/logo.png
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ow2.res.office365.com/todo/362889_2.44/favicon.ico
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ow2.res.office365.com/todo/362889_2.44/favicon.icot
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ow2.res.office365.com/todo/362889_2.44/favicon.icoteC
Source: msedgewebview2.exe, 00000047.00000002.4146478041.00007CB60060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AuthSubRevokeToken
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ClientLogin
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo
Source: msedgewebview2.exe, 00000043.00000002.4237454661.00001944006D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo?source=ChromiumBrowser
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3409572317.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3437396685.00001944003D4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3436675757.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4222933219.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003CE000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetUserInfo
Source: msedgewebview2.exe, 00000043.00000003.3409572317.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetUserInfo0K
Source: msedgewebview2.exe, 00000043.00000002.4308313748.0000194400BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ListAccounts?json=standard
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
Source: msedgewebview2.exe, 00000043.00000002.4325191434.0000194400E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout?source=ChromiumBrowser&continue=https://permanently-remov
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4315295595.0000194400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
Source: msedgewebview2.exe, 00000043.00000002.4315295595.0000194400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSessionhttps://permanently-removed.invalid/reauth/v1beta/us
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthGetAccessToken
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3409572317.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3437396685.00001944003D4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3436675757.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4222933219.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003CE000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
Source: msedgewebview2.exe, 00000043.00000002.4308313748.0000194400BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
Source: msedgewebview2.exe, 00000043.00000003.3409572317.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3437396685.00001944003D4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3436675757.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4222933219.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003CE000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLoginhX=D
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthWrapBridge
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ServiceLogin
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ServiceLoginAuth
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ServiceLoginhttps://permanently-removed.invalid/ServiceLoginAuth
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/TokenAuth
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.htmlhttps://permanently-removed.invalid/MergeSessio
Source: msedgewebview2.exe, 00000043.00000003.3409572317.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3436675757.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3430227896.00001944003CA000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3437396685.00001944003C9000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/devicemanagement/data/api
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/reauth/chromeos
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/chrome/usermenu
Source: msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/chrome/usermenuhttps://permanently-removed.invali
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignin/chromeos
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignup/chromeos
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/v2/chromeos
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/v2/chromeosukm.mojom.UkmRecorderInterface
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/windows
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/windowshttps://permanently-removed.invalid/embedd
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/xreauth/chrome
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop
Source: msedgewebview2.exe, 00000049.00000002.4462948927.00007BA4002BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/https://permanently-removed.invalid/
Source: msedgewebview2.exe, 00000043.00000002.4219283995.0000194400370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/https://permanently-removed.invalid/https://permanently-removed.
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth/GetOAuthToken/
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth/GetOAuthToken/https://permanently-removed.invalid/GetChe
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/auth
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4240821390.0000194400708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4247307719.000019440077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4240821390.0000194400708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
Source: msedgewebview2.exe, 00000043.00000002.4240821390.0000194400708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/tokenD
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4315295595.0000194400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
Source: msedgewebview2.exe, 00000043.00000002.4230216905.0000194400640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/safebrowsing/uploads/scan
Source: msedgewebview2.exe, 00000043.00000002.4230216905.0000194400640000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/safebrowsing/uploads/scanenterprise_connectors.file_system.box.f
Source: msedgewebview2.exe, 00000043.00000002.4199384956.000019440024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4460143881.00007BA400248000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/signin/chrome/sync?ssp=1
Source: msedgewebview2.exe, 00000043.00000003.3437396685.00001944003CE000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3430227896.00001944003D2000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3409572317.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3436675757.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4230216905.0000194400640000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4222933219.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003CE000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/events
Source: msedgewebview2.exe, 00000043.00000002.4222933219.00001944003CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/eventsP9
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
Source: msedgewebview2.exe, 00000043.00000002.4221343119.000019440039C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetokenhttps://permanently-removed.invalid/reauth/v1beta/u
Source: msedgewebview2.exe, 00000043.00000002.4237454661.00001944006D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1:GetHints
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://portal.office.com/EditProfile15.aspx?ServiceID=LanguageItem
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://portal.office.com/account?username=
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://products.office.com/en-us/sharepoint/collaboration
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
Source: msedgewebview2.exe, 00000049.00000003.3633754013.00007BA4012EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: msedgewebview2.exe, 00000049.00000003.3636265406.00007BA401368000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/re
Source: msedgewebview2.exe, 00000049.00000003.3633754013.00007BA4012EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/Errors?code=
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1-cdn.azureedge.eaglex.ic.gov
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1-cdn.azureedge.microsoft.scloud
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1-dod.cdn.office.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1-gcch.cdn.office.net
Source: msedgewebview2.exe, 00000049.00000002.4472228379.00007BA4006FC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net
Source: msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net"
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/leelawadeeui-thai/leela
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-arabic/segoeui-
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-armenian/segoeu
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-cyrillic/segoeu
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-easteuropean/se
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-georgian/segoeu
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-greek/segoeui-b
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-greek/segoeui-l
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-greek/segoeui-r
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-greek/segoeui-s
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-hebrew/segoeui-
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-vietnamese/sego
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/segoeui-westeuropean/se
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/selawik/selawik-bold.wo
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/selawik/selawik-light.w
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/selawik/selawik-regular
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/selawik/selawik-semibol
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20230815.002/assets/fonts/selawik/selawik-semilig
Source: msedgewebview2.exe, 00000049.00000002.4422328975.00003E7000442000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3638995582.00007BA400B4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/files/fabric-cdn-prod_20241029.001/assets/item-types/
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/officehub/versionless/preinstalledapps/apps_512x512.png
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/officehub/versionless/preinstalledapps/apps_512x512.pnge
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/officehub/versionless/preinstalledapps/apps_512x512.pngel
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-1.cdn.office.net/shellux/onedrive_24x.48ff325b96939ffeb92ab7ba4dc237d1.svg
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-2-dev.cdn.officeppe.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-2-dod.cdn.office.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-2-gcch.cdn.office.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-2-h3.public.cdn.office.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-2-h3.sdf.cdn.office.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-3.cdn.partner.office365.cn
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-4.cdn.partner.office365.cn
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-cn.cdn.partner.office365.cn
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-dev.cdn.officeppe.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-dod.cdn.office.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-gcc.cdn.office.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res-gcch.cdn.office.net
Source: msedgewebview2.exe, 00000047.00000002.4140402485.00007CB60038C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/files/fabric-cdn-prod_20241209.001
Source: msedgewebview2.exe, 00000049.00000003.3615634403.00007BA401250000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/midgard/versionless/officestarthtml/notice-0c1531089696de7b1258e2eaeb2ca5
Source: msedgewebview2.exe, 00000049.00000002.4471256405.00007BA400680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-a79fa4a4c2580f67e6a9.js
Source: msedgewebview2.exe, 00000049.00000002.4477499658.00007BA400934000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4471256405.00007BA400680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-5f15b4fd4a.css
Source: msedgewebview2.exe, 00000049.00000002.4477499658.00007BA400934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-5f15b4fd4a.cssers.
Source: msedgewebview2.exe, 00000049.00000002.4471256405.00007BA400680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-5f15b4fd4a.cssise
Source: msedgewebview2.exe, 00000043.00000003.3521265685.0000194400CA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4122286469.00007CB600216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js
Source: msedgewebview2.exe, 00000049.00000002.4471256405.00007BA400680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js2c4c9a51f.js
Source: msedgewebview2.exe, 00000049.00000002.4470039316.00007BA400614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/calendardefaultstates-sprite-ee77e113cd.p
Source: msedgewebview2.exe, 00000047.00000002.4122286469.00007CB600216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4471714077.00007BA4006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/document-sprite-f8cd18cf2a.png
Source: msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/document-sprite-f8cd18cf2a.pngirective:
Source: msedgewebview2.exe, 00000047.00000002.4122286469.00007CB600216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4471714077.00007BA4006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/emptystate-sprite-general-236a6305cf.png
Source: msedgewebview2.exe, 00000049.00000002.4470039316.00007BA400614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/emptystate-sprite-general-darkmode-a7a65e
Source: msedgewebview2.exe, 00000047.00000002.4142160950.00007CB6003B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4477499658.00007BA400934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png
Source: msedgewebview2.exe, 00000049.00000002.4477499658.00007BA400934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png8d26
Source: msedgewebview2.exe, 00000043.00000002.4198398302.0000194400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.pngeration
Source: msedgewebview2.exe, 00000047.00000002.4130492175.00007CB60027C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.pngng
Source: msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.pngtive:
Source: msedgewebview2.exe, 00000049.00000002.4471714077.00007BA4006B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3590756070.00007BA400654000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4470039316.00007BA400614000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3931721600.00007BA400662000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/new-consumer-experience/empty-state-pinne
