Edit tour

Windows Analysis Report
pid.kvai.exe

Overview

General Information

Sample name:	pid.kvai.exe
Analysis ID:	1636350
MD5:	092821eac13a978f097d6e3bd38de352
SHA1:	7fd2dc3d8ba72f1f5ff13f43fcc8d80ff029f416
SHA256:	7e7a368e5b866771e2d89216a7f4380aca6ca2e66dd14682721dcf4b6da0fc45
Tags:	exeuser-2huMarisa
Infos:

Detection

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Infects executable files (exe, dll, sys, html)

Infects the VBR (Volume Boot Record) of the hard disk

Joe Sandbox ML detected suspicious sample

Maps a DLL or memory area into another process

PE file contains section with special chars

PE file has nameless sections

Protects its processes via BreakOnTermination flag

Writes directly to the primary disk partition (DR0)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Userinit Child Process

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

pid.kvai.exe (PID: 7916 cmdline: "C:\Users\user\Desktop\pid.kvai.exe" MD5: 092821EAC13A978F097D6E3BD38DE352)

rundll32.exe (PID: 7580 cmdline: "C:\Windows\System32\rundll32.exe" C:\Windows\system32\UserLanguageProfileCallback.dll MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7664 cmdline: "C:\Windows\System32\rundll32.exe" C:\Windows\system32\winethc.dll MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 7768 cmdline: "C:\Windows\System32\rundll32.exe" C:\Windows\system32\PickerPlatform.dll MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8368 cmdline: "C:\Windows\System32\rundll32.exe" C:\Windows\system32\sechost.dll MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 8600 cmdline: "C:\Windows\System32\rundll32.exe" C:\Windows\system32\txfw32.dll MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 3568 cmdline: "C:\Windows\System32\rundll32.exe" C:\Windows\system32\provengine.dll MD5: EF3179D498793BF4234F708D3BE28633)

rundll32.exe (PID: 4436 cmdline: "C:\Windows\System32\rundll32.exe" C:\Windows\system32\tvratings.dll MD5: EF3179D498793BF4234F708D3BE28633)

userinit.exe (PID: 9576 cmdline: "C:\Windows\system32\userinit.exe" MD5: 47BBDBE152A597F4A840C5269ED961E8)

explorer.exe (PID: 9592 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

rundll32.exe (PID: 9772 cmdline: "C:\Windows\System32\rundll32.exe" C:\Windows\system32\XboxNetApiSvc.dll MD5: EF3179D498793BF4234F708D3BE28633)

msedge.exe (PID: 8256 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528882 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8544 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1880 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6556 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1948 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6756 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

identity_helper.exe (PID: 6272 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8344 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)

identity_helper.exe (PID: 1684 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8344 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)

msedge.exe (PID: 9792 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=2580 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Sigma Signatures

System Summary

Sigma detected: Suspicious Userinit Child Process

Source: Process started

Author: Florian Roth (Nextron Systems), Samir Bousseaden (idea): Data: Command: C:\Windows\Explorer.EXE, CommandLine: C:\Windows\Explorer.EXE, CommandLine|base64offset|contains: , Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: "C:\Windows\system32\userinit.exe" , ParentImage: C:\Windows\System32\userinit.exe, ParentProcessId: 9576, ParentProcessName: userinit.exe, ProcessCommandLine: C:\Windows\Explorer.EXE, ProcessId: 9592, ProcessName: explorer.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: pid.kvai.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: pid.kvai.exe	Virustotal: Detection: 69%			Perma Link
Source: pid.kvai.exe	ReversingLabs: Detection: 65%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: pid.kvai.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49867 version: TLS 1.2

Source: pid.kvai.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: DirectXDatabaseUpdater.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mstscax.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdb source: vccorlib140.dll.0.dr
Source:	Binary string: UPPrinterInstallsCSP.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012968000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Windows.Networking.ServiceDiscovery.DnsSd.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012968000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: AppXDeploymentClient.pdbUGP source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: vdsldr.pdb source: pid.kvai.exe, 00000000.00000002.2611286803.0000000002D93000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: BitLockerCSP.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ntkrnlmp.pdbUGP source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012ECE000.00000004.00000800.00020000.00000000.sdmp, ntkrnlmp.exe.0.dr
Source:	Binary string: BitLockerCSP.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: MFCM120.amd64.pdb8@ source: mfcm120.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdb source: msvcp140_atomic_wait.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: vcruntime140.dll.0.dr
Source:	Binary string: Windows.UI.Input.Inking.Analysis.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: PsmServiceExtHost.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.00000000127B8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: fhshl.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012ECE000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: vdsldr.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2611286803.0000000002D93000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: srumsvc.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ufat.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: vcruntime140_1.dll.0.dr
Source:	Binary string: msvcp120.amd64.pdb source: msvcp120.dll.0.dr
Source:	Binary string: fhshl.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012ECE000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Windows.Networking.ServiceDiscovery.DnsSd.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012968000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140_atomic_wait.amd64.pdbGCTL source: msvcp140_atomic_wait.dll.0.dr
Source:	Binary string: InputSwitch.pdbUGP source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014E37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mfc120.amd64.pdb source: mfc120.dll.0.dr
Source:	Binary string: pcwutl.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: msclmd.pdb source: msclmd.dll.0.dr
Source:	Binary string: PsmServiceExtHost.pdbUGP source: pid.kvai.exe, 00000000.00000002.2629407794.00000000127B8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: vcruntime140_1.dll.0.dr
Source:	Binary string: MFCM120U.amd64.pdb source: mfcm120u.dll.0.dr
Source:	Binary string: srumsvc.pdbUGP source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\vccorlib140.amd64.pdbGCTL source: vccorlib140.dll.0.dr
Source:	Binary string: ntkrnlmp.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012ECE000.00000004.00000800.00020000.00000000.sdmp, ntkrnlmp.exe.0.dr
Source:	Binary string: MFCM120U.amd64.pdb8@ source: mfcm120u.dll.0.dr
Source:	Binary string: mstscax.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: pcwutl.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: ufat.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: MFCM120.amd64.pdb source: mfcm120.dll.0.dr
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140JPN.amd64.pdb source: mfc140jpn.dll.0.dr
Source:	Binary string: UpdateHeartbeat.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014E37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: TenantRestrictionsPlugin.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012968000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: AppXDeploymentClient.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Windows.Management.InprocObjects.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\MFC140ITA.amd64.pdb source: mfc140ita.dll.0.dr
Source:	Binary string: msclmd.pdbGCTL source: msclmd.dll.0.dr
Source:	Binary string: InputSwitch.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014E37000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: UPPrinterInstallsCSP.pdb source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012968000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Windows.Management.InprocObjects.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: TenantRestrictionsPlugin.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012968000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: DirectXDatabaseUpdater.pdbGCTL source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp

