Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
f468369488.exe

Overview

General Information

Sample name:f468369488.exe
Analysis ID:1634898
MD5:7c5ac410399218a22936c101bc923c1e
SHA1:d82eb53127c4f7f3f2c39aabfcf6c8708212411b
SHA256:db36401a004cac66edbe2fcb488a78a8e09f38644d8f6ad9608c54b907ef373f
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Allocates memory with a write watch (potentially for evading sandboxes)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 2204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --loadload-extension=C:\Windows\crx MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 5500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1964,i,3621030582613594933,2422661075297565391,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • msedge.exe (PID: 5288 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault40f7c6a5h035dh4055h8863ha3a4f9b028be MD5: 69222B8101B0601CC6663F8381E7E00F)
  • EXCEL.EXE (PID: 7140 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE" MD5: 4A871771235598812032C822E6F68F19)
  • msedge.exe (PID: 3376 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:?url=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Donedrive%26form%3DWNSGPH%26qs%3DAS%26cvid%3Dd5489813a1f8413bbabf47a101577ea6%26pq%3Doned%26cc%3DCH%26setlang%3Den-CH%26nclid%3D99325A50A46066F842A6B684698F464A%26ts%3D1741668964358%26nclidts%3D1741668964%26tsms%3D358%26wsso%3DModerate&timestamp=1741668964358&source=WindowsSearchBox&campaign=addedgeprot&medium=AutoSuggest MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 4788 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2036,i,1596126252657097205,1912832882397972333,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7560 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6460 --field-trial-handle=2036,i,1596126252657097205,1912832882397972333,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7580 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6228 --field-trial-handle=2036,i,1596126252657097205,1912832882397972333,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • WWAHost.exe (PID: 7976 cmdline: "C:\Windows\system32\wwahost.exe" -ServerName:App.wwa MD5: 69318AE264A1E45ED570CEDCDC4B7B69)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://login.microsoftonline.de/ostAvira URL Cloud: Label: phishing
Source: unknownHTTPS traffic detected: 95.101.182.65:443 -> 192.168.2.17:49859 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.13.148.175:443 -> 192.168.2.17:49868 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.13.148.175:443 -> 192.168.2.17:49869 version: TLS 1.2
Source: f468369488.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: Joe Sandbox ViewIP Address: 95.101.182.65 95.101.182.65
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: Joe Sandbox ViewIP Address: 13.107.5.80 13.107.5.80
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.184.227
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.73
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.73
Source: unknownTCP traffic detected without corresponding DNS query: 23.57.90.73
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: unknownTCP traffic detected without corresponding DNS query: 23.43.85.30
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /crx/blobs/Ad_brx23lef_cW590ESOTTAroOhZ9si0XFJIUC52j2ILHW1VLB5ou6c0RgLWwGr1aRJJZ0WPNyiPBYgIpWfykvhKW-6BLzMRsp9ykw5f6ReBQmPpO6WB9pcSJPfykLTHDjYAxlKa5bf72z8tHS5eXuTavTP1h4WZBjSs/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=a87a570e-488f-4226-a55c-bb2e36bd44b7&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22E153646DB2D846E99371F9DF9AAB5119%22%7d HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon/?url=microsoft.com HTTP/1.1Host: services.bingapis.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css HTTP/1.1Referer: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clientid=82864fa0-ed49-4711-8395-a0e6003dca1fAccept: text/css,*/*;q=0.1Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; MSAppHost/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: logincdn.msftauth.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /apc/trans.gif?1769d94f5c8e641d014af34e0eb402e3 HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: e4688940bf2a8ee7b41ac2cb9efdcfbb.azr.footprintdns.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /apc/trans.gif?74900f358d39a8f09a7db264677d6090 HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: e4688940bf2a8ee7b41ac2cb9efdcfbb.azr.footprintdns.comConnection: Keep-Alive
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log8.22.drString found in binary or memory: Click to play.\" data-dc=\"vtdc_white\" class=\"mc_vtvc_link\" target=\"_blank\" href=\"https://www.bing.com/ck/a?!&amp;&amp;p=eb8c97a2217aceaf0f12927ec67374c4daca143f7e415a4c2ba28b5cf20b4698JmltdHM9MTc0MTU2NDgwMA&amp;ptn=3&amp;ver=2&amp;hsh=4&amp;fclid=39714033-71da-64e4-03cb-559f704b651c&amp;u=a1L3ZpZGVvcy9yaXZlcnZpZXcvcmVsYXRlZHZpZGVvP3E9b25lZHJpdmUmbWlkPUEzRDkzNjNEOTdDNzUwNTQ0RkRBQTNEOTM2M0Q5N0M3NTA1NDRGREEmRk9STT1WSVJF&amp;ntb=1\" h=\"ID=SERP,5538.1\"><div class=\"mc_vtvc_con_rc\"><div class=\"mc_vtvc_th b_canvas\"><div class=\"cico\"><div class=\"rms_iac\" style=\"height:110px;line-height:110px;width:197px;\" data-height=\"110\" data-width=\"197\" data-alt=\"How to use OneDrive | Microsoft\" data-class=\"rms_img\" data-src=\"//th.bing.com/th?id=OVP.GP3xXvs5oNownVJ95FU-jgHgFo&amp;w=197&amp;h=110&amp;c=7&amp;rs=1&amp;qlt=90&amp;o=6&amp;pid=1.7\"></div></div><div class=\"mc_vtvc_htc\"><div class=\"mc_vtvc_htb\"><div class=\"mc_vtvc_ht\">Watch video</div></div></div><div class=\"mc_vtvc_center_play\"></div><div class=\"mc_vtvc_ban_lo\"><div class=\"vtbc\"><div class=\"mc_bc_w b_smText\"><div class=\"mc_bc items\">1:10</div></div></div></div></div><div class=\"mc_vtvc_meta\"><div class=\"mc_vtvc_title\" title=\"How to use OneDrive | Microsoft\">How to use <strong>OneDrive</strong> | Microsoft</div><div