Source: msedgewebview2.exe, 00000049.00000002.4471714077.00007BA4006B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3590756070.00007BA400654000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4470039316.00007BA400614000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3931721600.00007BA400662000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/new-consumer-experience/empty-state-recen
Source: msedgewebview2.exe, 00000049.00000002.4471714077.00007BA4006B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3590756070.00007BA400654000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4470039316.00007BA400614000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3931721600.00007BA400662000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/new-consumer-experience/empty-state-share
Source: msedgewebview2.exe, 00000047.00000002.4122286469.00007CB600216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4471714077.00007BA4006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/no-filesystem-access-6f5752c4c1.png
Source: msedgewebview2.exe, 00000047.00000002.4122286469.00007CB600216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4471714077.00007BA4006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/onedrive-pwa-4db088f12c.png
Source: msedgewebview2.exe, 00000049.00000002.4465615839.00007BA40034C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/rocksteady-pwa-unauth-frame-893830f459.pn
Source: msedgewebview2.exe, 00000049.00000002.4477499658.00007BA400934000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png
Source: msedgewebview2.exe, 00000047.00000002.4142160950.00007CB6003B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png8
Source: msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.pnge:
Source: msedgewebview2.exe, 00000047.00000002.4122286469.00007CB600216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4471714077.00007BA4006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/welcome-sprite-79cda18828.png
Source: msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4471714077.00007BA4006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/zero-docs-sprite-14795e957f.png
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartbundles/main.98ea09751142c4c9a51f.js
Source: msedgewebview2.exe, 00000043.00000002.4313807834.0000194400C38000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000002.4122286469.00007CB600216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartbundles/main.f1158eacf5c5fcb05a81.css
Source: msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartbundles/main.f1158eacf5c5fcb05a81.cssjs
Source: msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartbundles/main.f1158eacf5c5fcb05a81.cssjs=
Source: msedgewebview2.exe, 00000047.00000002.4122286469.00007CB600216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartbundles/pwa-bootstrap.a613ee2e59792465e243.js
Source: msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartbundles/pwa-bootstrap.a613ee2e59792465e243.jspng
Source: msedgewebview2.exe, 00000047.00000002.4122286469.00007CB600216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartbundles/vendors.0e384386f12fe5e98a78.js
Source: msedgewebview2.exe, 00000049.00000002.4472791458.00007BA40076B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartbundles/vendors.0e384386f12fe5e98a78.js243.js
Source: msedgewebview2.exe, 00000049.00000003.3596717106.00007BA400A14000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestarthtml/OSPO/NOTICE-a0580b88479bc941f2526005a51282a0606
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartresources/copilot-m365-icon-color.svg
Source: msedgewebview2.exe, 00000049.00000003.3601964770.00007BA401526000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3510778794.00007BA401518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartresources/copilot-m365-icon-color.svg(
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3610365018.00007BA40063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartresources/copilot_24_light_and_dark.svg
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartresources/m365-copilot-new-logo.svg
Source: msedgewebview2.exe, 00000049.00000003.3601964770.00007BA401526000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3510778794.00007BA401518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartresources/m365-copilot-new-logo.svgP
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartresources/m365chat-icon-color.svg
Source: msedgewebview2.exe, 00000049.00000003.3601964770.00007BA401526000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3510778794.00007BA401518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartresources/m365chat-icon-color.svg0
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3610365018.00007BA40063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartresources/m365copilot-icon_light_and_dark.svg
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000312000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/officestartresources/monoline-icons/copilot.png
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.df.onecdn.static.microsoft
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.public.onecdn.static.microsoft
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000BC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://res.sdf.cdn.office.net
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scuprodprv.m365.cloud.microsoft/login?es=Click&ru=/
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scuprodprv.www.office.com/m365apps/07b75f22-72b5-4063-b7fc-0ed5ea8ff3ff/launchcontent?flight
Source: msedgewebview2.exe, 00000047.00000003.3437775747.00007CB6002E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3821959203.00007BA40077C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup?mkt=en-CH&uiflavor=app&lw=1&fl=easi2&client_id=514833
Source: msedgewebview2.exe, 00000049.00000003.3612903991.00007BA400FA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup?mkt=en-CH&uiflavor=app&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf8
Source: msedgewebview2.exe, 00000049.00000002.4470039316.00007BA400614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spoppe-b.azureedge.net
Source: msedgewebview2.exe, 00000049.00000002.4470039316.00007BA400614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spoppe-b.azureedge.net0
Source: msedgewebview2.exe, 00000049.00000002.4472331164.00007BA400704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spoppe-b.azureedge.net;
Source: msedgewebview2.exe, 00000047.00000003.3437138865.00007CB60076C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4472104706.00007BA4006EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spoppe-b.azureedge.net;connect-src
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static2.sharepointonline.com/files/fabric-cdn-prod_20200430.002/assets/brand-icons/product/p
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C02000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3609021863.00007BA40078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/search
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C02000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3609021863.00007BA40078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/search/api/v1/
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://substrate.office.com/sigsapi/v1.0/Me/Signals
Source: msedgewebview2.exe, 00000043.00000003.3436675757.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3430227896.00001944003CA000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: msedgewebview2.exe, 00000043.00000003.3436675757.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3430227896.00001944003CA000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flashhttps://support.google.com/chrome/answer/6258784
Source: msedgewebview2.exe, 00000043.00000003.3436675757.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3748016824.00001944003C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3430227896.00001944003CA000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3404244744.00001944003C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: msedgewebview2.exe, 00000043.00000003.3409176839.00001944007E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.zoom.us/hc/en-us/articles/201362593-launching-zoom-from-a-web-browser#h_745585b7-d29
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://teams.adatum.com/
Source: msedgewebview2.exe, 00000049.00000003.3687069395.00003E70009C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515
Source: msedgewebview2.exe, 00000043.00000002.4131375593.000001F969E8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us
Source: msedgewebview2.exe, 00000043.00000002.4135479502.000001F969ED4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.microsoft.usres1
Source: msedgewebview2.exe, 00000043.00000002.4131375593.000001F969E8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us
Source: msedgewebview2.exe, 00000043.00000002.4131375593.000001F969E8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us
Source: msedgewebview2.exe, 00000043.00000002.4135479502.000001F969ED4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates4.ss.wd.microsoft.ushttps://unitedstates2.ss.wd.microsoft.ushttps://unitedstates
Source: msedgewebview2.exe, 00000049.00000003.3493203183.00007BA400B0C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3609021863.00007BA40078C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://urlp-v2.asm.skype.com
Source: msedgewebview2.exe, 00000049.00000003.3612903991.00007BA400FA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://urlp-v2.asm.skype.com/
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://urlp.asm.skype.com/v1/url/content?url=
Source: msedgewebview2.exe, 00000049.00000003.3594577454.00007BA400B10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://urlp.asm.skype.com/v1/url/content?url=h
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://validurl.adatum.com
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://validurl2.adatum.com
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.yammer.com/teams
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.yammer.com/teams/feed?client=office
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.yammer.com/teamsM
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.yammer.com/teamsMs
Source: msedgewebview2.exe, 00000049.00000003.3536712801.00007BA4008B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.cn/
Source: msedgewebview2.exe, 00000049.00000003.3536712801.00007BA400898000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com/
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.apple.com/appleca/0
Source: msedgewebview2.exe, 00000047.00000002.4139533713.00007CB60035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.contoso.com
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.contososuites.com
Source: msedgewebview2.exe, 00000049.00000002.4422328975.00003E7000442000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3638995582.00007BA400B4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ftc.go.kr/bizCommPop.do?wrkr_no=1208105948
Source: msedgewebview2.exe, 00000049.00000003.3638995582.00007BA400B4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ftc.go.kr/bizCommPop.do?wrkr_no=12081059488
Source: msedgewebview2.exe, 00000048.00000002.4110433824.000056E20023C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4477499658.00007BA400934000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4470427605.00007BA40062C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com
Source: msedgewebview2.exe, 00000049.00000002.4470427605.00007BA40062C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com)#
Source: msedgewebview2.exe, 00000048.00000003.3444248187.000056E200364000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4465818620.00007BA400373000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4477499658.00007BA400934000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4465615839.00007BA40034C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4470427605.00007BA40062C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/
Source: msedgewebview2.exe, 00000043.00000002.4327979494.0000194400E38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/.com/
Source: msedgewebview2.exe, 00000043.00000003.3408910312.0000194400DBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4321742429.0000194400DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/om/
Source: msedgewebview2.exe, 00000049.00000002.4462233367.00007BA40029C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4471256405.00007BA400680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromise
Source: msedgewebview2.exe, 00000043.00000003.3444876537.0000194400F25000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3437019239.00001944007D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromise/
Source: msedgewebview2.exe, 00000043.00000002.4333602516.0000194400EC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromise65e243.js
Source: msedgewebview2.exe, 00000043.00000003.3616328840.00001944007E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromise8$~D
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromiseC:
Source: msedgewebview2.exe, 00000043.00000002.4210017415.00001944002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromiseD
Source: msedgewebview2.exe, 00000043.00000003.3445693769.00001944007D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromiseOffice
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromiseP
Source: msedgewebview2.exe, 00000043.00000002.4333602516.0000194400EC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromisecc:531
Source: msedgewebview2.exe, 00000043.00000002.4333602516.0000194400EC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromisedata
Source: WebViewHost.exe, 00000042.00000002.4132826644.000003840029C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromiseembedded_browser.
Source: msedgewebview2.exe, 00000043.00000002.4210017415.00001944002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromiseer
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromisehttps
Source: msedgewebview2.exe, 00000043.00000002.4333602516.0000194400EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4210017415.00001944002D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromisehttps://www.micro
Source: msedgewebview2.exe, 00000043.00000002.4233911202.000019440068C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromiseon
Source: msedgewebview2.exe, 00000043.00000002.4333602516.0000194400EC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromiseshttps://www.micr
Source: WebViewHost.exe, 00000042.00000002.4116290525.00000164DFF3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromisevider
Source: WebViewHost.exe, 00000042.00000002.4116290525.00000164DFF3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwa?version=18.2411.1163.0&capabilities=interopPromisey