Spreading

Infects executable files (exe, dll, sys, html)

Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\mfcm120u.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\vccorlib140.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\mfc140jpn.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\mfc140ita.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\mfc110ita.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\msclmd.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\mfcm120.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\mfc110jpn.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\msvcp140_atomic_wait.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	System file written: C:\Windows\System32\mfc120.dll	Jump to behavior

Source: Joe Sandbox View	IP Address: 2.22.242.11 2.22.242.11
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View	IP Address: 23.200.0.9 23.200.0.9

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: global traffic	HTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Ad_brx23lef_cW590ESOTTAroOhZ9si0XFJIUC52j2ILHW1VLB5ou6c0RgLWwGr1aRJJZ0WPNyiPBYgIpWfykvhKW-6BLzMRsp9ykw5f6ReBQmPpO6WB9pcSJPfykLTHDjYAxlKa5bf72z8tHS5eXuTavTP1h4WZBjSs/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 472Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=d22a6b2b-7222-49dc-911b-88978835749d&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%2232ECE75CD7B940B89469DB7630896798%22%7d HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.1e1de479ffc2b85d14c8.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 800sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=BingAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=9\|RefA=9628264C936C41D09FF8A92CF907C381.RefC=2025-03-12T16:13:30Z; USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; MUIDB=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 800sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=BingAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=9\|RefA=9628264C936C41D09FF8A92CF907C381.RefC=2025-03-12T16:13:30Z; USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; MUIDB=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: OPTIONS /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveOrigin: https://business.bing.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /api/report?cat=bingbusiness HTTP/1.1Host: bzib.nelreports.netConnection: keep-aliveContent-Length: 466Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /undersideproactive/api/v1/trigger HTTP/1.1Host: services.bingapis.comConnection: keep-aliveContent-Length: 225X-UDSD-Features: udscomseaodp,Content-Type: application/jsonSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.c1f2f2c818c03b7d76c6.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.cb5d86730a0bdbdd55a4.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.41f9102ebf55f037c91d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.6956f4a50d95807c6fa7.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /undersideproactive/api/v1/trigger HTTP/1.1Host: services.bingapis.comConnection: keep-aliveContent-Length: 247Content-Type: application/jsonSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: HEAD /statics/icons/favicon.ico HTTP/1.1Host: assets.msn.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=edgeChromium&v=20250311.398&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22edgeChromium%22,%22version%22:%22117%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22ntp.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22ntp%22,%22pageExperiments%22:[%22prg-ad-ivq%22,%22prg-ad-price-trun%22,%22prg-additional-tile%22,%22prg-c-adspfpv%22,%22prg-errtoast2%22,%22prg-neutral-bg%22,%22prg-pr2-dis-signal%22]} HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&prerender=1 HTTP/1.1Host: ntp.msn.comConnection: keep-alivedevice-memory: 8sec-ch-dpr: 1sec-ch-viewport-width: 1232sec-ch-viewport-height: 910rtt: 1000downlink: 1.35ect: 3gsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-prefers-color-scheme: lightUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=9\|RefA=9628264C936C41D09FF8A92CF907C381.RefC=2025-03-12T16:13:30Z; USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; MUIDB=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: POST /undersideproactive/api/v1/trigger HTTP/1.1Host: services.bingapis.comConnection: keep-aliveContent-Length: 225X-UDSD-Features: udscomseaodp,Content-Type: application/jsonSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: POST /undersideproactive/api/v1/trigger HTTP/1.1Host: services.bingapis.comConnection: keep-aliveContent-Length: 198Content-Type: application/jsonSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/entry.DpFa3lRQ.