class=\"mc_vtvc_meta_block_area\"><div class=\"mc_vtvc_meta_row mc_vtvc_meta_pubdate\"><span class=\"meta_vc_content\">43K views</span><span class=\"meta_pd_content\">18 Aug 2023</span></div><div class=\"mc_vtvc_meta_row mc_vtvc_meta_channel\"><span>YouTube</span><span class=\"mc_vtvc_meta_row_channel\">Microsoft Helps</span></div></div></div><div class=\"vrhdata\" ht=\"0\" vrhm=\"{&quot;cid&quot;:&quot;serpvidans_hc&quot;,&quot;smturl&quot;:&quot;/th?id=OM.2k9UUMeXPTbZow_1732449485&amp;pid=1.7&quot;,&quot;bci&quot;:0,&quot;du&quot;:&quot;1:10&quot;,&quot;murl&quot;:&quot;https://www.youtube.com/watch?v=AfDmNiBoITQ&quot;,&quot;thid&quot;:&quot;OVP.GP3xXvs5oNownVJ95FU-jgHgFo&quot;,&quot;mid&quot;:&quot;A3D9363D97C750544FDAA3D9363D97C750544FDA&quot;,&quot;vt&quot;:&quot;How to use OneDrive | Microsoft&quot;,&quot;IsAdultThumb&quot;:false,&quot;EnableLoopPlay&quot;:false,&quot;pgurl&quot;:&quot;https://www.youtube.com/watch?v=AfDmNiBoITQ&quot;,&quot;q&quot;:&quot;onedrive&quot;}\"></div></div></a></div></div><div id=\"mc_cwvc_1741668970089\"><div id=\"mc_vtvc__24\" class=\"mc_vtvc b_canvas mc_vtvc_cc creator\" data-priority=\"1\"><a aria-label=\"How to Use Microsoft equals www.youtube.com (Youtube)
Source: 000003.log8.22.drString found in binary or memory: Click to play.\" data-dc=\"vtdc_yellow\" class=\"mc_vtvc_link\" target=\"_blank\" href=\"https://www.bing.com/ck/a?!&amp;&amp;p=93fcf956d853c3c5a0dea8092793211921b6ff98f3d075d234d0133ecce04ce6JmltdHM9MTc0MTU2NDgwMA&amp;ptn=3&amp;ver=2&amp;hsh=4&amp;fclid=39714033-71da-64e4-03cb-559f704b651c&amp;u=a1L3ZpZGVvcy9yaXZlcnZpZXcvcmVsYXRlZHZpZGVvP3E9b25lZHJpdmUmbWlkPTJCMTdERUExODE2RjM2NjI3NUY2MkIxN0RFQTE4MTZGMzY2Mjc1RjYmRk9STT1WSVJF&amp;ntb=1\" h=\"ID=SERP,5539.1\"><div class=\"mc_vtvc_con_rc\"><div class=\"mc_vtvc_th b_canvas\"><div class=\"cico\"><div class=\"rms_iac\" style=\"height:110px;line-height:110px;width:197px;\" data-height=\"110\" data-width=\"197\" data-alt=\"How to Use Microsoft OneDrive - For the New User\" data-class=\"rms_img\" data-src=\"//th.bing.com/th?id=OVP.k8SU_s5vSx4liBlZHCsBlAHgFo&amp;w=197&amp;h=110&amp;c=7&amp;rs=1&amp;qlt=90&amp;o=6&amp;pid=1.7\"></div></div><div class=\"mc_vtvc_htc\"><div class=\"mc_vtvc_htb\"><div class=\"mc_vtvc_ht\">Watch video</div></div></div><div class=\"mc_vtvc_center_play\"></div><div class=\"mc_vtvc_ban_lo\"><div class=\"vtbc\"><div class=\"mc_bc_w b_smText\"><div class=\"mc_bc items\">26:14</div></div></div></div></div><div class=\"mc_vtvc_meta\"><div class=\"mc_vtvc_title\" title=\"How to Use Microsoft OneDrive - For the New User\">How to Use Microsoft <strong>OneDrive</strong> - For the New User</div><div class=\"mc_vtvc_meta_block_area\"><div class=\"mc_vtvc_meta_row mc_vtvc_meta_pubdate\"><span class=\"meta_vc_content\">69.9K views</span><span class=\"meta_pd_content\">23 Nov 2020</span></div><div class=\"mc_vtvc_meta_row mc_vtvc_meta_channel\"><span>YouTube</span><span class=\"mc_vtvc_meta_row_channel\">Teacher's Tech</span></div></div></div><div class=\"vrhdata\" ht=\"0\" vrhm=\"{&quot;cid&quot;:&quot;serpvidans_hc&quot;,&quot;smturl&quot;:&quot;/th?id=OM.9nViNm-Bod4XKw_1739666571&amp;pid=1.7&quot;,&quot;bci&quot;:0,&quot;du&quot;:&quot;26:14&quot;,&quot;murl&quot;:&quot;https://www.youtube.com/watch?v=rmqZW8fdolE&quot;,&quot;thid&quot;:&quot;OVP.k8SU_s5vSx4liBlZHCsBlAHgFo&quot;,&quot;mid&quot;:&quot;2B17DEA1816F366275F62B17DEA1816F366275F6&quot;,&quot;vt&quot;:&quot;How to Use Microsoft OneDrive - For the New User&quot;,&quot;IsAdultThumb&quot;:false,&quot;EnableLoopPlay&quot;:false,&quot;pgurl&quot;:&quot;https://www.youtube.com/watch?v=rmqZW8fdolE&quot;,&quot;q&quot;:&quot;onedrive&quot;}\"></div></div></a></div></div><div id=\"mc_cwvc_1741668970093\"><div id=\"mc_vtvc__27\" class=\"mc_vtvc b_canvas mc_vtvc_cc creator\" data-priority=\"2\"><a aria-label=\"Microsoft equals www.youtube.com (Youtube)
Source: 000003.log8.22.drString found in binary or memory: vc_ht\">Watch video</div></div></div><div class=\"mc_vtvc_center_play\"></div><div class=\"mc_vtvc_ban_lo\"><div class=\"vtbc\"><div class=\"mc_bc_w b_smText\"><div class=\"mc_bc items\">29:03</div></div></div></div></div><div class=\"mc_vtvc_meta\"><div class=\"mc_vtvc_title\" title=\"How to use the NEW Microsoft OneDrive - Made Easy for Everyone\">How to use the NEW Microsoft <strong>OneDrive</strong> - Made Easy for Everyone</div><div class=\"mc_vtvc_meta_block_area\"><div class=\"mc_vtvc_meta_row mc_vtvc_meta_pubdate\"><span class=\"meta_vc_content\">49.4K views</span><span class=\"meta_pd_content\">27 Nov 2023</span></div><div class=\"mc_vtvc_meta_row mc_vtvc_meta_channel\"><span>YouTube</span><span class=\"mc_vtvc_meta_row_channel\">Teacher's Tech</span></div></div></div><div class=\"vrhdata\" ht=\"0\" vrhm=\"{&quot;cid&quot;:&quot;serpvidans_hc&quot;,&quot;smturl&quot;:&quot;/th?id=OM.oej9-oCpjNfJDw_1740172184&amp;pid=1.7&quot;,&quot;bci&quot;:0,&quot;du&quot;:&quot;29:03&quot;,&quot;murl&quot;:&quot;https://www.youtube.com/watch?v=eCTn3Tmu538&quot;,&quot;thid&quot;:&quot;OVP.2u39u5eqBpLeKCbZ-fcVsgHgFo&quot;,&quot;mid&quot;:&quot;0FC9D78CA980FAFDE8A10FC9D78CA980FAFDE8A1&quot;,&quot;vt&quot;:&quot;How to use the NEW Microsoft OneDrive - Made Easy for Everyone&quot;,&quot;IsAdultThumb&quot;:false,&quot;EnableLoopPlay&quot;:false,&quot;pgurl&quot;:&quot;https://www.youtube.com/watch?v=eCTn3Tmu538&quot;,&quot;q&quot;:&quot;onedrive&quot;}\"></div></div></a></div></div><div id=\"mc_cwvc_1741668970086\"><div id=\"mc_vtvc__21\" class=\"mc_vtvc b_canvas mc_vtvc_cc creator\" data-priority=\"1\"><a aria-label=\"How to use equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: logincdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: e4688940bf2a8ee7b41ac2cb9efdcfbb.azr.footprintdns.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 907sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CLf3ygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: WWAHost.exe, 0000001D.00000002.2392438908.00000242A7225000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