Source: WebViewHost.exe, 00000042.00000002.4089828599.00000164DDA00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/pwaa
Source: msedgewebview2.exe, 00000047.00000002.4140402485.00007CB60038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com/reporting_endpoints
Source: msedgewebview2.exe, 00000043.00000002.4315295595.0000194400C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.com:443
Source: msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.comF30F2B96FD854A3045616A0ECCDAEFF41_
Source: WebViewHost.exe, 00000042.00000002.4089828599.00000164DDA00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.comRESP
Source: msedgewebview2.exe, 00000047.00000002.4133174362.00007CB6002AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.comedge
Source: msedgewebview2.exe, 00000049.00000002.4473267358.00007BA40082C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.comhmimeTypeitext/htmlmadFrameStatus
Source: msedgewebview2.exe, 00000047.00000002.4140402485.00007CB60038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoft365.comx
Source: msedgewebview2.exe, 00000049.00000002.4477848027.00007BA400940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.micrsoft365.com
Source: msedgewebview2.exe, 00000043.00000002.4318109090.0000194400C80000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4477848027.00007BA400940000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.micrsoft365.com/
Source: msedgewebview2.exe, 00000043.00000002.4318109090.0000194400C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.micrsoft365.com/pwa185.36
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nic.cz/odvr/
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nic.cz/odvr/ueryhttps://doh.cox.net/dns-queryCleanBrowsing
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.northwindtraders.com/
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4177464981.000001F970DA3000.00000002.00000001.00040000.00000031.sdmp, msedgewebview2.exe, 00000043.00000002.4341738290.0000194400FB8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3747917464.00001944007C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000002.4321742429.0000194400DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
Source: msedgewebview2.exe, 00000043.00000002.4262787794.00001944008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/.comonlyindianpornooodesiozeexl&
Source: msedgewebview2.exe, 00000043.00000003.3747917464.00001944007C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/Office
Source: msedgewebview2.exe, 00000049.00000003.3613898529.00007BA40120C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/park
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/parkr
Source: msedgewebview2.exe, 00000043.00000002.4321742429.0000194400DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/stvroom.truevirtualworld.comwashingtonpost.com/sportssecure.priviahealth.comp
Source: msedgewebview2.exe, 00000043.00000002.4341738290.0000194400FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/w
Source: WebViewHost.exe, 00000042.00000002.4089828599.00000164DDA00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.office.coma
Source: msedgewebview2.exe, 00000047.00000002.4124852417.00007CB60023B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/
Source: msedgewebview2.exe, 00000049.00000002.4437592620.00003E7000C42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.relecloud.com
Source: msedgewebview2.exe, 00000049.00000003.3565492670.00007BA4011BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.yammer.com
Source: msedgewebview2.exe, 00000043.00000003.3409176839.00001944007E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wwwintmath.com/numbers/numbers-intro.phpintmath.com/factoring-fractions/factoring-fractions-
Source: msedgewebview2.exe, 00000043.00000002.4180155731.000001F970E66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com
Source: msedgewebview2.exe, 00000043.00000002.4143096950.000001F96BD23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.comc
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56719
Source: unknownNetwork traffic detected: HTTP traffic on port 54282 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56711
Source: unknownNetwork traffic detected: HTTP traffic on port 53982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54029 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54023 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56725
Source: unknownNetwork traffic detected: HTTP traffic on port 58290 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56722
Source: unknownNetwork traffic detected: HTTP traffic on port 53941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54030 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53947 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54281 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53981 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56685 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53992 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54019 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54020 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54280 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54037 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56670 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54285 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56705
Source: unknownNetwork traffic detected: HTTP traffic on port 53974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56704
Source: unknownNetwork traffic detected: HTTP traffic on port 56675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53979 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53969
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54016
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53960
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54015
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54014
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56675
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53965
Source: unknownNetwork traffic detected: HTTP traffic on port 53944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54019
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54018
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53962
Source: unknownNetwork traffic detected: HTTP traffic on port 56672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56683
Source: unknownNetwork traffic detected: HTTP traffic on port 56695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56684
Source: unknownNetwork traffic detected: HTTP traffic on port 54032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56685
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54023
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54021
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54020
Source: unknownNetwork traffic detected: HTTP traffic on port 56684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53977
Source: unknownNetwork traffic detected: HTTP traffic on port 54015 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54027
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54026
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53970
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54024
Source: unknownNetwork traffic detected: HTTP traffic on port 53962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53974
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54029
Source: unknownNetwork traffic detected: HTTP traffic on port 56712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56693
Source: unknownNetwork traffic detected: HTTP traffic on port 56706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54030
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56695
Source: unknownNetwork traffic detected: HTTP traffic on port 54009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54034
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54032
Source: unknownNetwork traffic detected: HTTP traffic on port 54026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53988
Source: unknownNetwork traffic detected: HTTP traffic on port 54284 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53983
Source: unknownNetwork traffic detected: HTTP traffic on port 53927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54037
Source: unknownNetwork traffic detected: HTTP traffic on port 54278 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54036
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53980
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54035
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53987
Source: unknownNetwork traffic detected: HTTP traffic on port 53961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53985
Source: unknownNetwork traffic detected: HTTP traffic on port 56711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53984
Source: unknownNetwork traffic detected: HTTP traffic on port 53984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53990
Source: unknownNetwork traffic detected: HTTP traffic on port 53978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54027 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53999
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53997
Source: unknownNetwork traffic detected: HTTP traffic on port 56671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53925
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53922
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53927
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53926
Source: unknownNetwork traffic detected: HTTP traffic on port 54016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53920
Source: unknownNetwork traffic detected: HTTP traffic on port 54277 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53935
Source: unknownNetwork traffic detected: HTTP traffic on port 54283 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53937
Source: unknownNetwork traffic detected: HTTP traffic on port 53966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53930
Source: unknownNetwork traffic detected: HTTP traffic on port 53983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53947
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53946
Source: unknownNetwork traffic detected: HTTP traffic on port 56683 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53944
Source: unknownNetwork traffic detected: HTTP traffic on port 53965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53943
Source: unknownNetwork traffic detected: HTTP traffic on port 56715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53942
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53940
Source: unknownNetwork traffic detected: HTTP traffic on port 53959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54034 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54001
Source: unknownNetwork traffic detected: HTTP traffic on port 53988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53955
Source: unknownNetwork traffic detected: HTTP traffic on port 58292 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53950
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54003
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54002
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54009
Source: unknownNetwork traffic detected: HTTP traffic on port 56710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53953
Source: unknownNetwork traffic detected: HTTP traffic on port 53926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53951
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54006
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56671
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56672
Source: unknownNetwork traffic detected: HTTP traffic on port 53960 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56673
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56674
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54010
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56670
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58292
Source: unknownNetwork traffic detected: HTTP traffic on port 53954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58290
Source: unknownNetwork traffic detected: HTTP traffic on port 56704 -> 443
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:54024 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.24:54023 version: TLS 1.2
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6028 -s 436
Source: f492136216_mpengine_dllStatic PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows
Source: f492136216_mpengine_dllStatic PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows
Source: f492136216_mpengine_dllStatic PE information: Resource name: PACKEDBINARY type: PE32+ executable (native) x86-64, for MS Windows
Source: f492136216_mpengine_dllStatic PE information: Resource name: PACKEDBINARY type: PE32+ executable (GUI) x86-64, for MS Windows
Source: f492136216_mpengine_dllStatic PE information: Resource name: PACKEDBINARY type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: f492136216_mpengine_dllStatic PE information: Resource name: PACKEDBINARY type: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Source: f492136216_mpengine_dllStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: f492136216_mpengine_dllBinary or memory string: MpValidateTrustDistrustSigWithTrailingDataOriginalFilenameProductNameInternalNameMpValidateTrustDistrustSigWithTrailingDataThreshold4|S vs f492136216_mpengine_dll
Source: f492136216_mpengine_dllBinary or memory string: CreatorProcessCreationTimeCreatorProcessIdShortNameIsFriendlyOriginalFileNameParameters<Process ProcessId="%u" ProcessCreationTime="%llu" TerminatorProcessId="%u" TerminatorProcessCreationTime="%llu" Name="%s" IsExcluded="%u" IsFriendly="%u"> vs f492136216_mpengine_dll