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/common-css.DDlbUlil.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/common-js.BTOm0pKS.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=9628264C-936C-41D0-9FF8-A92CF907C381&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09D127A13BAC64A13625320C3A8C6504&scn=APP_ANON&source=market-consolidation HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: OPTIONS /service/news/feed/pages/weblayout?User=m-09D127A13BAC64A13625320C3A8C6504&activityId=9628264C-936C-41D0-9FF8-A92CF907C381&adminDisabled=false&adoffsets=c1:-1,c2:-1,c3:-1&adsTimeout=600&anaheimPageLayout=inspirational&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&apptype=edgeChromium&audienceMode=adult&backgroundImageIsSet=false&cm=en-us&colstatus=c1:0,c2:0,c3:0&column=c3&colwidth=300&contentType=article,video,slideshow,webcontent&cookieWallPresent=false&duotone=true&inEdgeFeatures=false&it=app&l3v=2&layout=c3&memory=8&mobile=false&newsSkip=0&newsTop=48&ocid=anaheim-ntp-feeds&overlay=0&pgc=2083&pgname=default&pgtype=ntp&revertTimes=0&scn=APP_ANON&timeOut=1000&verticalName=edge&vpSize=1232x876&wposchema=byregion HTTP/1.1Host: assets.msn.comConnection: keep-aliveAccept: /Access-Control-Request-Method: GETAccess-Control-Request-Headers: ads-referer,onesvc-uni-feat-tun,taboola-sessionidOrigin: https://ntp.msn.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Mode: corsSec-Fetch-Site: same-siteSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-feed-libs.2c59a8d2dc8646105a8c.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-cscore.7146072dacb9c6d847f4.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/super-nav.299b385ac537a2be3f75.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/fluent.BiD5QW9j.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/edge-icon.BwIA8KUD.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ControlFocusTarget.Ce7AmkHT.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: HEAD /statics/icons/favicon.ico HTTP/1.1Host: assets.msn.comConnection: keep-alivePragma: no-cacheCache-Control: no-cachesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/news/feed/pages/weblayout?User=m-09D127A13BAC64A13625320C3A8C6504&activityId=9628264C-936C-41D0-9FF8-A92CF907C381&adminDisabled=false&adoffsets=c1:-1,c2:-1,c3:-1&adsTimeout=600&anaheimPageLayout=inspirational&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&apptype=edgeChromium&audienceMode=adult&backgroundImageIsSet=false&cm=en-us&colstatus=c1:0,c2:0,c3:0&column=c3&colwidth=300&contentType=article,video,slideshow,webcontent&cookieWallPresent=false&duotone=true&inEdgeFeatures=false&it=app&l3v=2&layout=c3&memory=8&mobile=false&newsSkip=0&newsTop=48&ocid=anaheim-ntp-feeds&overlay=0&pgc=2083&pgname=default&pgtype=ntp&revertTimes=0&scn=APP_ANON&timeOut=1000&verticalName=edge&vpSize=1232x876&wposchema=byregion HTTP/1.1Host: assets.msn.comConnection: keep-aliveads-referer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bingsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"OneSvc-Uni-Feat-Tun: EdgeInterestTier1Ids:null;LoginState:NA;Product:anaheim;PageName:default;PageType:ntp;OCID:msedgntp;ViewPortWidth:1280;ViewPortHeight:984;sec-ch-ua-mobile: ?0taboola-sessionId: initUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/MediaItemSearchBox.BFsE-D11.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ClvmMv5j.js HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=edgeChromium&v=20250311.398&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22edgeChromium%22,%22version%22:%22117%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22ntp.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22ntp%22,%22pageExperiments%22:[%22prg-ad-ivq%22,%22prg-ad-price-trun%22,%22prg-additional-tile%22,%22prg-c-adspfpv%22,%22prg-errtoast2%22,%22prg-neutral-bg%22,%22prg-pr2-dis-signal%22]} HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 910sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 1000sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&prerender=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=9\|RefA=9628264C936C41D09FF8A92CF907C381.RefC=2025-03-12T16:13:30Z; USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; MUIDB=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=c098878e-100a-48f4-a574-35b1df1f7ac1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D; sptmarket_restored=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=9\|RefA=9628264C936C41D09FF8A92CF907C381.RefC=2025-03-12T16:13:30Z
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/waterfall-view-feed.eb3bb2e7a9bb47e23bf8.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-others.187dd34bde541e6b8bdd.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.86