Source: WWAHost.exe, 0000001D.00000002.2438585672.00000242BB0F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512n.dll
Source: WWAHost.exe, 0000001D.00000002.2438585672.00000242BB0F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: WWAHost.exe, 0000001D.00000002.2438585672.00000242BB0F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdn
Source: WWAHost.exe, 0000001D.00000002.2393595079.00000242A72E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://knockoutjs.com/
Source: WWAHost.exe, 0000001D.00000003.2226879865.00000242A7071000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2412665210.00000242B8400000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2399732829.00000242A75E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://passport.net/purpose
Source: WWAHost.exe, 0000001D.00000002.2391540888.00000242A720C000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2228793620.00000242A70B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://requirejs.org/docs/errors.html#
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://requirejs.org/docs/errors.html#n
Source: WWAHost.exe, 0000001D.00000002.2439726995.00000242BB224000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: WWAHost.exe, 0000001D.00000002.2439726995.00000242BB224000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policytory
Source: WWAHost.exe, 0000001D.00000002.2439726995.00000242BB224000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: WWAHost.exe, 0000001D.00000002.2438585672.00000242BB0F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
Source: WWAHost.exe, 0000001D.00000002.2439354836.00000242BB1FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: WWAHost.exe, 0000001D.00000002.2439354836.00000242BB1FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/X
Source: WWAHost.exe, 0000001D.00000002.2439354836.00000242BB1FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/dca1f
Source: WWAHost.exe, 0000001D.00000002.2439354836.00000242BB1FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
Source: chromecache_311.9.drString found in binary or memory: http://www.broofa.com
Source: WWAHost.exe, 0000001D.00000002.2393595079.00000242A72E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.json.org/json2.js
Source: WWAHost.exe, 0000001D.00000002.2393595079.00000242A72E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory-ppe.windowsazure.com/
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory.windowsazure.cn/
Source: WWAHost.exe, 0000001D.00000002.2370204073.0000023AA063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory.windowsazure.com/
Source: WWAHost.exe, 0000001D.00000002.2370204073.0000023AA063F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.activedirectory.windowsazure.us/
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live-int.com/
Source: WWAHost.exe, 0000001D.00000002.2402143165.00000242A771F000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/
Source: WWAHost.exe, 0000001D.00000003.2294111435.00000242BB6D0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2443786280.00000242BB6D2000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2283324040.0000023AA07CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/ChangePassword?uaid=92cb34f87ce34c6b8dd899c8eb7761f3
Source: WWAHost.exe, 0000001D.00000002.2439577698.00000242BB213000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2412665210.00000242B8400000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2425998721.00000242B9397000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2290961479.0000023AA07E1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2426571159.00000242B93F0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2294051764.00000242B93EF000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2405636764.00000242A7A31000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2444041577.00000242BB718000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2283324040.0000023AA07CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/ResetPassword.aspx?id=80604&platform=Windows10&client_id=1E00004835BC29&cli
Source: WWAHost.exe, 0000001D.00000003.2283324040.0000023AA07CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/query.aspx?uaid=92cb34f87ce34c6b8dd899c8eb7761f3&mkt=EN-GB&lc=2057&id=80604
Source: WWAHost.exe, 0000001D.00000002.2429565590.00000242B95E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2405636764.00000242A7A20000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2409330537.00000242B7F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/username/recover?id=80604&client_id=1E00004835BC29&mkt=EN-GB&lc=2057&uaid=9
Source: chromecache_309.9.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_309.9.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: WWAHost.exe, 0000001D.00000002.2429565590.00000242B95E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2440806236.00000242BB2B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msauth.net
Source: WWAHost.exe, 0000001D.00000002.2390088192.00000242A713C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msauth.net.js
Source: WWAHost.exe, 0000001D.00000002.2439726995.00000242BB224000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2440911028.00000242BB2CB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2440194408.00000242BB27B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429565590.00000242B95E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2389598093.00000242A70E1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2390088192.00000242A713C000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429294921.00000242B95C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msauth.net/
Source: WWAHost.exe, 0000001D.00000002.2440911028.00000242BB2CB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429565590.00000242B95E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2440806236.00000242BB2B9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2390088192.00000242A713C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msftauth.net