Source: f492136216_mpengine_dllBinary or memory string: BM_ChangeFileBM_CreateFileBM_NetworkConnectBM_RegistryDeleteValueBM_BootSectorChangeBM_NetworkDataSendBM_RegistryKeyRenameBM_RegistryKeyCreateBM_RegistrySetValueBM_RegistryKeyDeleteBM_ArDetectionBM_NetworkDetectionBM_RegistryBlockSetBM_ModuleLoadBM_RawWriteBM_RemoteThreadCreateBM_ProcessStartBM_ProcessCreateBM_Etw_RegisterInputDevicesBM_Etw_SetEventHookBM_Etw_SetThreadContextBM_Etw_NtAdjustPrivilegesBM_EngineInternalBM_RegistryBlockDeleteBM_Etw_TerminateProcessBM_Etw_PsSetLoadImageNotifyRoutineBM_Etw_CreateLinkBM_Etw_RegisterShutdownBM_RegistryReplaceBM_RegistryRestoreBM_Etw_OpenProcessBM_Etw_WriteMemoryBM_Etw_RegisterLastShutdownBM_Etw_OpenThreadBM_OpenProcessBM_DesktopBM_RegistryBlockCreateBM_BlockOpenProcessBM_RegistryBlockRestoreBM_RegistryBlockRenameBM_VolumeMountBM_RegistryBlockReplaceBM_Etw_AllocVmLocalBM_CreateFolderBM_Etw_ClearLogBM_Etw_DirEnumBM_Etw_BlockExploitBM_Etw_CodeInjectionBM_Etw_GetAsyncKeyStateBM_Etw_SetWindowsHookBM_HardLinkFileBM_RenameFolderBM_DLPBM_CopyFileBM_Etw_WMIExecMethodBM_Etw_WMIActivityNewBM_EnumFolderBM_Etw_WMICreateProcessBM_Etw_CredBackupCredentialsBM_Etw_CredReadByTokenHandleBM_Etw_VaultEnumerateCredentialsBM_Etw_VaultFindCredentialsBM_Etw_CredEnumerateBM_Etw_CredReadCredentialsBM_Etw_CredFindBestCredentialBM_Etw_CredReadDomainCredentialsBM_Etw_BITSCreateBM_Etw_LDAPSearchBM_Etw_ScheduledTaskUpdateBM_Etw_ScheduledTaskCreateBM_TaintBM_Etw_VaultGetUniqueCredentialBM_Amsi_MatchBM_Amsi_ScanBM_Etw_HiveHistoryClearBM_Etw_AccountPasswordResetBM_SignatureTriggerBM_OriginalFileNameBM_Etw_LogonFailureBM_Etw_LogonSuccessBM_Etw_AccountPasswordChangedBM_Etw_UserAccountChangedBM_Etw_ResumeThreadBM_Etw_SuspendThreadBM_Etw_ResumeProcessBM_Etw_SuspendProcessBM_Etw_ExploitProtectionBM_Etw_UserAccountCreatedBM_Network_VolumeBM_Network_PortOpenBM_Etw_ServiceStopBM_Etw_ProtectVmLocalBM_Etw_ServiceChangeBinaryPathBM_Etw_ServiceChangeStartTypeBM_Etw_UnloadDriverBM_Etw_LoadDriverBM_Etw_UnloadDeviceBM_Etw_LoadDeviceBM_Etw_V2CodeInjectionBM_Etw_ReadVmRemoteBM_Network_ConnectionOpenBM_Etw_MapViewLocalBM_Etw_ServiceHostStartedBM_Etw_ServiceChangeAccountInfoBM_Network_FailureBM_Etw_ServiceStartedBM_RegistrySetValue_FromBM_ChangePermissionsBM_Etw_CLRModuleLoadBM_Etw_DangerousSyscallBM_ParentBM_FileSequentialReadBM_NetworkSetSocketOptionBM_NetworkSocketBM_DeleteXattrBM_CloudResponseAL""BM_RegistryTpStateBM_Etw_CLRAssemblyLoadBM_ChangeOwnerBM_Etw_ReadVmRemoteAggError while processing Event: ID = [%d], HR = [%lx]{%llu, %ls, __attr_none__, %ls, %ls} // notification sequence id %lluError while processing Event, i.e you're missing an event.L"%ls""%hS"{%llu, %ls, __attr_none__, %ls, %ls} // Multiproc notification from pid (%lu,%llu); notification sequence id %llu0x%lXIsPackedIsPePlusFileInfoIsPeThreatName vs f492136216_mpengine_dll
Source: f492136216_mpengine_dllBinary or memory string: OriginalFileName vs f492136216_mpengine_dll
Source: f492136216_mpengine_dllBinary or memory string: 2DynamicConfigMpRampasyncworkubermgrcksigtaskmanagerappvbtrtelemetryPrivilegeUtilsdbvarsdbloadkstoreRemapErrorCodePUA_appmapbmsearchUfsunplibmagiccodesvfohighsvfolowstrmmemscancmdlinescanactionsthreatmgrsqlitewrappermetastoreautofeaturecontrolKslManagerpefileamunpackersigroutinesysionotemgrregnotemgrAsyncResourceScanprofilemgreadatacabziprarrar5expkkcrcedatafilefileutilsbadrecsbhourlwlaggregatorlogskippayloadmgrrempoltrustedcontentAsyncProcessScandiagnosticscanearlybootisusyncquerysubmissionrequestmaintenancewindowhelperdllimportsNET_ILvemulibsigtreepattmatchprocBloomFiltertrojanBondSerializervlibnetvmLUALuaStandaloneSMSx86_ILIL_x86DT_envQueryfilertsigRegkeyClsidBhoIeexplorerbarShellexechookLspActivexadaptivesyncquerySpynetSigLoaderresutilsresmgrsyscleanProcessQueryFileCmdLineIevextRestrictrunWinlognotifGpextensionShellopencmdAutorunIetoolbarFolderContextmenuRunkeyRunonceAppinitdllIepluginIeextInifilemapNspIesearchIesearchurlIeaboutIemainShareddllBootIewebbrowserIeshellbrowserFirewallokfileFontdriverSafebootIemenuextIeurlsearchhookUsershellfolderTypelibFirewallportNtrunkeyShellcolumnhandlerGinadllMpNotifyBootexecModuleusageStartupTaskschedulerWinlogonshellSpecialfolderInterfaceCommandlineTypelibversionCopyhookhandlerDragdrophandlerPropertysheethandlerDatahandlerDrophandlerIconhandlerThumbnailhandlerInfotiphandlerImagefileexecoptionsSilentProcessExitTelemetryControllerPackagedAppXDebugPackageDebugInformationShellserviceobjectdelayloadFindextensionShelliconoverlayidIeextapprovedIepreapprovedWinlogonuserinitUninstallShellextapprovedRunonceexWinlogonsystemWinlogontaskmanLinkhandlerStructstoragehandlerPropertyhandlerIesearchscopeIephishingfilterIeelevationpolicyIedragdropIeaddonProtocolhandlerversionProtocolnamespacehandlerExpooffloadAutodialDLLUserInitMprLogonScriptTsstartupKnowndllKnowndll16LsapackageBootverificationWinlogonuihostPrintmonitorTransactionfilePrintproviderProtocolfilterProtocolhandlerActivesetupcomponentJitdebuggerWallpaperAlternateShellQueryFileHookwowSamplefilerecalledHiddenfileSamplefilehiddenWebfilencfileDesktopcomponentPolicyscriptClassExtensionContainerfilePseudorunkeyAMSIUACInternalAMSIUACQueryfileAMSIUACGenStreamInternalGenStreamQueryfileGenStreamBootsyncblockInternalBootsyncblockNtappdllRootkitWebscriptInternalwebscriptQueryfilewebscriptInternalAMSIQueryfileAMSIAppsecdllDumpFileHiddendriverSecproviderSubsystemtypeemsRootkittelemetryQueryfilebootsyncSharedtaskschedulerSamplefilesubmissiononlyAutorunInfPendfileSamplefilerootkitPoststartupscanPostsignatureupdatescanbootjavambasicwpcword2lmdbadotoutRemediationcheckpointRootCertRootCertUsersectmacronscripthlpswftest_DTelfhtmlretargetemb1ole2rtfnpdfInternalbehaviormacapplkv16lelxdexapkdmgscannertararjarcacelhhapzoocpiochmchmitssmimenbinhextnefdbxmbxpstnsisnsv1innoInnoScaninstcreamachofatwisenbindersitcptcfimagequantumishldishldnewc2rdatdfsp7zAutoITAutoitScanarfsdxardmgasadbgaudfwimsftbminternalBmSignatureLoaderBmControllersfcbuildmetastorelowficachemapistubmapistubdefaultfirefoxinst
Source: f492136216_mpengine_dllBinary string: FriendlyFileMpAPILimitReached.genMpReturnsToEntryPointCharacter set declaration starting with [ terminated prematurely - either no ] was found or the set had no content.Nothing to repeat.MpThreadLimitReachedcompetitivesecurityprocessesCharacter class declaration starting with [ terminated prematurely - either no ] was found or the set had no content.Encountered a forward reference to a marked sub-expression that does not exist.Encountered a forward reference to a recursive sub-expression that does not exist.Missing } in quantified repetition.alnumalphablankcntrldigitgraphlowerprintpunctspaceunicodeuppervwordxdigit\Device\HarddiskVolume#Stream Container File
Source: f492136216_mpengine_dllBinary string: SHA512globalMD5unbalanced patternOLEHANDLEMPAttribute enumeratorRESHANDLEPEVMHANDLEMpContainer [Object] HandleVERSTRINGHANDLEmemoryrunpackPEREADER handleMpContainer HandleMpContainer ObjectInfoInvalid index in sigattr head log: %d (logsize = %d)Invalid RecId %dupvalue\device\harddisk*Invalid index in sigattr log: %dSHA384Invalid index (0) in sigattr log%s: %pDeep analysis was enabled during DT on %ls
Source: f492136216_mpengine_dllBinary string: HITMISSUsrName:%s;Domain:%s;RemoteIp:%s;FSize:%llu%installlocation%FirstOff:%llu;LastOff:%llu;SmallestOff:%llu;BiggestOff:%llu;TotalSizeWrite:%llu;TotalSizeAppend:%llu;NumWrites:%lu;UsrName:%s;Domain:%s;RemoteIp:%sUsrName:%s;Domain:%s;RemoteIp:%s\\?\%c:\Device\Harddisk\\.\PHYSICALDRIVE
Source: f492136216_mpengine_dllBinary string: deque<T> too long\Device\HarddiskVolume
Source: f492136216_mpengine_dllBinary string: Engine.MM.UpdatePolicyStatusMpDisableModMonFeatureMpModMonEnableProtectionAMSI.DLLMpPUAVibraniumrealpathfilenametargetdisksizetargetdiskfreehashedfullpathfilesystemtimestampchainresultCertificateChainDigitalSignaturechainresultTimestampChainDigitalCertificatehashalgorithmissuercommonnamesubjectcommonnamenotaftertimethumbprintnotbeforetimeencryptionalgorithmissuerdistinguishednameserialnumbersubjectdistinguishednameekulistspynet_report::build_report\device\Engine.FileHashCache.Resultpartialcrc2MpDisableHashTruncationEngine.Scan.HashCacheLookupABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Source: f492136216_mpengine_dllBinary string: DigitalSignatureProcessor Trace Decoding workload has not been initialized.(nsis-%d-%hs%hs)DELETE FROM SystemFileCache WHERE InfectedFileSHAHash = ? OR ProcFileIDSystemFileHash = ?;SELECT Count(1) FROM SystemFileCache;SELECT InfectedFileSHA, ProcFileId, SystemFilePath, CleanFileSha FROM SystemFileCache WHERE InfectedFileSHAHash = ? OR ProcFileIDSystemFileHash = ? ORDER BY InstanceTimeStamp DESC;::DataSpace/Storage/MSCompressed/ControlData::DataSpace/Storage/MSCompressed/Content::DataSpace/NameList::DataSpace/Storage/MSCompressed/SpanInfo::DataSpace/Storage/MSCompressed/Transform/{7FC28940-9D31-11D0-9B27-00A0C91E9C7C}/InstanceData/ResetTable\Device\Engine.BM.TrustedInstallerMoacAddTrustedInstallerMOACAddMpSuppressVolumeOpenFlushosmetricsPE_NOT_DAMAGEDPE_DAMAGED_MACHINEPE_DAMAGED_SECTIONALIGNMENTPE_DAMAGED_FILEALIGNMENTPE_DAMAGED_POINTERTORAWDATAPE_DAMAGED_VIRTUALADDRESSPE_DAMAGED_TRUNCATEDPE_DAMAGED_SPECIAL_SECTIONPE_DAMAGED_NOTCONTIGUOUSPE_DAMAGED_RELOCATIONSPE_DAMAGED_OVERLAPPING_SECTIONSPE_DAMAGED_OPTIONAL_MAGICPE_DAMAGED_SIZEOFHEADERSPE_DAMAGED_IMAGEBASEPE_DAMAGED_IMAGESIZEPE_DAMAGED_UNSUPPORTEDPE_DAMAGED_IMPORTSPE_DAMAGED_INVALIDDATAPE_DAMAGED_DECOMPRESSPE_DAMAGED_VIRTUALSIZEPE_DAMAGED_NOT_EXECUTABLE_IMAGEPE_DAMAGED_ENTRYPOINTPE_DAMAGED_SIZEOFRAWDATAPE_DAMAGED_RESOURCE_OFFSETPE_DAMAGED_RESOURCE_LEVELSPE_DAMAGED_RESOURCE_NAMEPE_DAMAGED_RESOURCE_UNORDEREDPE_DAMAGED_VERSIONINFOPE_DAMAGED_RESERVED(RtfBody)
Source: f492136216_mpengine_dllBinary string: Attempt to access an uninitialized boost::match_results<> class.|+LowMpSfcBuildConfigFullspecialfolder|recursive:file:%programfiles%?specialfolder|recursive:file:%programfiles(x86)%?specialfolder|recursive:file:%systemroot%?specialfolder|recursive:file:%systemdrive%\boot?recursive:file:determination\\.\globalroot\systemroot\%SystemRoot%\%s%sHKCU@%s%s%s%sMpCaseSensitiveProfilemgr\\.\globalroot\\\Software\Classes\\Software\WowAA32Node\Software\Wow6432Node\Software\Wow6432Node\CLSID\\AppID\\Interface\\Software\Classes\VirtualStore\MachineMpProcessMemoryScanCacheRetryMaximum%d%ls (x86)%ls\SystemRoot\Device\\REGISTRY\MACHINE\\Device\HarddiskDm\\?\S-1-5-18SYSTEM\CurrentControlSet\Control\hivelistCoreReportFileReportrevision
Source: f492136216_mpengine_dllBinary string: +<>#;MachineIdValidationresourcetyperesourcelanguageCompanyNameFileDescriptionDefaultGatewayMacnamespaceguidFirmwareEnvironmentNameSpaceMpDisableSyncSpynetCheckMpDisableSyncSdnMpDisableSyncDssMpAsyncDssQueryTimeoutMpMaxSpynetReportsresourcesha256Engine.Maps.TruncatedAttributeProfileGuidlcidprocessorautosampleoptinvalueenginereportguidSignatureRequestdsssourcerttimehistorySpynetReportsdnrevisionnewgeoidpvpringIsTestosproducttypecomputerdnsnamehash%08lxrttimestddevaveragerttimegradualreleasecloudblocklevelpublisher\Device\Harddisk\Partition0membershipsupportedcompressionsXor,DeflateLevel1Xor\\?\GLOBALROOTpesectionhashesnriengineversionissqmtestMapsLatencyfunctionhresult0x%08llXerrorfieldSpynetErrordescversionMpEnableUefiEnumerationInHeartBeat{00000000-0000-0000-0000-000000000000}ProfileNameMAPSClientLatencyMAPSGenerateLatencyMAPSSendLatencyMAPSParseLatencyMAPSHresultMAPSHttpStatusMAPSReportGuidMAPSCreateConnectionTimeMAPSSendRequestTimeMAPSSendOverheadTimeMAPSSendUrlAttemptsMAPSReceiveResponseTimeMAPSOnSendStartTickMAPSOnResolvingNameTickMAPSOnResolvedNameTickMAPSOnConnectingTickMAPSOnConnectedTickMAPSOnFirstSendingTickMAPSOnFirstReceivingTickMAPSOnSendEndTickMAPSReadResponseTimeMpGearVersionmpgearversionMeteredNetworkismeterednetworkIsVerifiedAndReputableTrustModeisverifiedandreputabletrustmodeIsVerifiedAndReputablePerfModeisverifiedandreputableperfmodeSmartLockerModesmartlockermodeDescriptionFirstNetwork
Source: f492136216_mpengine_dllBinary string: model_blob is nullInvalid RFC ext header pointermodel handle ptr is nulltree[%u]->leaf node begin offset(%u) should be 0Invalid DT algo(%d)Invalid number of trees(%u)/features(%u)/classes(%u)/split nodes(%u)/class values(%u).str_replaceTrees(%u)/Features(%u)/Classes(%u) exceed max limit.#ATTR_%08zx()No kstore spaceOperand name too longNo CacheUSN CacheUNC\Device\Mup\\Device\LanmanRedirector\\Device\WebDavRedirector\\Device\HarddiskVolume\Device\WinDfs\\Device\vmsmb\\Device\CdRomMpUseNewFriendlyCacheKey%system%%commonfiles%%temp%%windir%%program_files%%ls%u%u%u\??\%ls\device\harddiskvolume:\programdata\:\users\public\desktop\%common_desktop%%common_appdata%:\users\%userprofile%
Source: msedgewebview2.exe, 00000049.00000003.3625873950.00007BA400BC4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .SLNPROJH
Source: msedgewebview2.exe, 00000049.00000003.3484708302.00007BA400BC0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000312000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3625873950.00007BA400BC4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .VBPROJ
Source: msedgewebview2.exe, 00000049.00000003.3484708302.00007BA400BC0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000302000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000003.3625873950.00007BA400BC4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .CSPROJ
Source: msedgewebview2.exe, 00000049.00000003.3609021863.00007BA40078C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ".ASAX",".ASC",".ASCX",".ASF",".ASHX",".ASM",".ASMX",".ASP",".ASPX",".ASX",".AU",".AVCI",".AVCS",".AVI",".AW",".BAS",".BAT",".BAY",".BCP",".BIN",".BKF",".BLG",".BMP",".BSC",".C",".CAMP",".CAP",".CAT",".CC",".CCPROJ",".CD",".CDA",".CDMP",".CDX",".CDXML",".CER",".CGM",".CHK",".CHM",".CLS",".CMD",".COD",".COFFEE",".COM",".COMPOSITEFONT",".CONFIG",".CONTACT",".COVERAGE",".CPL",".CPP",".CR2",".CRL",".CRT",".CRTX",".CRW",".CS",".CSA",".CSH",".CSHADER",".CSHTML",".CSPROJ",".CSS",".CSV",".CUR",".CXX",".DAT",".DATASOURCE",".DB",".DBG",".DBS",".DCR",".DCS",".DCT",".DCTX",".DCTXC",".DDS",".DEF",".DEPLOYPROJ",".DEPS",".DER",".DESKLINE",".DESKTHEMEPACK",".DET",".DEVICEMANIFEST-MS",".DEVICEMETADATA-MS",".DGML",".DIAGCAB",".DIAGCFG",".DIAGPKG",".DIAGSESSION",".DIB",".DIC",".DIFF",".DISCO",".DIVX",".DIZ",".DLL",".DL_",".DMP",".DNG",".DOC",".DOCHTML",".DOCM",".DOCMHTML",".DOCX",".DOCXML",".DOS",".DOT",".DOTHTML",".DOTM",".DOTX",".DQY",".DRF",".DRV",".DSGL",".DSH",".DSHADER",".DSN",".DSP",".DSW",".DTCP-IP",".DTD",".DVR-MS",".DWFX",".EASMX",".EC3",".EDMX",".EDRWX",".EIP",".ELM",".EMF",".EML",".EPRTX",".EPS",".EPUB",".ERF",".ETL",".ETP",".EVT",".EVTX",".EXC",".EXP",".EXT",".EX_",".EYB",".FAQ",".FBX",".FDM",".FFF",".FH",".FIF",".FILTERS",".FKY",".FLAC",".FND",".FNT",".FON",".FX",".GCSX",".GENERICTEST",".GHI",".GIF",".GLB",".GLOX",".GLTF",".GMMP",".GQSX",".GRA",".GROUP",".GRP",".GSH",".GSHADER",".GZ",".H",".HD3D",".HDMP",".HDP",".HEIC",".HEICS",".HEIF",".HEIFS",".HH",".HHC",".HLP",".HLSL",".HLSLI",".HOL",".HPP",".HPX",".HSH",".HSHADER",".HTA",".HTC",".HTM",".HTML",".HTT",".HTW",".HTX",".HXA",".HXC",".HXD",".HXE",".HXF",".HXH",".HXI",".HXK",".HXQ",".HXR",".HXS",".HXT",".HXV",".HXW",".HXX",".I",".IBQ",".ICC",".ICL",".ICM",".ICO",".ICS",".IDB",".IDL",".IDQ",".IIQ",".ILK",".IMC",".IMESX",".INC",".INF",".INI",".INL",".INV",".INX",".IN_",".IPP",".IQY",".ITRACE",".IVF",".JAR",".JAVA",".JBF",".JFIF",".JFR",".JOB",".JOD",".JPE",".JPEG",".JPG",".JPS",".JS",".JSE",".JSON",".JSONID",".JSPROJ",".JSX",".JTX",".JXR",".K25",".KCI",".KDC",".KDMP",".LABEL",".LACCDB",".LATEX",".LDB",".LESS",".LEX",".LGN",".LIB",".LIC",".LNK",".LOCAL",".LOG",".LPCM",".LST",".LZH",".M14",".M1V",".M2T",".M2TS",".M2V",".M3U",".M4A",".M4B",".M4P",".M4R",".M4V",".MAD",".MAF",".MAG",".MAK",".MAM",".MAN",".MANIFEST",".MAP",".MAPIMAIL",".MAQ",".MAR",".MARKDOWN",".MAS",".MASTER",".MAT",".MAU",".MAV",".MAW",".MD",".MDA",".MDB",".MDBHTML",".MDC",".MDE",".MDMP",".MDN",".MDP",".MDT",".MDTXT",".MDW",".MEF",".MFCRIBBON-MS",".MHT",".MHTML",".MID",".MIDI",".MK",".MK3D",".MKA",".MKV",".MLC",".MLPD",".MMF",".MOD",".MOS",".MOV",".MOVIE",".MP2",".MP2V",".MP3",".MP4",".MP4V",".MPA",".MPE",".MPEG",".MPG",".MPO",".MPV2",".MRW",".MS-LOCKSCREENCOMPONENT-PRIMARY",".MS-WINDOWS-STORE-LICENSE",".MSC",".MSEPUB",".MSG",".MSI",".MSIX",".MSIXBUNDLE",".MSP",".MSRCINCIDENT",".MSU",".MTS",".MTX",".MV",".MYDOCS",".NATVIS",".NCB",".NEF",".NFO",".NK2",".NLS",".NRW",".NST",".NUSPEC",".NVR",".OBJ",".OCSMEET",".OCX",".OC_",".ODC",".ODCCUBEFILE","