Source: global traffic	HTTP traffic detected: GET /crx/blobs/Ad_brx23lef_cW590ESOTTAroOhZ9si0XFJIUC52j2ILHW1VLB5ou6c0RgLWwGr1aRJJZ0WPNyiPBYgIpWfykvhKW-6BLzMRsp9ykw5f6ReBQmPpO6WB9pcSJPfykLTHDjYAxlKa5bf72z8tHS5eXuTavTP1h4WZBjSs/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=d22a6b2b-7222-49dc-911b-88978835749d&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%2232ECE75CD7B940B89469DB7630896798%22%7d HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.bing.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.1e1de479ffc2b85d14c8.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 800sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=BingAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=9\|RefA=9628264C936C41D09FF8A92CF907C381.RefC=2025-03-12T16:13:30Z; USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; MUIDB=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 800sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=BingAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=9\|RefA=9628264C936C41D09FF8A92CF907C381.RefC=2025-03-12T16:13:30Z; USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; MUIDB=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.c1f2f2c818c03b7d76c6.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.cb5d86730a0bdbdd55a4.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.41f9102ebf55f037c91d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.6956f4a50d95807c6fa7.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=edgeChromium&v=20250311.398&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22edgeChromium%22,%22version%22:%22117%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22ntp.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22ntp%22,%22pageExperiments%22:[%22prg-ad-ivq%22,%22prg-ad-price-trun%22,%22prg-additional-tile%22,%22prg-c-adspfpv%22,%22prg-errtoast2%22,%22prg-neutral-bg%22,%22prg-pr2-dis-signal%22]} HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&prerender=1 HTTP/1.1Host: ntp.msn.comConnection: keep-alivedevice-memory: 8sec-ch-dpr: 1sec-ch-viewport-width: 1232sec-ch-viewport-height: 910rtt: 1000downlink: 1.35ect: 3gsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-prefers-color-scheme: lightUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; _C_ETH=1; sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=9\|RefA=9628264C936C41D09FF8A92CF907C381.RefC=2025-03-12T16:13:30Z; USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; MUIDB=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/entry.DpFa3lRQ.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/common-css.DDlbUlil.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/common-js.BTOm0pKS.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/msn/user?apikey=1hYoJsIRvPEnSkk0hlnJF2092mHqiz7xFenIFKa9uc&activityId=9628264C-936C-41D0-9FF8-A92CF907C381&ocid=pdp-peregrine&cm=en-us&it=app&user=m-09D127A13BAC64A13625320C3A8C6504&scn=APP_ANON&source=market-consolidation HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-feed-libs.2c59a8d2dc8646105a8c.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-cscore.7146072dacb9c6d847f4.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/super-nav.299b385ac537a2be3f75.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/fluent.BiD5QW9j.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/edge-icon.BwIA8KUD.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ControlFocusTarget.Ce7AmkHT.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/news/feed/pages/weblayout?User=m-09D127A13BAC64A13625320C3A8C6504&activityId=9628264C-936C-41D0-9FF8-A92CF907C381&adminDisabled=false&adoffsets=c1:-1,c2:-1,c3:-1&adsTimeout=600&anaheimPageLayout=inspirational&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&apptype=edgeChromium&audienceMode=adult&backgroundImageIsSet=false&cm=en-us&colstatus=c1:0,c2:0,c3:0&column=c3&colwidth=300&contentType=article,video,slideshow,webcontent&cookieWallPresent=false&duotone=true&inEdgeFeatures=false&it=app&l3v=2&layout=c3&memory=8&mobile=false&newsSkip=0&newsTop=48&ocid=anaheim-ntp-feeds&overlay=0&pgc=2083&pgname=default&pgtype=ntp&revertTimes=0&scn=APP_ANON&timeOut=1000&verticalName=edge&vpSize=1232x876&wposchema=byregion