Source: WWAHost.exe, 0000001D.00000002.2439726995.00000242BB224000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2440911028.00000242BB2CB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2440194408.00000242BB27B000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429565590.00000242B95E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2389598093.00000242A70E1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2390088192.00000242A713C000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429294921.00000242B95C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdn.msftauth.net/
Source: WWAHost.exe, 0000001D.00000002.2440806236.00000242BB2B9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429294921.00000242B95C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdnmsftuswe2.azureedge.net/
Source: WWAHost.exe, 0000001D.00000002.2436841824.00000242BB033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acctcdnmsftuswe2.azureedge.net/:Tue
Source: Reporting and NEL.23.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
Source: Reporting and NEL.23.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingcsp
Source: Reporting and NEL.23.drString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE
Source: chromecache_309.9.dr, chromecache_311.9.drString found in binary or memory: https://apis.google.com
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://bard.google.com/
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://buy.live-int.com/
Source: WWAHost.exe, 0000001D.00000002.2370585853.0000023AA0667000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://buy.live.com/
Source: Reporting and NEL.23.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: offscreendocument_main.js.22.dr, service_worker_bin_prod.js.22.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: Web Data.22.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.22.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json0.22.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.22.drString found in binary or memory: https://chromewebstore.google.com/
Source: manifest.json.22.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chromecache_309.9.drString found in binary or memory: https://clients6.google.com
Source: chromecache_309.9.drString found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.23.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json.22.drString found in binary or memory: https://docs.google.com/
Source: chromecache_309.9.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: manifest.json.22.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.22.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.22.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.22.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.22.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.22.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.22.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.22.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.22.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.22.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.22.drString found in binary or memory: https://drive.google.com/
Source: Web Data.22.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.22.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.22.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log1.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log1.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log0.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.dr, HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log1.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.dr, HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log1.22.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: chromecache_311.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_311.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_311.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_311.9.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://gaana.com/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: Reporting and NEL.23.drString found in binary or memory: https://identity.nel.measure.office.net/api/report?catId=GW
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: WWAHost.exe, 0000001D.00000002.2427516920.00000242B9473000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA06D9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2390088192.00000242A713C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css
Source: WWAHost.exe, 0000001D.00000002.2430819784.00000242B9789000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssX
Source: WWAHost.exe, 0000001D.00000002.2389598093.00000242A70E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssame-templa
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssh
Source: WWAHost.exe, 0000001D.00000002.2389598093.00000242A70E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csshRecogniti
Source: WWAHost.exe, 0000001D.00000002.2436596565.00000242BB01E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssly
Source: WWAHost.exe, 0000001D.00000002.2388562968.00000242A7000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/Accept-Encoding:
Source: WWAHost.exe, 0000001D.00000002.2388562968.00000242A7000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/C:
Source: WWAHost.exe, 0000001D.00000002.2436841824.00000242BB033000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lgincdnmsftuswe2.azureedge.net/DCP=
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live-int.com/