Source: msedgewebview2.exe, 00000049.00000003.3625873950.00007BA400BC4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .SLN@
Source: msedgewebview2.exe, 00000049.00000003.3484708302.00007BA400BC0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000049.00000002.4412469708.00003E7000312000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .SLNPROJ
Source: msedgewebview2.exe, 00000049.00000003.3625873950.00007BA400BC4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: .VBPROJx
Source: classification engineClassification label: mal48.evad.mine.win@95/298@14/34
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$LSBIHQFDVT.xlsx
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeMutant created: NULL
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6376
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7044
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3296
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3548
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4112
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6028
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3728:120:WilError_03
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeMutant created: \Sessions\1\BaseNamedObjects\OFFICE_APP
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6216
Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\5ea350a4-9207-447c-94c9-373e7d897f1aJump to behavior
Source: f492136216_mpengine_dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.ini
Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",#1
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT 1 FROM SQLITE_MASTER WHERE type=? AND name=? LIMIT 1;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO NetworkIpFirewallRulesOutgoing(Key, FirewallRuleName, ExpiryTime) VALUES (?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO FileLowFiAsync(Key, FileName, SigSeq, SigSha, SigIsSync, InstanceTimeStamp) VALUES(?, ? , ? , ? , ? , ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM ProcessBlockHistory WHERE ProcessPath = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AnomalyInfo(Key, UnbiasedTime) VALUES (?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, FilePath, Context, InsertTime, ExpireTime FROM AttributePersistContext WHERE FilePath LIKE ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(13, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM AutoFeatureControl;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT DISTINCT TableName FROM AnomalyTables;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM FileHashes WHERE FileHashes.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM RansomwareDetections;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(38, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM DnRevisions;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO RollingQueuesValues(EntryTable, EntryKey, EntryValue, InsertTime, ExpireTime) VALUES(? , ? , ? , ? , ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, VSN, FileID, USN, InstanceTimeStamp, SHA1, MD5, SHA256, LSHASH, LSHASHS, CTPH, PartialCRC1, PartialCRC2, PartialCRC3, KCRC1, KCRC2, KCRC3, KCRC3n FROM FileHashes WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM ValueMapArray WHERE ValueMapArray.Key = ? AND ValueMapArray.RecordType = ?; DELETE FROM ValueMapArray WHERE ValueMapArray.Key = ? AND ValueMapArray.RecordType = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AnomalyTables(Key, TableKey, TableName, UnbiasedTableAge, KeyName, FirstSeen, LastSeen, UnbiasedTime, Value, Order_) VALUES(? , ? , ? , ? , ? , ? , ? , ? , ? , ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS StaticCfiModels( Hash INT primary key, CoarseGrainModel TEXT, FineGrainModel TEXT );
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE ProcessPath = ? ORDER BY TimeStamp DESC;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM FileLowFiAsync;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM BmFileStartupActions;DELETE FROM BmFileStartupActions WHERE BmFileStartupActions.FilePathHash = ?;INSERT INTO BmFileStartupActions(FilePathHash, FilePath, ActionFlags, ProcessStartCount, FdrFlags, FdrThreatRecordId, EvaluatorThreatRecordId, TrustedInstallerThreatRecordId, LFRThreatRecordId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);SELECT FilePathHash, FilePath, ActionFlags, ProcessStartCount, FdrFlags, FdrThreatRecordId, EvaluatorThreatRecordId, TrustedInstallerThreatRecordId, LFRThreatRecordId FROM BmFileStartupActions WHERE FilePathHash = ?SELECT ID FROM BmFileStartupActions WHERE BmFileStartupActions.FilePathHash = ?;|
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM SystemFileCache WHERE CleanFileShaHash = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(6, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(14, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM DynSigRevisions WHERE DynSigRevisions.Key = ?;SELECT Count(1) FROM DynSigRevisions;DELETE FROM DynSigRevisions WHERE DynSigRevisions.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(38, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM DynSigRevisions WHERE DynSigRevisions.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE ProcessPath = ? AND TimeStamp = ? ORDER BY TimeStamp DESC;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE RuleId = ? ORDER BY TimeStamp DESC;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(4, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS DllInfo( Hash INT primary key, Info BLOB );
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmFileStartupActions(FilePathHash, FilePath, ActionFlags, ProcessStartCount, FdrFlags, FdrThreatRecordId, EvaluatorThreatRecordId, TrustedInstallerThreatRecordId, LFRThreatRecordId) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmFileActions(FileInfoId, ThreatRecordId, Action) VALUES (?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM NetworkIpFirewallRulesOutgoing WHERE NetworkIpFirewallRulesOutgoing.Key = ?;SELECT Key, FirewallRuleName, ExpiryTime FROM NetworkIpFirewallRulesOutgoing WHERE Key = ?INSERT INTO NetworkIpFirewallRulesOutgoing(Key, FirewallRuleName, ExpiryTime) VALUES (?, ?, ?);DELETE FROM NetworkIpFirewallRulesOutgoing;DELETE FROM NetworkIpFirewallRulesOutgoing WHERE NetworkIpFirewallRulesOutgoing.Key = ?;SELECT Count(1) FROM NetworkIpFirewallRulesOutgoing;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(5, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM FolderGuardPaths WHERE UserIdHash = ? LIMIT 1;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO RansomwareDetections(Key, DetectionGuid, LkgTS, NextUSN, DetectionTS, ProvisionalRemedComplTS, RemedComplTS, ImpactedCBPNameSpaces, InstanceTimeStamp) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, Name, Capacity, TimeToLive, Mode, Namespace FROM RollingQueuesTables WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(12, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT PersistId, PersistIdBlob, ExpirationDate FROM AmsiFileCache WHERE ExpirationDate < DateTime(?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO DynSigRevisions(Key, SdnRevision, EsuRevision, BFRevision, EntCertRevision, TamperRevision, AGBlobRevision, BFFileAllowRevision, BFFileBlockRevision, BFCertAllowRevision, BFCertBlockRevision) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT RuleAction, RuleId, IsAudit, IsInherited, State FROM BmHipsRuleInfo WHERE ProcessInfoId = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, FirewallRuleName, ExpiryTime FROM NetworkIpFirewallRules WHERE ExpiryTime < ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM SystemFileCache;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory WHERE ProcessPath = ? ORDER BY TimeStamp DESC LIMIT 1;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmFileInfo(NormalizedPathHash, DosPathHash, StructVersion, NormalizedPath, DosPath, Wow64Context, MetaContext, IsFromWeb, IsExecutable) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM SdnEx;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(3, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS StaticCfiModels( Hash INT primary key, CoarseGrainModel BLOB, FineGrainModel BLOB );
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(36, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT EntryTable, EntryKey, EntryValue, InsertTime, ExpireTime FROM RollingQueuesValues WHERE EntryTable = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Version, Current, LastUpdated FROM SQLiteGlobals WHERE Current = 1 ORDER BY Version DESC ;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM AmsiFileCache WHERE AmsiFileCache.PersistId = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AttributeCounts(Key, Name, Count, InsertTime, ExpireTime) VALUES(? , ? , ? , ? , ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, Revision FROM DnRevisions;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(28, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmProcessInfo(PPIDHash, ProcessStartTime, PID, StructVersion, ImageFileName, MonitoringFlags_Flags, MonitoringFlags_VmHardenType, MonitoringFlags_ExemptVmHardenedTypes, CommandLineArgs, HipsInjectionId, FolderGuardId, Flags, LsassReadMemId, MonitoringFlags_Flags2Low, MonitoringFlags_Flags2High)VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);INSERT INTO BmHipsRuleInfo(ProcessInfoId, RuleAction, RuleId, IsAudit, IsInherited, State) VALUES (?, ?, ?, ?, ?, ?);%ls\%ls [%04d/%02d/%02d %02d:%02d:%02d]Message.%zd: "%.*s [%.*s]"%s%s: Message.%zd: "Untitled"%s: Envelope.%zd: "Untitled"
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM NetworkIpFirewallRulesOutgoing WHERE NetworkIpFirewallRulesOutgoing.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AttributePersistContext(Key, FilePath, Context, InsertTime, ExpireTime) VALUES(? , ? , ? , ? , ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT EntryTable, EntryKey, EntryValue, InsertTime, ExpireTime FROM RollingQueuesValues WHERE EntryTable = ?; views may not be indexedcannot start a transaction within a transactioncannot commit - no transaction is activecannot rollback - no transaction is activeRolling queue with name "" has expired.expected %d columns for '%s' but got %dparametersFailed to create rolling queue. Too many active queues.the "." operatorFailed to begin transaction.non-deterministic functionsAPI called with NULL prepared statementORDER BY%s clause should come after %s not beforeLIMIT
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AmsiFileCache(PersistId, PersistIdBlob, ExpirationDate) VALUES (?, ?, DateTime('now', ?));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM AttributePersistContext;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, VSN, FileID, USN, InstanceTimeStamp, SHA1, MD5, SHA256, LSHASH, LSHASHS, CTPH, PartialCRC1, PartialCRC2, PartialCRC3, KCRC1, KCRC2, KCRC3, KCRC3n FROM FileHashes WHERE Key = ?; SELECT COUNT(1) FROM FileHashes; v0.60v0.62v0.80v1.03av1.03bv0.896v0.896nv1.90v1.24v1.25v1.20v3.0 LZMA(ishld#%04zd)actioncheckpointcurrent_errorfromfrom_errorfrom_scrubbedorderreghiveregistryvalueregistryvalue_scrubbedregkeyregvaluenametoto_errorto_scrubbedSOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilterAllowSmartScreenBrowserMpDisableMDMPolicyChecks%program_files%\internet explorer\iexplore.exe
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS DllHistory( Path TEXT, Length INT, LastWriteTime INT, Hash INT, primary key(Path, Hash) );
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(24, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID, NormalizedPathHash, DosPathHash, StructVersion, NormalizedPath, DosPath, Wow64Context, MetaContext, IsFromWeb, IsExecutable FROM BmFileInfo WHERE NormalizedPathHash = ? OR DosPathHash = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(11, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(31, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, FirewallRuleName, ExpiryTime FROM NetworkIpFirewallRulesOutgoing WHERE ExpiryTime < ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM BmFileInfo WHERE NormalizedPathHash = ? OR DosPathHash = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT InfectedFileSHA, ProcFileId, SystemFilePath, CleanFileSha FROM SystemFileCache WHERE InfectedFileSHAHash = ? OR ProcFileIDSystemFileHash = ? ORDER BY InstanceTimeStamp DESC;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT t1.ProcessPath, t1.TimeStamp, t1.TargetPath, t1.RuleId, t1.IsAudit, t1.Action, t1.ProcessTaintReason, t1.ProcessIntegrity FROM ProcessBlockHistory AS t1 INNER JOIN(SELECT ID, ProcessPath, MAX(TimeStamp) AS MostRecentTime FROM ProcessBlockHistory GROUP BY ProcessPath) AS t2 ON t1.ID = t2.ID AND t1.TimeStamp = t2.MostRecentTime ORDER BY t1.TimeStamp DESC;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS DllDirectory( Path TEXT primary key, Length INT, LastWriteTime INT, Hash INT );
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE AtomicCounters SET Name = ?, Count = ?, InsertTime = ?, ExpireTime = ?, UpdateTime = ?, ScalarFactor = ?, LinearFactor = ?, DecayInterval = ?, HighCount = ?, LastDecayTime = ?, Namespace = ? WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM AutoFeatureControl WHERE AutoFeatureControl.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO SystemFileCache(InfectedFileSHAHash, InfectedFileSHA, ProcFileIDSystemFileHash, ProcFileId, SystemFilePath, CleanFileSha, CleanFileShaHash, InstanceTimeStamp) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(16, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(8, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(26, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM AnomalyTables;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(DISTINCT UserIdHash) FROM FolderGuardPaths;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AutoFeatureControl(Key, CurrCount, MaxCount, InstanceTimeStamp) VALUES (?, ?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID, PPIDHash, ProcessStartTime, PID, StructVersion, ImageFileName, MonitoringFlags_Flags, MonitoringFlags_VmHardenType, MonitoringFlags_ExemptVmHardenedTypes, CommandLineArgs, HipsInjectionId, FolderGuardId, Flags, LsassReadMemId, MonitoringFlags_Flags2Low, MonitoringFlags_Flags2High FROM BmProcessInfo WHERE PPIDHash = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AtomicCounters ORDER BY InsertTime ASC LIMIT 1;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(20, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT PersistId, PersistIdBlob, ExpirationDate FROM AmsiFileCache WHERE PersistId = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, Name, Count, InsertTime, ExpireTime, UpdateTime, ScalarFactor, LinearFactor, DecayInterval, HighCount, LastDecayTime, Namespace FROM AtomicCounters WHERE Key = ?;