HTTP/1.1Host: assets.msn.comConnection: keep-aliveads-referer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bingsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"OneSvc-Uni-Feat-Tun: EdgeInterestTier1Ids:null;LoginState:NA;Product:anaheim;PageName:default;PageType:ntp;OCID:msedgntp;ViewPortWidth:1280;ViewPortHeight:984;sec-ch-ua-mobile: ?0taboola-sessionId: initUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/MediaItemSearchBox.BFsE-D11.css HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ClvmMv5j.js HTTP/1.1Host: edgecdn-embza6g8cacagcbn.z01.azurefd.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=edgeChromium&v=20250311.398&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22edgeChromium%22,%22version%22:%22117%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22ntp.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22ntp%22,%22pageExperiments%22:[%22prg-ad-ivq%22,%22prg-ad-price-trun%22,%22prg-additional-tile%22,%22prg-c-adspfpv%22,%22prg-errtoast2%22,%22prg-neutral-bg%22,%22prg-pr2-dis-signal%22]} HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 910sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.35sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 1000sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: /sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&prerender=1Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: sptmarket=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=9\|RefA=9628264C936C41D09FF8A92CF907C381.RefC=2025-03-12T16:13:30Z; USRLOC=; MUID=09D127A13BAC64A13625320C3A8C6504; MUIDB=09D127A13BAC64A13625320C3A8C6504; _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=c098878e-100a-48f4-a574-35b1df1f7ac1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D; sptmarket_restored=en-GB\|\|us\|en-us\|en-us\|en\|\|cf=9\|RefA=9628264C936C41D09FF8A92CF907C381.RefC=2025-03-12T16:13:30Z
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/waterfall-view-feed.eb3bb2e7a9bb47e23bf8.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common-others.187dd34bde541e6b8bdd.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log0.14.dr	String found in binary or memory: Click to play.\" data-dc=\"vtdc_black\" class=\"mc_vtvc_link\" target=\"_blank\" href=\"https://www.bing.com/ck/a?!&&p=0a95aeab97d94f11a17f386c656553d5a3c2124e8bfe2970b880983efd480a1dJmltdHM9MTc0MTczNzYwMA&ptn=3&ver=2&hsh=4&fclid=0c73c2ec-6b5c-6c63-3b60-d7416a2f6d27&u=a1L3ZpZGVvcy9yaXZlcnZpZXcvcmVsYXRlZHZpZGVvP3E9aG93K3RvK2dldCtoZWxwK2luK3dpbmRvd3MmJm1pZD04RjJBRkJDMkM2NDUzQUM3MjdFMzhGMkFGQkMyQzY0NTNBQzcyN0UzJm1tc2NuPXN0dm8mbWNpZD0zMkVDRTc1Q0Q3Qjk0MEI4OTQ2OURCNzYzMDg5Njc5OCZGT1JNPVZJUkU&ntb=1\" h=\"ID=SERP,5650.1\"><div class=\"mc_vtvc_con_rc\" ourl=\"https://www.youtube.com/watch?v=q8w4-4vjty4\" vscm=\"{"mid":"8F2AFBC2C6453AC727E38F2AFBC2C6453AC727E3","murl":"https://www.youtube.com/watch?v=q8w4-4vjty4","pgurl":"https://www.youtube.com/watch?v=q8w4-4vjty4","turl":"https://ts1.mm.bing.net/th?id=OVP.aNA2VK6Ap6gspeWQAy6k_wEkII&pid=15.1&W=89&H=160","IsSaveable":true}\"><div class=\"mc_vtvc_th b_canvas\"><div class=\"cico\"><img height=\"204\" width=\"115\" data-src-hq=\"//th.bing.com/th?id=OVP.aNA2VK6Ap6gspeWQAy6k_wEkII&w=115&h=204&c=7&rs=1&qlt=90&o=6&pid=1.7\" alt=\"How to get help in Windows \| #computer #asmr #tricks #keyboard #typing\" data-priority=\"2\" id=\"emb86B0AB7A9\" class=\"rms_img\" src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7\"></div><div class=\"grad_b\"></div><div class=\"mc_vtvc_htc\"><div class=\"mc_vtvc_htb\"><div class=\"mc_vtvc_ht\">Watch video</div></div></div><div class=\"mc_vtvc_center_play\"></div><div class=\"mc_vtvc_ban_lo\"><div class=\"vtbc\"><div class=\"mc_bc_w b_smText\"><div class=\"mc_bc items\">00:08</div></div></div></div></div><div class=\"mc_vtvc_th_dock vtdc_black\"></div><div class=\"mc_vtvc_meta\"><span class=\"vcmt_ctt vasyt\">YouTube</span><div class=\"mc_vtvc_meta_row_channel\">@Key sistam</div><div class=\"mc_vtvc_title