Source: WWAHost.exe, 0000001D.00000002.2413461264.00000242B84D5000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2413341042.00000242B8464000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2436841824.00000242BB033000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2388925368.00000242A703F000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2441017643.00000242BB2D6000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2440194408.00000242BB294000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2436788293.00000242BB030000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: WWAHost.exe, 0000001D.00000002.2440194408.00000242BB294000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2367809990.00000090F75FB000.00000004.00000010.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2390088192.00000242A713C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
Source: WWAHost.exe, 0000001D.00000002.2429565590.00000242B95E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2405636764.00000242A7A20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/GetCreden
Source: WWAHost.exe, 0000001D.00000002.2439577698.00000242BB213000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2412665210.00000242B8400000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2425998721.00000242B9397000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2290961479.0000023AA07E1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2430423838.00000242B9708000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2405636764.00000242A7A31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/GetCredentialType.srf?id=80604&client_id=000000004835BC29&platform=Windows10&
Source: WWAHost.exe, 0000001D.00000002.2405636764.00000242A7A2C000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2443728391.00000242BB6C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/GetSessionState.srf?platform=Windows10&id=80604&clientid=82864fa0-ed49-4711-8
Source: WWAHost.exe, 0000001D.00000003.2283324040.0000023AA07CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/Instrumentation.srf?actionid=15&mkt=EN-GB&lc=2057&uaid=92cb34f87ce34c6b8dd899
Source: WWAHost.exe, 0000001D.00000002.2440194408.00000242BB294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/NTLM
Source: WWAHost.exe, 0000001D.00000003.2283324040.0000023AA07CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/cookiesDisabled.srf?uaid=92cb34f87ce34c6b8dd899c8eb7761f3&mkt=EN-GB&lc=2057
Source: WWAHost.exe, 0000001D.00000002.2443728391.00000242BB6C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/cookiesDisabled.srf?uaid=92cb34f87ce34c6b8dd899c8eb7761f3&mkt=EN-GB&lc=2057ht
Source: WWAHost.exe, 0000001D.00000002.2440194408.00000242BB294000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
Source: WWAHost.exe, 0000001D.00000002.2447810617.00000242BBB11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/hx
Source: WWAHost.exe, 0000001D.00000002.2444041577.00000242BB710000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/jsDisabled.srf?mkt=EN-GB&lc=2057&uaid=92cb34f87ce34c6b8dd899c8eb7761f3
Source: WWAHost.exe, 0000001D.00000003.2283324040.0000023AA07D4000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2427516920.00000242B9473000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf%3fplatform%3dWindows10%26id%3d80604%26clientid%3d828
Source: WWAHost.exe, 0000001D.00000002.2428051501.00000242B950E000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2294111435.00000242BB6CD000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2371138169.0000023AA06D6000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2370204073.0000023AA063F000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2282762230.00000242BB6CD000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2389598093.00000242A70E1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2371138169.0000023AA06D9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2436788293.00000242BB030000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2443786280.00000242BB6CD000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429294921.00000242B95C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604&scid=1&mkt=en-GB&Platform=Windows10&clienti
Source: WWAHost.exe, 0000001D.00000002.2425946694.00000242B9297000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2293777469.00000242B928B000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2283324040.0000023AA07CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?platform=Windows10&id=80604&clientid=82864fa0-ed49-4
Source: WWAHost.exe, 0000001D.00000002.2405636764.00000242A7A2C000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2426465665.00000242B93E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/post.srf?mkt=en-GB&platform=Windows10&id=80604&clientid=82864fa0-ed4
Source: WWAHost.exe, 0000001D.00000002.2410123303.00000242B8020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline-ppe.com/WebApp/NextGenCredentials/
Source: Session_13386142567445522.22.drString found in binary or memory: https://login.microsoftonline.com
Source: WWAHost.exe, 0000001D.00000002.2397718291.00000242A7500000.00000004.00000800.00020000.00000000.sdmp, 000005.ldb.22.dr, Session_13386142567445522.22.dr, 000003.log8.22.drString found in binary or memory: https://login.microsoftonline.com/
Source: WWAHost.exe, 0000001D.00000002.2401157085.00000242A768D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/AutoPilot/https://login.microsoftonline.com/WebApp/OtaDomai
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/CloudDomainJoin/
Source: WWAHost.exe, 0000001D.00000002.2411239219.00000242B80C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/CloudDomainJoin/https://login.microsoftonline.com/WebApp/Ot
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/ConnectAADAccount/Ll
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/DeviceDisplayName/
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/DeviceSubscription/
Source: WWAHost.exe, 0000001D.00000002.2417655954.00000242B89A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/NextGenCredentials/