Source: msedgewebview2.exe, 00000043.00000002.4345925477.0000194401018000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE enabled_previews_v1 (type INTEGER NOT NULL, version INTEGER NOT NULL, PRIMARY KEY(type))OT NULL, PRIMARY KEY(host_name, time DESC, opt_out, type))789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(33, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AtomicCounters WHERE AtomicCounters.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(18, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, FilePath, Context, InsertTime, ExpireTime FROM AttributePersistContext WHERE FilePath LIKE ?; Invalid prefix for persisted attribute context query.SELECT Key FROM AttributePersistContext WHERE AttributePersistContext.Key = ?; ;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM AnomalyInfo;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM BmProcessInfo WHERE PPIDHash = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM SystemFileCache WHERE InfectedFileSHAHash = ? OR ProcFileIDSystemFileHash = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ValueMapArrayBlob FROM ValueMapArray WHERE Key = ? AND RecordType = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, Name, Capacity, TimeToLive, Mode, Namespace FROM RollingQueuesTables WHERE Name LIKE ? AND Namespace = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AttributeCounts WHERE AttributeCounts.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT t1.ProcessPath, t1.TimeStamp, t1.TargetPath, t1.RuleId, t1.IsAudit, t1.Action, t1.ProcessTaintReason, t1.ProcessIntegrity FROM ProcessBlockHistory AS t1 INNER JOIN(SELECT ID, ProcessPath, MAX(TimeStamp) AS MostRecentTime FROM ProcessBlockHistory WHERE RuleId = ? GROUP BY ProcessPath) AS t2 ON t1.ID = t2.ID AND t1.TimeStamp = t2.MostRecentTime ORDER BY t1.TimeStamp DESC;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM ValueMapArray WHERE ValueMapArray.Key = ? AND ValueMapArray.RecordType = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(21, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO RollingQueuesTables(Key, Name, Capacity, TimeToLive, Mode, Namespace) VALUES(? , ? , ? , ? , ? , ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(34, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM BmFileInfo;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM AtomicCounters;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ThreatRecordId, Action FROM BmFileActions WHERE FileInfoId == ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(17, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmHipsRuleInfo(ProcessInfoId, RuleAction, RuleId, IsAudit, IsInherited, State) VALUES (?, ?, ?, ?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE AttributePersistContext SET FilePath = ?, Context = ?, InsertTime = ?, ExpireTime = ? WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AttributePersistContext WHERE AttributePersistContext.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(19, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM NetworkIpFirewallRules WHERE NetworkIpFirewallRules.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(22, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BackupProcessInfo(Key, FilePath, FirstStartTime, NextUSN, AutomaticRemovalPolicy, ImpactedCBPNameSpaces, InstanceTimeStamp) VALUES ( ?, ?, ?, ?, ?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM RansomwareDetections WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM SdnEx WHERE SdnEx.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(32, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(29, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM SystemRegistryCache WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM DnRevisions WHERE DnRevisions.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AutoFeatureControl(Key, CurrCount, MaxCount, InstanceTimeStamp) VALUES (?, ?, ?, ?);DELETE FROM AutoFeatureControl;DELETE FROM AutoFeatureControl WHERE AutoFeatureControl.Key = ?;SELECT Count(1) FROM AutoFeatureControl;DELETE FROM AutoFeatureControl WHERE InstanceTimeStamp < ?; SELECT ID FROM AutoFeatureControl WHERE AutoFeatureControl.Key = ?;SELECT Key, CurrCount, MaxCount, InstanceTimeStamp FROM AutoFeatureControl WHERE Key = ?
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM AttributeCounts;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO AtomicCounters(Key, Name, Count, InsertTime, ExpireTime, UpdateTime, ScalarFactor, LinearFactor, DecayInterval, HighCount, LastDecayTime, Namespace) VALUES(? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM AmsiFileCache;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS DllInfo( Hash INT primary key, Info TEXT );
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AnomalyTables WHERE AnomalyTables.TableKey = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO SystemRegistryCache(Key, FileIDHash, RegPath, RegOperation, NewRegType, OldRegType, OldRegData, NewRegData, InstanceTimeStamp) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT PersistId, PersistIdBlob, ExpirationDate FROM AmsiFileCache WHERE ExpirationDate < DateTime(?);SELECT DateTime('now');AMSIIDEngine.Scan.AmsiScanIsDefenderAuditModeIsCloudAuditModeisdefenderauditmodeiscloudauditmodescanned process info not available in GetScannedPPIDSCAN_REPLY not available in GetScannedPPID%lsHistory%lsResults\Entries\Resources
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(30, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(23, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM RollingQueuesValues;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(15, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(10, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM SystemFileCache WHERE CleanFileShaHash = ?; DELETE FROM SystemFileCache WHERE InstanceTimeStamp < ?; SELECT ID FROM SystemFileCache WHERE InfectedFileSHAHash = ? OR ProcFileIDSystemFileHash = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO BmProcessInfo(PPIDHash, ProcessStartTime, PID, StructVersion, ImageFileName, MonitoringFlags_Flags, MonitoringFlags_VmHardenType, MonitoringFlags_ExemptVmHardenedTypes, CommandLineArgs, HipsInjectionId, FolderGuardId, Flags, LsassReadMemId, MonitoringFlags_Flags2Low, MonitoringFlags_Flags2High)VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM BackupProcessInfo;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, FilePath, Context, InsertTime, ExpireTime FROM AttributePersistContext WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM ValueMapArray WHERE RecordType = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, TableKey, TableName, UnbiasedTableAge, KeyName, FirstSeen, LastSeen, UnbiasedTime, Value, Order_ FROM AnomalyTables WHERE AnomalyTables.TableKey = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(9, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM ProcessBlockHistory;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM DynSigRevisions;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM BmProcessInfo;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO ValueMapArray(Key, RecordType, ValueMapArrayBlob, InstanceTimeStamp) VALUES(?, ? , ? , ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, Name, Count, InsertTime, ExpireTime FROM AttributeCounts WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM BmFileStartupActions WHERE BmFileStartupActions.FilePathHash = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, FileName, SigSeq, SigSha, SigIsSync, InstanceTimeStamp FROM FileLowFiAsync WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM FileLowFiAsync WHERE FileLowFiAsync.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT COUNT(1) FROM FileHashes;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO RansomwareDetections(Key, DetectionGuid, LkgTS, NextUSN, DetectionTS, ProvisionalRemedComplTS, RemedComplTS, ImpactedCBPNameSpaces, InstanceTimeStamp) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?);DELETE FROM RansomwareDetections WHERE Key = ?;SELECT Count(1) FROM RansomwareDetections;SELECT ID FROM RansomwareDetections WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(27, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO NetworkIpFirewallRules(Key, FirewallRuleName, ExpiryTime) VALUES (?, ?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO FileHashes(Key, VSN, FileID, USN, InstanceTimeStamp, SHA1, MD5, SHA256, LSHASH, LSHASHS, CTPH, PartialCRC1, PartialCRC2, PartialCRC3, KCRC1, KCRC2, KCRC3, KCRC3n) VALUES(?, ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT DetectionGuid, LkgTS, NextUSN, DetectionTS, ProvisionalRemedComplTS, RemedComplTS, ImpactedCBPNameSpaces FROM RansomwareDetections WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(37, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT FilePath, FirstStartTime, NextUSN, AutomaticRemovalPolicy, ImpactedCBPNameSpaces FROM BackupProcessInfo WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(7, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM RollingQueuesTables WHERE RollingQueuesTables.Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key, Name, Count, InsertTime, ExpireTime, UpdateTime, ScalarFactor, LinearFactor, DecayInterval, HighCount, LastDecayTime, Namespace FROM AtomicCounters WHERE Name LIKE ? AND Namespace = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ProcessPath, TimeStamp, TargetPath, RuleId, IsAudit, Action, ProcessTaintReason, ProcessIntegrity FROM ProcessBlockHistory ORDER BY TimeStamp DESC;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(2, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE AttributeCounts SET Name = ?, Count = ?, InsertTime = ?, ExpireTime = ? WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO FolderGuardPaths(UserIdHash, UserId, GUID, Path) VALUES ( ?, ?, ?, ? );
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(35, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT ID FROM BackupProcessInfo WHERE Key = ?;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE SQLiteGlobals SET Current = 0 WHERE Current = 1; INSERT INTO SQLiteGlobals(Version, Current, LastUpdated) VALUES(25, 1, date('now'));
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO DnRevisions(Key, Revision) VALUES (?, ?);
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM BmFileStartupActions;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Count(1) FROM NetworkIpFirewallRulesOutgoing;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT DISTINCT Hash FROM DllInfoCREATE TABLE IF NOT EXISTS DllHistory( Path TEXT, Length INT, LastWriteTime INT, Hash INT, primary key(Path, Hash) );INSERT OR REPLACE INTO DllInfo VALUES(?, ?)INSERT OR REPLACE INTO DllHistory VALUES(?, ?, ?, ?)CREATE TABLE IF NOT EXISTS StaticCfiModels( Hash INT primary key, CoarseGrainModel TEXT, FineGrainModel TEXT );SELECT Info FROM DllInfo WHERE Hash = ?INSERT OR REPLACE INTO DllDirectory VALUES(?, ?, ?, ?)SELECT CoarseGrainModel, FineGrainModel FROM StaticCfiModels WHERE Hash = ?CREATE TABLE IF NOT EXISTS StaticCfiModels( Hash INT primary key, CoarseGrainModel BLOB, FineGrainModel BLOB );CREATE TABLE IF NOT EXISTS DllInfo( Hash INT primary key, Info BLOB );SELECT Length, LastWriteTime, Hash FROM DllDirectory WHERE Path = ?CREATE TABLE IF NOT EXISTS DllDirectory( Path TEXT primary key, Length INT, LastWriteTime INT, Hash INT );CREATE TABLE IF NOT EXISTS DllInfo( Hash INT primary key, Info TEXT );SELECT DISTINCT Path FROM DllDirectoryNtQuerySemaphoreNtQueryObjectNtQuerySystemInformationNtSetInformationFileHashDigestLengthboost::interprocess_exception::library_errorWinApi FormatMessage returned errorNtQueryTimerResolutionNtCloseNtOpenFileNtQuerySection
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM FileLowFiAsync WHERE FileLowFiAsync.Key = ?; DELETE FROM FileLowFiAsync WHERE FileLowFiAsync.Key = ?; SELECT COUNT(1) FROM FileLowFiAsync;
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: SELECT Key FROM AttributePersistContext ORDER BY InsertTime ASC LIMIT 1;
Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll"
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",#1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",#1
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\f492136216_mpengine_dll.dll,FreeSigFiles
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6028 -s 436
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3548 -s 452
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\f492136216_mpengine_dll.dll,GetSigFiles
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3296 -s 440
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\f492136216_mpengine_dll.dll,MpBootStrap
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",FreeSigFiles
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",GetSigFiles
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpBootStrap
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",rsignal
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",__rsignal
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerWrite
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerSetSize
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerRead
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerOpenObject
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerOpen
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerGetNext
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerFreeObjectInfo
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerDelete
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerCommit
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerCloseObject
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerClose
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerAnalyze
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4112 -s 436
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6376 -s 436
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6216 -s 444
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7044 -s 444
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\LSBIHQFDVT.xlsx"
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exe "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exe" "E98E54CA-9ED0-4A3C-82B1-435F18C73083" "E93A25E5-42BA-4E85-BCDE-30443779E8E4" "5708" "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: unknownProcess created: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exe "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exe"