b_promtxt\" title=\"How to get help in Windows \| #computer #asmr #tricks #keyboard #typing\"><strong>How to get help in Windows \| #computer #asmr #tricks #keyboard #typing</strong></div></div><div class=\"vrhdata\" sab=\"1\" mid=\"8F2AFBC2C6453AC727E38F2AFBC2C6453AC727E3\" hcid=\"vsb_tr_chd_hc\" vrhm=\"\"></div></div></a></div></div><div class=\"slide\" data-dataurl=\"\" data-rinterval=\"\" data-appns=\"SERP\" data-k=\"5660.1\" data-tag=\"\" style=\"\" tabindex=\"\" data-mini=\"\" role=\"listitem\"><div id=\"mc_vtvc_SERP_30\" class=\"mc_vtvc b_canvas mc_vtvc_cc mc_vtvc_tot\"><a aria-label=\"how to get help = equals www.youtube.com (Youtube)
Source: 000003.log0.14.dr	String found in binary or memory: Click to play.\" data-dc=\"vtdc_black\" class=\"mc_vtvc_link\" target=\"_blank\" href=\"https://www.bing.com/ck/a?!&&p=65374aa0bd7c021c35691449d597d6653e7962ea8b633773eeb13c80f22cc9e1JmltdHM9MTc0MTczNzYwMA&ptn=3&ver=2&hsh=4&fclid=0c73c2ec-6b5c-6c63-3b60-d7416a2f6d27&u=a1L3ZpZGVvcy9yaXZlcnZpZXcvcmVsYXRlZHZpZGVvP3E9aG93K3RvK2dldCtoZWxwK2luK3dpbmRvd3MmJm1pZD0wNEMzRThENzczMjYwNkM2RURFMzA0QzNFOEQ3NzMyNjA2QzZFREUzJm1tc2NuPXN0dm8mbWNpZD0zMkVDRTc1Q0Q3Qjk0MEI4OTQ2OURCNzYzMDg5Njc5OCZGT1JNPVZJUkU&ntb=1\" h=\"ID=SERP,5648.1\"><div class=\"mc_vtvc_con_rc\" ourl=\"https://www.youtube.com/watch?v=DdDjUfhAvI8\" vscm=\"{"mid":"04C3E8D7732606C6EDE304C3E8D7732606C6EDE3","murl":"https://www.youtube.com/watch?v=DdDjUfhAvI8","pgurl":"https://www.youtube.com/watch?v=DdDjUfhAvI8","turl":"https://ts4.mm.bing.net/th?id=OVP.APX4-GpTytL8I5X8eqiQPwEkII&pid=15.1&W=89&H=160","IsSaveable":true}\"><div class=\"mc_vtvc_th b_canvas\"><div class=\"cico\"><img height=\"204\" width=\"115\" data-src-hq=\"//th.bing.com/th?id=OVP.APX4-GpTytL8I5X8eqiQPwEkII&w=115&h=204&c=7&rs=1&qlt=90&o=6&pid=1.7\" alt=\"= equals www.youtube.com (Youtube)
Source: 000003.log0.14.dr	String found in binary or memory: Click to play.\" data-dc=\"vtdc_black\" class=\"mc_vtvc_link\" target=\"_blank\" href=\"https://www.bing.com/ck/a?!&&p=8ab1048b2ab5ea36fa801d5b6fb1d540d0f0642dc569dda766ad4799c59ee799JmltdHM9MTc0MTczNzYwMA&ptn=3&ver=2&hsh=4&fclid=0c73c2ec-6b5c-6c63-3b60-d7416a2f6d27&u=a1L3ZpZGVvcy9yaXZlcnZpZXcvcmVsYXRlZHZpZGVvP3E9aG93K3RvK2dldCtoZWxwK2luK3dpbmRvd3MmbWlkPUYwOUVDRTJCMzlGNTAwMzE1RjQ1RjA5RUNFMkIzOUY1MDAzMTVGNDUmbWNpZD0zMkVDRTc1Q0Q3Qjk0MEI4OTQ2OURCNzYzMDg5Njc5OCZGT1JNPVZJUkU&ntb=1\" h=\"ID=SERP,5568.1\"><div class=\"mc_vtvc_con_rc\"><div class=\"mc_vtvc_th b_canvas\"><div class=\"cico\"><img height=\"110\" width=\"197\" data-src-hq=\"//th.bing.com/th?id=OVP.haFEKOTL9PYBjGBlT_BmOwHgFo&w=197&h=110&c=7&rs=1&qlt=90&o=6&pid=1.7\" alt=\"How to Get Help in Windows 11 23H2 (All Ways)\" data-priority=\"2\" id=\"emb478B220CA\" class=\"rms_img\" src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7\"></div><div class=\"mc_vtvc_htc\"><div class=\"mc_vtvc_htb\"><div class=\"mc_vtvc_ht\">Watch video</div></div></div><div class=\"mc_vtvc_center_play\"></div><div class=\"mc_vtvc_ban_lo\"><div class=\"vtbc\"><div class=\"mc_bc_w b_smText\"><div class=\"mc_bc items\">3:39</div></div></div></div></div><div class=\"mc_vtvc_meta\"><div class=\"mc_vtvc_title\" title=\"How to Get Help in Windows 11 23H2 (All Ways)\"><strong>How</strong> <strong>to</strong> <strong>Get</strong> <strong>Help</strong> <strong>in</strong> <strong>Windows</strong> 11 23H2 (All Ways)</div><div class=\"mc_vtvc_meta_block_area\"><div class=\"mc_vtvc_meta_row mc_vtvc_meta_pubdate\"><span class=\"meta_vc_content\">565 views</span><span class=\"meta_pd_content\">18 Nov 2023</span></div><div class=\"mc_vtvc_meta_row mc_vtvc_meta_channel\"><span>YouTube</span><span class=\"mc_vtvc_meta_row_channel\">Geeker Mag.</span></div></div></div><div class=\"vrhdata\" ht=\"0\" vrhm=\"{"cid":"serpvidans_hc","smturl":"/th?id=OM.RV8xAPU5K86e8A_1736003267&pid=1.7","bci":0,"du":"3:39","murl":"https://www.youtube.com/watch?v=1ZtBOD3LPT0","thid":"OVP.haFEKOTL9PYBjGBlT_BmOwHgFo","mid":"F09ECE2B39F500315F45F09ECE2B39F500315F45","vt":"How to Get Help in Windows 11 23H2 (All Ways)","IsAdultThumb":false,"EnableLoopPlay":false,"pgurl":"https://www.youtube.com/watch?v=1ZtBOD3LPT0","q":"how to get help in windows"}\"></div></div></a></div></div><div id=\"mc_cwvc_1741795958715\"><div id=\"mc_vtvc__19\" class=\"mc_vtvc b_canvas mc_vtvc_cc creator\" data-priority=\"1\"><a aria-label=\" equals www.youtube.com (Youtube)