Source: WWAHost.exe, 0000001D.00000002.2410346301.00000242B8040000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2401157085.00000242A768D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/OtaDomainJoin/https://login.windows-ppe.net/WebApp/CloudDom
Source: WWAHost.exe, 0000001D.00000002.2411239219.00000242B80C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/UnifiedEnrollment/
Source: WWAHost.exe, 0000001D.00000002.2410346301.00000242B8040000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2401157085.00000242A768D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/WebApp/WindowsLogon/
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/ost
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.partner.microsoftonline.cn/
Source: WWAHost.exe, 0000001D.00000002.2411239219.00000242B80C0000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/AutoPilot/
Source: WWAHost.exe, 0000001D.00000002.2401157085.00000242A768D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/ConnectAADAccount/https://login.windows-ppe.net/WebApp/WindowsL
Source: WWAHost.exe, 0000001D.00000002.2401157085.00000242A768D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/DeviceDisplayName/ms-appx-web://microsoft.windows.cloudexperien
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/DeviceSubscription/
Source: WWAHost.exe, 0000001D.00000002.2411239219.00000242B80C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/NextGenCredentials/https://login.microsoftonline.com/WebApp/Nex
Source: WWAHost.exe, 0000001D.00000002.2410346301.00000242B8040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/OtaDomainJoin/
Source: WWAHost.exe, 0000001D.00000002.2401157085.00000242A768D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/OtaDomainJoin/ms-appx-web://microsoft.windows.cloudexperienceho
Source: WWAHost.exe, 0000001D.00000002.2411239219.00000242B80C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/UnifiedEnrollment/
Source: WWAHost.exe, 0000001D.00000002.2410346301.00000242B8040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/WebApp/WindowsLogon/
Source: WWAHost.exe, 0000001D.00000002.2392438908.00000242A7243000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
Source: WWAHost.exe, 0000001D.00000002.2427516920.00000242B9473000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2390088192.00000242A713C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/
Source: WWAHost.exe, 0000001D.00000002.2425710955.00000242B9288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/https://logincdn.msftauth.net/A
Source: WWAHost.exe, 0000001D.00000002.2440714666.00000242BB2B1000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2440911028.00000242BB2CB000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429565590.00000242B95E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2390088192.00000242A713C000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429294921.00000242B95C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net
Source: WWAHost.exe, 0000001D.00000002.2427516920.00000242B9473000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2390088192.00000242A713C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/
Source: WWAHost.exe, 0000001D.00000002.2429565590.00000242B95E9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2405636764.00000242A7A20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000.30543.3/agreements/privacy/en-gb/privacy.txt?x=16.000.30543.3
Source: WWAHost.exe, 0000001D.00000002.2430423838.00000242B9708000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2283324040.0000023AA07CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000.30543.3/agreements/tou/en-oed/TOU.txt?x=16.000.30543.3
Source: WWAHost.exe, 0000001D.00000002.2388925368.00000242A703F000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2392438908.00000242A7243000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2413093564.00000242B8443000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2368311540.00000090F9648000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css
Source: WWAHost.exe, 0000001D.00000002.2413341042.00000242B8464000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css-af32-4c4e6a0b00dd
Source: WWAHost.exe, 0000001D.00000002.2389598093.00000242A70E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css3LL
Source: WWAHost.exe, 0000001D.00000002.2413093564.00000242B8443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.css6.DLL
Source: WWAHost.exe, 0000001D.00000002.2413093564.00000242B8443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssDLL
Source: WWAHost.exe, 0000001D.00000002.2426465665.00000242B93E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssR
Source: WWAHost.exe, 0000001D.00000002.2426465665.00000242B93E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csshttps://logincdn.ms
Source: WWAHost.exe, 0000001D.00000002.2413093564.00000242B8443000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.cssly
Source: WWAHost.exe, 0000001D.00000002.2389598093.00000242A70E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/Converged_v22057_mG-wAdV--_sq1kXms675SA2.csstml
Source: WWAHost.exe, 0000001D.00000002.2439216433.00000242BB1E2000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2438585672.00000242BB115000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2440806236.00000242BB2B9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2371138169.0000023AA06D9000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429294921.00000242B95C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_jxHVwRSygqR3I4j
Source: WWAHost.exe, 0000001D.00000002.2430671585.00000242B975B000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2413093564.00000242B8443000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2429294921.00000242B95C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.js
Source: WWAHost.exe, 0000001D.00000002.2436357818.00000242BB000000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2438585672.00000242BB0F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.js...