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --mojo-named-platform-channel-pipe=7048.1824.9230578198698244367
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=100.0.4896.75 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=100.0.1185.36 --initial-client-data=0x138,0x13c,0x140,0x114,0x148,0x7ff9a2d6d840,0x7ff9a2d6d850,0x7ff9a2d6d860
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2396 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=3993088734 --mojo-platform-channel-handle=3196 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:1
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:3
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5332 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22621.3672 --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:2
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\f492136216_mpengine_dll.dll,FreeSigFilesJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\f492136216_mpengine_dll.dll,GetSigFilesJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\f492136216_mpengine_dll.dll,MpBootStrapJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",FreeSigFilesJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",GetSigFilesJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpBootStrapJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",rsignalJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",__rsignalJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerWriteJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerSetSizeJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerReadJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerOpenObjectJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerOpenJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerGetNextJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerFreeObjectInfoJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerDeleteJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerCommitJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerCloseObjectJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerCloseJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",MpContainerAnalyzeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",#1Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess created: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exe "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exe" "E98E54CA-9ED0-4A3C-82B1-435F18C73083" "E93A25E5-42BA-4E85-BCDE-30443779E8E4" "5708" "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE" "PowerPointCombinedFloatieLreOnline.onnx"
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --mojo-named-platform-channel-pipe=7048.1824.9230578198698244367
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=100.0.4896.75 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=100.0.1185.36 --initial-client-data=0x138,0x13c,0x140,0x114,0x148,0x7ff9a2d6d840,0x7ff9a2d6d850,0x7ff9a2d6d860
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2396 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=3993088734 --mojo-platform-channel-handle=3196 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22621.3672 --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5332 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8
Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: userenv.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: version.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: wintypes.dll
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: webview2loader.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: msvcp140.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: concrt140.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: dwmapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: msimg32.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: version.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: wininet.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: vcruntime140_1.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: msasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: execmodelclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.staterepositorybroker.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: diagnosticdatasettings.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: policymanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: coreprivacysettingsstore.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: netprofm.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: npmproxy.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: sspicli.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: mswsock.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: winnsi.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.web.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: cfgmgr32.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: daxexec.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: container.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: apphelp.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: winhttp.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: dnsapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: schannel.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: dbghelp.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: ncrypt.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: ntasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: dpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: rsaenh.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: gpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: systemsupportinfo.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: diagnosticdatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: coreprivacysettingsstore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: kbdus.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: diagnosticdatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: coreprivacysettingsstore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: nlansp_c.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.ui.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.security.authentication.onlineid.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cfgmgr32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: usermgrproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: usermgrcli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.media.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: directmanipulation.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: webio.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cryptnet.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: wofutil.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: vaultcli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: netprofm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.web.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.system.launcher.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: npmproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.system.userprofile.diagnosticssettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: diagnosticdataquery.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: bitsproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dxcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: directxdatabasehelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cfgmgr32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msmpeg2vdec.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dxva2.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msvproc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dolbydecmft.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: nlansp_c.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dxcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: directxdatabasehelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: cfgmgr32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msmpeg2vdec.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dxva2.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: msvproc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dolbydecmft.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d12.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d12.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d12core.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: dxilconv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: d3dscache.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
Source: f492136216_mpengine_dllStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: f492136216_mpengine_dllStatic PE information: Image base 0x75a100000 > 0x60000000
Source: f492136216_mpengine_dllStatic file information: File size 19533824 > 1048576
Source: f492136216_mpengine_dllStatic PE information: Raw size of .text is bigger than: 0x100000 < 0xc91000
Source: f492136216_mpengine_dllStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x441000
Source: f492136216_mpengine_dllStatic PE information: More than 200 imports for KERNEL32.dll
Source: f492136216_mpengine_dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: f492136216_mpengine_dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: f492136216_mpengine_dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: f492136216_mpengine_dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: f492136216_mpengine_dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: f492136216_mpengine_dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: f492136216_mpengine_dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: f492136216_mpengine_dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: BTR.pdbGCTL source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLDriver.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLD.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: '.PDBD source: msedgewebview2.exe, 00000043.00000002.4308313748.0000194400BD4000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: offreg.pdbH source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLDriver.pdbGCTL source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: MsMpEngCP.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: BTR.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: MsMpEngSvc.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: mpengine.pdb source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: MsMpEngSvc.pdbGCTL source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: KSLD.pdbGCTL source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: MsMpEngCP.pdbGCTL source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFD2C000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: offreg.pdb source: rundll32.exe, 00000003.00000002.2904696646.00007FF9AFC52000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: ".ASAX",".ASC",".ASCX",".ASF",".ASHX",".ASM",".ASMX",".ASP",".ASPX",".ASX",".AU",".AVCI",".AVCS",".AVI",".AW",".BAS",".BAT",".BAY",".BCP",".BIN",".BKF",".BLG",".BMP",".BSC",".C",".CAMP",".CAP",".CAT",".CC",".CCPROJ",".CD",".CDA",".CDMP",".CDX",".CDXML",".CER",".CGM",".CHK",".CHM",".CLS",".CMD",".COD",".COFFEE",".COM",".COMPOSITEFONT",".CONFIG",".CONTACT",".COVERAGE",".CPL",".CPP",".CR2",".CRL",".CRT",".CRTX",".CRW",".CS",".CSA",".CSH",".CSHADER",".CSHTML",".CSPROJ",".CSS",".CSV",".CUR",".CXX",".DAT",".DATASOURCE",".DB",".DBG",".DBS",".DCR",".DCS",".DCT",".DCTX",".DCTXC",".DDS",".DEF",".DEPLOYPROJ",".DEPS",".DER",".DESKLINE",".DESKTHEMEPACK",".DET",".DEVICEMANIFEST-MS",".DEVICEMETADATA-MS",".DGML",".DIAGCAB",".DIAGCFG",".DIAGPKG",".DIAGSESSION",".DIB",".DIC",".DIFF",".DISCO",".DIVX",".DIZ",".DLL",".DL_",".DMP",".DNG",".DOC",".DOCHTML",".DOCM",".DOCMHTML",".DOCX",".DOCXML",".DOS",".DOT",".DOTHTML",".DOTM",".DOTX",".DQY",".DRF",".DRV",".DSGL",".DSH",".DSHADER",".DSN",".DSP",".DSW",".DTCP-IP",".DTD",".DVR-MS",".DWFX",".EASMX",".EC3",".EDMX",".EDRWX",".EIP",".ELM",".EMF",".EML",".EPRTX",".EPS",".EPUB",".ERF",".ETL",".ETP",".EVT",".EVTX",".EXC",".EXP",".EXT",".EX_",".EYB",".FAQ",".FBX",".FDM",".FFF",".FH",".FIF",".FILTERS",".FKY",".FLAC",".FND",".FNT",".FON",".FX",".GCSX",".GENERICTEST",".GHI",".GIF",".GLB",".GLOX",".GLTF",".GMMP",".GQSX",".GRA",".GROUP",".GRP",".GSH",".GSHADER",".GZ",".H",".HD3D",".HDMP",".HDP",".HEIC",".HEICS",".HEIF",".HEIFS",".HH",".HHC",".HLP",".HLSL",".HLSLI",".HOL",".HPP",".HPX",".HSH",".HSHADER",".HTA",".HTC",".HTM",".HTML",".HTT",".HTW",".HTX",".HXA",".HXC",".HXD",".HXE",".HXF",".HXH",".HXI",".HXK",".HXQ",".HXR",".HXS",".HXT",".HXV",".HXW",".HXX",".I",".IBQ",".ICC",".ICL",".ICM",".ICO",".ICS",".IDB",".IDL",".IDQ",".IIQ",".ILK",".IMC",".IMESX",".INC",".INF",".INI",".INL",".INV",".INX",".IN_",".IPP",".IQY",".ITRACE",".IVF",".JAR",".JAVA",".JBF",".JFIF",".JFR",".JOB",".JOD",".JPE",".JPEG",".JPG",".JPS",".JS",".JSE",".JSON",".JSONID",".JSPROJ",".JSX",".JTX",".JXR",".K25",".KCI",".KDC",".KDMP",".LABEL",".LACCDB",".LATEX",".LDB",".LESS",".LEX",".LGN",".LIB",".LIC",".LNK",".LOCAL",".LOG",".LPCM",".LST",".LZH",".M14",".M1V",".M2T",".M2TS",".M2V",".M3U",".M4A",".M4B",".M4P",".M4R",".M4V",".MAD",".MAF",".MAG",".MAK",".MAM",".MAN",".MANIFEST",".MAP",".MAPIMAIL",".MAQ",".MAR",".MARKDOWN",".MAS",".MASTER",".MAT",".MAU",".MAV",".MAW",".MD",".MDA",".MDB",".MDBHTML",".MDC",".MDE",".MDMP",".MDN",".MDP",".MDT",".MDTXT",".MDW",".MEF",".MFCRIBBON-MS",".MHT",".MHTML",".MID",".MIDI",".MK",".MK3D",".MKA",".MKV",".MLC",".MLPD",".MMF",".MOD",".MOS",".MOV",".MOVIE",".MP2",".MP2V",".MP3",".MP4",".MP4V",".MPA",".MPE",".MPEG",".MPG",".MPO",".MPV2",".MRW",".MS-LOCKSCREENCOMPONENT-PRIMARY",".MS-WINDOWS-STORE-LICENSE",".MSC",".MSEPUB",".MSG",".MSI",".MSIX",".MSIXBUNDLE",".MSP",".MSRCINCIDENT",".MSU",".MTS",".MTX",".MV",".MYDOCS",".NATVIS",".NCB",".NEF",".NFO",".NK2",".NLS",".NRW",".NST",".NUSPEC",".NVR",".OBJ",".OCSMEET",".OCX",".OC_",".ODC",".ODCCUBEFILE","
Source: Binary string: mpengine.pdbOGPS source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF9C0000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: .PDBP source: msedgewebview2.exe, 00000049.00000003.3484708302.00007BA400BC0000.00000004.00000800.00020000.00000000.sdmp
Source: f492136216_mpengine_dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: f492136216_mpengine_dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: f492136216_mpengine_dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: f492136216_mpengine_dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: f492136216_mpengine_dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeRegistry key monitored for changes: \REGISTRY\WC\Silo740263f8-3de6-30be-85e9-e2439ba0ced5user_classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{C89E2069-AF13-46DB-9E39-216131494B87} DeviceTicket