Source: 000003.log0.14.dr	String found in binary or memory: Click to play.\" data-dc=\"vtdc_black\" class=\"mc_vtvc_link\" target=\"_blank\" href=\"https://www.bing.com/ck/a?!&&p=b3ecdfa50e9041491277c5508e032f43f2a818d19c0c737aa78d08ddcdd9ece1JmltdHM9MTc0MTczNzYwMA&ptn=3&ver=2&hsh=4&fclid=0c73c2ec-6b5c-6c63-3b60-d7416a2f6d27&u=a1L3ZpZGVvcy9yaXZlcnZpZXcvcmVsYXRlZHZpZGVvP3E9aG93K3RvK2dldCtoZWxwK2luK3dpbmRvd3MmJm1pZD00MkQ1OEVGNEQ4MkI2QTI3Njc5QTQyRDU4RUY0RDgyQjZBMjc2NzlBJm1tc2NuPXN0dm8mbWNpZD0zMkVDRTc1Q0Q3Qjk0MEI4OTQ2OURCNzYzMDg5Njc5OCZGT1JNPVZJUkU&ntb=1\" h=\"ID=SERP,5652.1\"><div class=\"mc_vtvc_con_rc\" ourl=\"https://www.youtube.com/watch?v=ifj6gpW5agw\" vscm=\"{&qh equals www.youtube.com (Youtube)
Source: 000003.log0.14.dr	String found in binary or memory: Click to play.\" data-dc=\"vtdc_white\" class=\"mc_vtvc_link\" target=\"_blank\" href=\"https://www.bing.com/ck/a?!&&p=1bc304e569cc152e68807a3463ccb33db6af93084564c9805b704aa05340ed1dJmltdHM9MTc0MTczNzYwMA&ptn=3&ver=2&hsh=4&fclid=0c73c2ec-6b5c-6c63-3b60-d7416a2f6d27&u=a1L3ZpZGVvcy9yaXZlcnZpZXcvcmVsYXRlZHZpZGVvP3E9aG93K3RvK2dldCtoZWxwK2luK3dpbmRvd3MmJm1pZD01RDM5MDU1QzNEMjYzN0U5QzNGNzVEMzkwNTVDM0QyNjM3RTlDM0Y3Jm1tc2NuPXN0dm8mbWNpZD0zMkVDRTc1Q0Q3Qjk0MEI4OTQ2OURCNzYzMDg5Njc5OCZGT1JNPVZJUkU&ntb=1\" h=\"ID=SERP,5646.1\"><div class=\"mc_vtvc_con_rc\" ourl=\"https://www.youtube.com/watch?v=bOJD1tjg57I\" vscm=\"{"mid":"5D39055C3D2637E9C3F75D39055C3D2637E9C3F7","murl":"https://www.youtube.com/watch?v=bOJD1tjg57I","pgurl":"https://www.youtube.com/watch?v=bOJD1tjg57I","turl":"https://ts1.mm.bing.net/th?id=OVP.kuScSbWAWWTLY08NoTxdKwHdII&pid=15.1&W=146&H=160","IsSaveable":true}\"><div class=\"mc_vtvc_th b_canvas\"><div class=\"cico\"><img height=\"204\" width=\"115\" data-src-hq=\"//th.bing.com/th?id=OVP.kuScSbWAWWTLY08NoTxdKwHdII&w=115&h=204&c=7&rs=1&qlt=90&o=6&pid=1.7\" alt=\"How to Get Help in Windows 10\" data-priority=\"2\" id=\"emb635054E8F\" class=\"rms_img\" src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7\"></div><div class=\"grad_b\"></div><div class=\"mc_vtvc_htc\"><div class=\"mc_vtvc_htb\"><div class=\"mc_vtvc_ht\">Watch video</div></div></div><div class=\"mc_vtvc_center_play\"></div><div class=\"mc_vtvc_ban_lo\"><div class=\"vtbc\"><div class=\"mc_bc_w b_smText\"><div class=\"mc_bc items\">00:41</div></div></div></div></div><div class=\"mc_vtvc_th_dock vtdc_white\"></div><div class=\"mc_vtvc_meta\"><span class=\"vcmt_ctt vasyt\">YouTube</span><div class=\"mc_vtvc_meta_row_channel\">@<span title=\"OS Attack - Attack of the Operating Systems\">OS Attack - Attack</span></div><div class=\"mc_vtvc_title b_promtxt\" title=\"How to Get Help in Windows 10\"><strong>How to Get Help in Windows 10</strong></div></div><div class=\"vrhdata\" sab=\"1\" mid=\"5D39055C3D2637E9C3F75D39055C3D2637E9C3F7\" hcid=\"vsb_tr_chd_hc\" vrhm=\"\"></div></div></a></div></div><div class=\"slide\" data-dataurl=\"\" data-rinterval=\"\" data-appns=\"SERP\" data-k=\"5658.1\" data-tag=\"\" style=\"\" tabindex=\"\" data-mini=\"\" role=\"listitem\"><div id=\"mc_vtvc_SERP_26\" class=\"mc_vtvc b_canvas mc_vtvc_cc mc_vtvc_tot\"><a aria-label=\"= equals www.youtube.com (Youtube)
Source: 000003.log0.14.dr	String found in binary or memory: Click to play.\" data-dc=\"vtdc_white\" class=\"mc_vtvc_link\" target=\"_blank\" href=\"https://www.bing.com/ck/a?!