Source: WWAHost.exe, 0000001D.00000002.2388925368.00000242A703F000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2392438908.00000242A7243000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.js.js
Source: WWAHost.exe, 0000001D.00000002.2389598093.00000242A70E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.jsSections.jsons
Source: WWAHost.exe, 0000001D.00000002.2388925368.00000242A703F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.jseech.SpeechRecogniti
Source: WWAHost.exe, 0000001D.00000002.2388925368.00000242A703F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.jsjs
Source: WWAHost.exe, 0000001D.00000002.2388925368.00000242A703F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/16.000/content/js/WinJS_vcvx4TydCFioSeM4NLxTDw2.jstml
Source: WWAHost.exe, 0000001D.00000003.2283324040.0000023AA07CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/
Source: WWAHost.exe, 0000001D.00000002.2377268377.00000242A0889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/Win10HostLogin_PCore_euaxch1MzMw5aeyFTegLlg2.js
Source: WWAHost.exe, 0000001D.00000002.2443728391.00000242BB6C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msftauth.net/shared/1.0/content/js/Win10HostLogin_PCore_euaxch1MzMw5aeyFTegLlg2.jsh
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://m.kugou.com/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://m.soundcloud.com/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://m.vk.com/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: WWAHost.exe, 0000001D.00000002.2388925368.00000242A70AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems/edit/20742103
Source: WWAHost.exe, 0000001D.00000002.2388925368.00000242A70AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems/edit/20742115
Source: WWAHost.exe, 0000001D.00000002.2412665210.00000242B8400000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2226144121.00000242A70A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems?id=21748634&_a=edit
Source: WWAHost.exe, 0000001D.00000002.2392438908.00000242A7243000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.visualstudio.com/OS/_workitems?id=8705838&_a=edit)
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://music.amazon.com
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://music.apple.com
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://music.yandex.com
Source: WWAHost.exe, 0000001D.00000003.2226435127.00000242A7218000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2389481938.00000242A70D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysite.com/Apps/App1
Source: WWAHost.exe, 0000001D.00000003.2226435127.00000242A7218000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2389481938.00000242A70D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mysite.com/Apps/App2
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oloobe.officeapps.live-int.com/
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oloobe.officeapps.live-int.com/account.activedirectory.windowsazure.ushttps://login.microsof
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oloobe.officeapps.live.com/
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/windows/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://open.spotify.com
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://password.ccsctp.com/
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwordreset.activedirectory.windowsazure.cn/
Source: WWAHost.exe, 0000001D.00000002.2370585853.0000023AA0667000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://passwordreset.microsoftonline.com/
Source: chromecache_311.9.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_309.9.drString found in binary or memory: https://plus.google.com
Source: chromecache_309.9.drString found in binary or memory: https://plus.googleapis.com
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: 000003.log8.22.drString found in binary or memory: https://praxistipps.chip.de/was-ist-onedrive-einfach-erklaert_43041
Source: WWAHost.exe, 0000001D.00000002.2402143165.00000242A771F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sdx.microsoft-int.com/
Source: WWAHost.exe, 0000001D.00000002.2402143165.00000242A771F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sdx.microsoft-ppe.com/
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2402143165.00000242A771F000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://signup.live-int.com/
Source: WWAHost.exe, 0000001D.00000002.2418124945.00000242B89E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/
Source: WWAHost.exe, 0000001D.00000002.2430423838.00000242B9700000.00000004.00000800.00020000.00000000.sdmp, WWAHost.exe, 0000001D.00000003.2283324040.0000023AA07CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup?platform=Windows10&id=80604&clientid=82864fa0-ed49-4711-8395-a0e6003d
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://tidal.com/
Source: WWAHost.exe, 0000001D.00000002.2370585853.0000023AA0667000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tip.passwordreset.microsoftonline.com/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://twitter.com/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://vibe.naver.com/today
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://web.telegram.org/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://web.whatsapp.com
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: chromecache_309.9.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.deezer.com/
Source: content_new.js.22.dr, content.js.22.drString found in binary or memory: https://www.google.com/chrome
Source: Web Data.22.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_309.9.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_309.9.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_311.9.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_311.9.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_311.9.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.instagram.com
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.last.fm/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.messenger.com
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/dhp
Source: WWAHost.exe, 0000001D.00000002.2371138169.0000023AA0694000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/ntphttps://www.msn.com/spartan/ntphttps://www.msn.com/spartan/mmxhttp://
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.office.com
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.tiktok.com/
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://www.youtube.com
Source: 000003.log8.22.drString found in binary or memory: https://www.youtube.com/watch?v=eCTn3Tmu538&quot;
Source: 66e908f0-8539-436c-a1bf-add164d2e8e3.tmp.22.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownHTTPS traffic detected: 95.101.182.65:443 -> 192.168.2.17:49859 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.13.148.175:443 -> 192.168.2.17:49868 version: TLS 1.2
Source: unknownHTTPS traffic detected: 51.13.148.175:443 -> 192.168.2.17:49869 version: TLS 1.2
Source: f468369488.exeStatic PE information: No import functions for PE file found
Source: classification engineClassification label: mal48.winEXE@69/250@33/13
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67CFC23D-14A8.pmaJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{F69106CD-F408-434E-A277-01DE7838A5A3} - OProcSessId.datJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --loadload-extension=C:\Windows\crx
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1964,i,3621030582613594933,2422661075297565391,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault40f7c6a5h035dh4055h8863ha3a4f9b028be
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE"
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:?url=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Donedrive%26form%3DWNSGPH%26qs%3DAS%26cvid%3Dd5489813a1f8413bbabf47a101577ea6%26pq%3Doned%26cc%3DCH%26setlang%3Den-CH%26nclid%3D99325A50A46066F842A6B684698F464A%26ts%3D1741668964358%26nclidts%3D1741668964%26tsms%3D358%26wsso%3DModerate&timestamp=1741668964358&source=WindowsSearchBox&campaign=addedgeprot&medium=AutoSuggest
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2036,i,1596126252657097205,1912832882397972333,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6460 --field-trial-handle=2036,i,1596126252657097205,1912832882397972333,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6228 --field-trial-handle=2036,i,1596126252657097205,1912832882397972333,262144 /prefetch:8