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\loaddll64.exe TID: 5796Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe TID: 6380Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView\Default\blob_storage\1001ab34-345d-4e6e-80a2-4e51c0709bc5 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile Volume queried: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile Volume queried: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f49_947b7a77823a5c3ea6875ffeb475dc2d683e0ad_f57ee189_dcb11083-6f80-4133-b34b-9c7ee9435c63\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_f49_c0df74bb54e4f08084322f66c6b21d309f547efd_f57ee189_77df8745-0db2-41cc-a051-be826814a071\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\Jump to behavior
Source: C:\Windows\System32\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueueJump to behavior
Source: msedgewebview2.exe, 00000043.00000002.4226414295.00001944003F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 7e6a9.jsUSB device added: path=\\?\usb#vid_0e0f&pid_0003#5&fe07fb&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=65e7060d-cd2e-4150-859a-86f093e58260
Source: f492136216_mpengine_dllBinary or memory string: detects_vmware
Source: WebViewHost.exe, 00000042.00000002.4112485807.00000164DFF00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWtWin_0wMSAFD Tcpip [RAW/IPv6]
Source: msedgewebview2.exe, 00000043.00000002.4227766087.0000194400614000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB MouseeaD
Source: msedgewebview2.exe, 00000047.00000002.4102351830.000002CEFBE2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWft%SystemRoot%\system32\mswsock.dlllState\EBWebView--webview-exe-name=WebViewHost.exe--webview-exe-version=18.2411.1163.0--embedded-browser-webview=1--embedded-browser-webview-dpi-awareness=2--mojo-platform-channel-handle=2092--field-trial-handle=2000,i,1152
Source: msedgewebview2.exe, 00000043.00000002.4216181484.0000194400334000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: oodnetwVMware
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmp, f492136216_mpengine_dllBinary or memory string: azurevirtualmachinename_scrubbed
Source: f492136216_mpengine_dllBinary or memory string: InitUserDbHasTelemetryPathSendWDOReportEngine.Maps.SendWdoReport????????-????-????-????-????????????.telem%ls.teleminstalldownloaddetectOfflineTelemetryPathScanCleanuperrutctimeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results%lu-%lu-%lu %lu:%lu:%luLastErrorLastSuccessTimeSoftware\Microsoft\OfficeSoftware\Microsoft\Office\15.0\ClickToRun\ConfigurationoffsnoozingonSOFTWARE\Microsoft\Microsoft Antimalware\FeaturesPassiveModeVirtualMachineNameVMTypeSOFTWARE\Microsoft\Windows Azure\CurrentVersionVmIdSOFTWARE\Microsoft\Windows AzureNodeIdSOFTWARE\Microsoft\Virtual Machine\Guest\ParametersSOFTWARE\AzureHL\NodePropertiesHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\\IdentVMwareVMwareMicrosoft HvRtpStateuptodate%08llXproductamsiuacstreamgenstreambootrpfsamplesubmission_filterdriverslist&%ls-%lsieprotectstreamamsistreamProcessInfoIdexpirytimeruleidActionTimesenseremediationetwRemediationCheckpointReport/AmsiUacInfo skippedMemQueryRegions__TRUNCATED__CurrentProtectionFlagsRtpDesiredAccessAllSigNamesSigNameCollectReasonsContentSizeRtpNewFileHintDetectionTimeBMContextRichDataBMSigContextRichInformationInheritedResourceSigAgeException: Failed to create json for etw eventError sending sense remediation reportMemQueryFromSyncLofiParentSha1OriginalReportTypeError allocated user/usersidOnboardedInfoError creating json for sense heartbeat reportsenseheartbeatetwError sending sense heartbeat reportselectionratelastfiletimefirstfiletimetotalfilecountnotfoundcountexpensivefilecountcollectiontypereportlimitclassificationpearchpetypenewfiletypedeepscancontentsha256contentsha1ruletypetargetpathparentpathinheritanceflagsisauditinvolvedfilepathparentprocesscmdlinetargetprocesscmdlineistargetfSendEtwData=false, bond may have failed - XML requestedSpynetCollectSpynetFailureEngine.Maps.CollectFailedCollectStartedrtpprocessfriendlyrtpproccessfriendlyAddContextualDataReport-VerifyIsFriendlyFilertpprocesscreationtimertpprocessidrtpdesiredaccessMpMaxMemQueryNamedAttributeSize\History\TelemetryEngine.Scan.QuickScanEndedQuickQSStartedEngine.Scan.QuickScanStartedSFCBuildResourceFSEndedEngine.Scan.FullScanEndedFullFSStartedEngine.Scan.FullScanStartedQSEndedGetReportFailedEngine.Maps.GetFailedScan SourceScan IDBegin Unknown Type of ScanCustomBegin Custom ScanFullBegin Full ScanBegin Resource ScanExtended Info - SigSeqKnown FileEnd TimeErrorLogEngine.Scan.LogFailedScanReturn CodeUnsuccessful ScanStart TimeNumber of ResourcesSeverityIdentifierThreat NameUnknown FileResult CountExtended Info - SigShaMP_HISTORYSTORE_LIMITS_MINDISKMP_HISTORYSTORE_LIMITS_MAXSIZEMP_HISTORYSTORE_LIMITS_ENABLEEnd ScanunsupportedMPGEAR_SKIP_PERSISTENCEMP_HISTORYSTORE_LIMITS_DISKFRACTIONMpMaxStreamPersistSizeMpDisableDeleteCorruptUserDBMpHistoryStoreMaxSizeMpHistoryStoreMinDiskMpHistoryStoreDiskFractionMpGearBypassStreamPersistenceSoftware\MicrosoftMpEnableHistoryStoreLimitsMpDisablePersistOverrideMpDisablePersistScanHandleOnThreatNotFound%lsHistory%lsStore%lsHistory
Source: f492136216_mpengine_dllBinary or memory string: VMwareVMware
Source: WebViewHost.exe, 00000042.00000002.4114405076.00000164DFF20000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3510449555.000001F96BDA2000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000043.00000003.3581604760.000001F96BDAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
Source: msedgewebview2.exe, 00000043.00000002.4171335000.000001F96F015000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: WebViewHost.exe, 00000042.00000002.4103802335.00000164DDAAB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWio@l
Source: rundll32.exe, 00000003.00000002.2901053280.00007FF9AF782000.00000002.00000001.01000000.00000003.sdmp, f492136216_mpengine_dllBinary or memory string: azurevirtualmachinename
Source: msedgewebview2.exe, 00000043.00000002.4128276556.000001F969E4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWes
Source: f492136216_mpengine_dllBinary or memory string: dynmem_detects_vmware
Source: f492136216_mpengine_dllBinary or memory string: pea_dynmem_detects_vmware
Source: f492136216_mpengine_dllBinary or memory string: pea_detects_vmware
Source: msedgewebview2.exe, 00000043.00000002.4226414295.00001944003F7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: sedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2132f61f-f790-4ae6-a355-8cf9a1533800?P1=1742007851&P2=404&P3=2&P4=NQdug%2bCc%2bX0mEaCjLgUC%2bQsx4%2f5641t%2bkuzGO1M4tSjYJ3S1fXt%2fslpFuzNP1h7B1dXKXd8LUX4wA847BQDSQA%3d%3d7e6a9.jsUSB device added: path=\\?\usb#vid_0e0f&pid_0003#5&fe07fb&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=65e7060d-cd2e-4150-859a-86f093e582600eada.jsScripts
Source: C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformation
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe protection: readonly
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\f492136216_mpengine_dll.dll",#1Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared --mojo-named-platform-channel-pipe=7048.1824.9230578198698244367
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=100.0.4896.75 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=100.0.1185.36 --initial-client-data=0x138,0x13c,0x140,0x114,0x148,0x7ff9a2d6d840,0x7ff9a2d6d850,0x7ff9a2d6d860
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2396 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=3993088734 --mojo-platform-channel-handle=3196 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22621.3672 --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\EBWebView" --webview-exe-name=WebViewHost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=msSingleSignOnOSForPrimaryAccountIsShared /prefetch:2
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=mssinglesignonosforprimaryaccountisshared --mojo-named-platform-channel-pipe=7048.1824.9230578198698244367
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=100.0.4896.75 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=100.0.1185.36 --initial-client-data=0x138,0x13c,0x140,0x114,0x148,0x7ff9a2d6d840,0x7ff9a2d6d850,0x7ff9a2d6d860
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1904 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=mssinglesignonosforprimaryaccountisshared /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=mssinglesignonosforprimaryaccountisshared /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=utility --noerrdialogs --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2396 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=mssinglesignonosforprimaryaccountisshared /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=3993088734 --mojo-platform-channel-handle=3196 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=mssinglesignonosforprimaryaccountisshared /prefetch:1
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe "c:\program files (x86)\microsoft\edge\application\100.0.1185.36\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.winrtappidservice --lang=en-us --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.36\identity_helper.exe "c:\program files (x86)\microsoft\edge\application\100.0.1185.36\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.winrtappidservice --lang=en-us --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=2176,i,11391005611838203704,4414965577889283804,131072 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22621.3672 --noerrdialogs --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1796 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=mssinglesignonosforprimaryaccountisshared /prefetch:2
Source: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2411.1163.0_x64__8wekyb3d8bbwe\WebViewHost.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --enable-features=mssinglesignonosforprimaryaccountisshared --mojo-named-platform-channel-pipe=7048.1824.9230578198698244367
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=100.0.4896.75 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=100.0.1185.36 --initial-client-data=0x138,0x13c,0x140,0x114,0x148,0x7ff9a2d6d840,0x7ff9a2d6d850,0x7ff9a2d6d860
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1904 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=mssinglesignonosforprimaryaccountisshared /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2092 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=mssinglesignonosforprimaryaccountisshared /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=utility --noerrdialogs --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2396 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=mssinglesignonosforprimaryaccountisshared /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --launch-time-ticks=3993088734 --mojo-platform-channel-handle=3196 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=mssinglesignonosforprimaryaccountisshared /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\100.0.1185.36\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=32069 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22621.3672 --noerrdialogs --user-data-dir="c:\users\user\appdata\local\packages\microsoft.microsoftofficehub_8wekyb3d8bbwe\localstate\ebwebview" --webview-exe-name=webviewhost.exe --webview-exe-version=18.2411.1163.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1796 --field-trial-handle=2000,i,1152665940639915510,17042987104756587829,131072 --enable-features=mssinglesignonosforprimaryaccountisshared /prefetch:2
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeQueries volume information: C:\Program Files\Microsoft Office\root\Office16\AI\PowerPointCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\WidevineCdm\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\Trust Protection Lists\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.36\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\AI\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter		1
DLL Side-Loading		111
Process Injection		1
Masquerading		OS Credential Dumping1
Query Registry		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory11
Security Software Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook21
Virtualization/Sandbox Evasion		NTDS21
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput Capture15
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script111
Process Injection		LSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Rundll32		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync24
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1633297 Sample: f492136216_mpengine_dll Startdate: 10/03/2025 Architecture: WINDOWS Score: 48 64 www.tm.a.prd.aadg.trafficmanager.net 2->64 66 www.microsoft365.com 2->66 68 46 other IPs or domains 2->68 8 loaddll64.exe 1 2->8         started        10 WebViewHost.exe 2->10         started        12 msedge.exe 2->12         started        16 2 other processes 2->16 process3 dnsIp4 18 cmd.exe 1 8->18         started        20 rundll32.exe 8->20         started        22 rundll32.exe 8->22         started        35 19 other processes 8->35 24 msedgewebview2.exe 10->24         started        70 192.168.2.24, 137, 138, 443 unknown unknown 12->70 72 239.255.255.250 unknown Reserved 12->72 90 Maps a DLL or memory area into another process 12->90 28 msedge.exe 12->28         started        31 identity_helper.exe 12->31         started        37 2 other processes 12->37 74 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 54023, 54024 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 16->74 33 ai.exe 16->33         started        signatures5 process6 dnsIp7 39 rundll32.exe 18->39         started        41 WerFault.exe 13 20->41         started        43 WerFault.exe 13 22->43         started        60 C:\Users\user\AppData\...\download_cache, COM 24->60 dropped 62 C:\Users\user\AppData\Local\...\cache, COM 24->62 dropped 88 Found strings related to Crypto-Mining 24->88 45 msedgewebview2.exe 24->45         started        56 5 other processes 24->56 76 13.107.42.14, 443, 53946 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 28->76 78 20.125.209.212, 443, 53922, 53935 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 28->78 80 26 other IPs or domains 28->80 48 WerFault.exe 35->48         started        50 WerFault.exe 35->50         started        52 WerFault.exe 35->52         started        54 WerFault.exe 35->54         started        file8 signatures9 process10 dnsIp11 58 WerFault.exe 13 39->58         started        82 b-0004.b-msedge.net 13.107.6.156, 443, 54009, 54010 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 45->82 84 chrome.cloudflare-dns.com 172.64.41.3, 443, 53717, 53920 CLOUDFLARENETUS United States 45->84 86 23.219.161.140, 443, 54019, 54020 AKAMAI-ASN1EU United States 45->86 process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.