Source: unknownProcess created: C:\Windows\System32\WWAHost.exe "C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1964,i,3621030582613594933,2422661075297565391,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2036,i,1596126252657097205,1912832882397972333,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6460 --field-trial-handle=2036,i,1596126252657097205,1912832882397972333,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6228 --field-trial-handle=2036,i,1596126252657097205,1912832882397972333,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\WWAHost.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: wwaext.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: edgehtml.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: chakra.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: icuuc.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: icuin.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: rometadata.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: icu.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: srpapi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: mrmcorer.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.ui.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windowmanagementapi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: inputhost.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: languageoverlayutil.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: bcp47mrm.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: d2d1.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: dxgi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: uiamanager.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: dcomp.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.applicationmodel.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.graphics.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: edgemanager.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.internal.securitymitigationsbroker.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: d3d11.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: d3d10warp.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: dxcore.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: ninput.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: dwrite.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: edgeiso.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: msimtf.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: directmanipulation.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: profext.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: twinapi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: wwaapi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: dataexchange.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: cloudexperiencehostcommon.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: wincorlib.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: usermgrproxy.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: wuceffects.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: webruntimemanager.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: vaultcli.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: threadpoolwinrt.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: microsoftaccountwamextension.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: microsoftaccountextension.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: aadauthhelper.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: cryptngc.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: devobj.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.web.http.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: smartscreenps.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: windows.web.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\WWAHost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\WWAHost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OfficeJump to behavior
Source: f468369488.exeStatic PE information: Image base 0xfffff80257cb0000 > 0x60000000
Source: f468369488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: f468369488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: f468369488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: f468369488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: f468369488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: f468369488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: f468369488.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF
Source: f468369488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: f468369488.exeStatic PE information: real checksum: 0x41741 should be: 0x36edd
Source: f468369488.exeStatic PE information: section name: fothk
Source: f468369488.exeStatic PE information: section name: GFIDS
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WWAHost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242A21C0000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242A3290000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242A2FE0000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242A6F00000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242A6F40000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242A7830000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242A7930000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B7C70000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B7DD0000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B7DF0000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B80E0000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B8130000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B8600000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B8750000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B8960000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B8AA0000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B8C10000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B8DC0000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B8EC0000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B8F00000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B9060000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B9160000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B9600000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B9950000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242BB700000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242BBAC0000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242A7A20000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B9380000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B9C20000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242BB400000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B9C40000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242BBBC0000 memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242B9C60000 memory commit | memory reserve | memory write watch
Source: C:\Windows\System32\WWAHost.exeMemory allocated: 242BBCC0000 memory reserve | memory write watch
Source: Web Data.22.drBinary or memory string: ms.portal.azure.comVMware20,11696586537
Source: Web Data.22.drBinary or memory string: account.microsoft.com/profileVMware20,11696586537u
Source: Web Data.22.drBinary or memory string: AMC password management pageVMware20,11696586537
Source: Web Data.22.drBinary or memory string: turbotax.intuit.comVMware20,11696586537t
Source: Web Data.22.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696586537
Source: Web Data.22.drBinary or memory string: discord.comVMware20,11696586537f
Source: Web Data.22.drBinary or memory string: dev.azure.comVMware20,11696586537j
Source: Web Data.22.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696586537
Source: Web Data.22.drBinary or memory string: Canara Transaction PasswordVMware20,11696586537x
Source: Web Data.22.drBinary or memory string: tasks.office.comVMware20,11696586537o
Source: Web Data.22.drBinary or memory string: bankofamerica.comVMware20,11696586537x
Source: Web Data.22.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696586537
Source: Web Data.22.drBinary or memory string: netportal.hdfcbank.comVMware20,11696586537
Source: Web Data.22.drBinary or memory string: interactivebrokers.comVMware20,11696586537
Source: Web Data.22.drBinary or memory string: trackpan.utiitsl.comVMware20,11696586537h
Source: Web Data.22.drBinary or memory string: global block list test formVMware20,11696586537
Source: WWAHost.exe, 0000001D.00000002.2429024514.00000242B9593000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.22.drBinary or memory string: secure.bankofamerica.comVMware20,11696586537|UE
Source: Web Data.22.drBinary or memory string: Interactive Brokers - HKVMware20,11696586537]
Source: Web Data.22.drBinary or memory string: interactivebrokers.co.inVMware20,11696586537d
Source: Web Data.22.drBinary or memory string: Canara Transaction PasswordVMware20,11696586537}
Source: Web Data.22.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696586537
Source: Web Data.22.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696586537p
Source: Web Data.22.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696586537z
Source: Web Data.22.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696586537n
Source: Web Data.22.drBinary or memory string: outlook.office.comVMware20,11696586537s
Source: WWAHost.exe, 0000001D.00000002.2413545173.00000242B84F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: neVMWare
Source: Web Data.22.drBinary or memory string: www.interactivebrokers.comVMware20,11696586537}
Source: Web Data.22.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696586537
Source: Web Data.22.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696586537^
Source: Web Data.22.drBinary or memory string: microsoft.visualstudio.comVMware20,11696586537x
Source: Web Data.22.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696586537~
Source: Web Data.22.drBinary or memory string: outlook.office365.comVMware20,11696586537t
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WWAHost.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS12
System Information Discovery		Distributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.