&&p=c069ea0bca5e87203f3e5e0ec671d3489329b6af1195275f42ca08848eaf5688JmltdHM9MTc0MTczNzYwMA&ptn=3&ver=2&hsh=4&fclid=0c73c2ec-6b5c-6c63-3b60-d7416a2f6d27&u=a1L3ZpZGVvcy9yaXZlcnZpZXcvcmVsYXRlZHZpZGVvP3E9aG93K3RvK2dldCtoZWxwK2luK3dpbmRvd3MmbWlkPUJBNkY5RDhCMDM0RjlFRjc5Rjg4QkE2RjlEOEIwMzRGOUVGNzlGODgmbWNpZD0zMkVDRTc1Q0Q3Qjk0MEI4OTQ2OURCNzYzMDg5Njc5OCZGT1JNPVZJUkU&ntb=1\" h=\"ID=SERP,5555.1\"><div class=\"mc_vtvc_con_rc\"><div class=\"mc_vtvc_th b_canvas\"><div class=\"cico\"><img height=\"225\" width=\"400\" data-src-hq=\"//th.bing.com/th?id=OVP.3bQCUcvgHvEGC8FscnPuPAHgFo&w=400&h=225&c=7&rs=1&qlt=90&o=6&pid=1.7\" alt=\"Windows 10 \| How to use Quick Assist\" data-priority=\"2\" id=\"emb2171958D3\" class=\"rms_img\" src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7\"></div><div class=\"mc_vtvc_htc\"><div class=\"mc_vtvc_htb\"><div class=\"mc_vtvc_ht\">Watch video</div></div></div><div class=\"mc_vtvc_center_play\"></div><div class=\"mc_vtvc_ban_lo\"><div class=\"vtbc\"><div class=\"mc_bc_w b_smText\"><div class=\"mc_bc items\">4:08</div></div></div></div></div><div class=\"mc_vtvc_meta_w\"><div class=\"mc_vtvc_meta_bg_w\"></div><div class=\"mc_vtvc_meta\"><div class=\"mc_vtvc_title b_promtxt\" title=\"Windows 10 \| How to use Quick Assist\"><strong>Windows</strong> 10 \| <strong>How</strong> <strong>to</strong> use Quick Assist</div><div class=\"mc_vtvc_meta_block_area\"><div class=\"mc_vtvc_meta_block\"><div class=\"mc_vtvc_meta_row mc_vtvc_meta_pubdate\"><span class=\"meta_vc_content\">60.5K views</span><span class=\"meta_pd_content\">31 Mar 2020</span></div><div class=\"mc_vtvc_meta_row mc_vtvc_meta_channel\"><img class=\"mmsi rms_img\" alt=\"Video source site\" src=\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAABRklEQVR4Ae2UT0rDQBjFX7QICtaoIOimAReiUNuV696jmx5A8AalZ/AIpbdwIT2B6wqlWYkuWgnBP7jo+D7SkcmiM4kd6KYPfjNDeHlfJt8kwEYOBXqhgENOd+SGnJKQ7JFjsr3k/jmZkg/yQn7IE7lncAwjvEImRHlCskKzQMdjuOZWsrcWNS7hX+dmgQurNQzxD52YBQ6s1maTb3UCtNsooTOzwI7THkXAYAD0+9narVyTR9aGtVoqpyRRqtdzNXls7qCCMqpWgXodqNVsrrkZ/ImiimMe6g4wHLqciQx6BzOXGwn93S7QaBQJF6Uy6B28Wq3y1HKSZC6uL7PAG1wFymskg35FY/jX899Kfkxk6vE/JFlRrhwvXJEH8r5C8Iw8kmudGyzbH037nI6Q9UnWu8i+eDnf38iamC7saVDkJG60Fv0CnB4IzftPhuMAAAAASUVORK5CYII=\"><span>YouTube</span><span class=\"mc_vtvc_meta_row_channel\">Windows</span></div></div></div></div></div><div class=\"vrhdata\" ht=\"0\" vrhm=\"{"cid":"mc_cwvc_hc","smturl":"/th?id=OM.iJ_3nk8Di51vug_1735918341&pid=1.7","bci":0,"du":"4:08","murl":"https://www.youtube.com/watch?v=X5cT4tjp5GI","thid":"OVP.3bQCUcvgHvEGC8FscnPuPAHgFo","mid":"BA6F9D8B034F9EF79F88BA6F9D8B034F9EF79F88","vt":"Windows 10 \| How to use Qu
Source: 000003.log0.14.dr	String found in binary or memory: eta_channel\"><span>YouTube</span><span class=\"mc_vtvc_meta_row_channel\">TechX Tutorials</span></div></div></div><div class=\"vrhdata\" ht=\"0\" vrhm=\"{"cid":"serpvidans_hc","smturl":"/th?id=OM.AendKaqGLqZpZQ_1739525101&pid=1.7","bci":0,"du":"4:03","murl":"https://www.youtube.com/watch?v=Gx9sPUXs1zI","thid":"OVP.NmtyQ-jAfIwjk3gkRXkPKQHgFo","mid":"6569A62E86AA29DDE9016569A62E86AA29DDE901","vt":"How To Get Help In Windows 10","IsAdultThumb":false,"EnableLoopPlay":false,"pgurl":"https://www.youtube.com/watch?v=Gx9sPUXs1zI","q":"how to get help in windows"}\"></div></div></a></div></div><div id=\"mc_cwvc_1741795958718\"><div id=\"mc_vtvc__22\" class=\"mc_vtvc b_canvas mc_vtvc_cc creator\" data-priority=\"2\"><a aria-label=\" equals www.youtube.com (Youtube)
Source: 000003.log0.14.dr	String found in binary or memory: uot;mid":"42D58EF4D82B6A27679A42D58EF4D82B6A27679A","murl":"https://www.youtube.com/watch?v=ifj6gpW5agw","pgurl":"https://www.youtube.com/watch?v=ifj6gpW5agw","turl":"https://ts1.mm.bing.net/th?id=OVP.ZyxBFwll1ny463qrrKuN6AEkII&pid=15.1&W=89&H=160","IsSaveable":true}\"><div class=\"mc_vtvc_th b_canvas\"><div class=\"cico\"><img height=\"204\" width=\"115\" data-src-hq=\"//th.bing.com/th?id=OVP.ZyxBFwll1ny463qrrKuN6AEkII&w=115&h=204&c=7&rs=1&qlt=90&o=6&pid=1.7\" alt=\"how to get help = equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: edgecdn-embza6g8cacagcbn.z01.azurefd.net

Source: unknown

DoH DNS queries detected: name: bzib.nelreports.net

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: 954B4327D790493BBB47627436B314A4 Ref B: BOS321000101023 Ref C: 2025-03-12T16:13:41ZDate: Wed, 12 Mar 2025 16:13:41 GMTConnection: closeContent-Length: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: 91D6147E0C2347E88AE5DA5309AB442B Ref B: BOS321000107025 Ref C: 2025-03-12T16:14:33ZDate: Wed, 12 Mar 2025 16:14:33 GMTConnection: closeContent-Length: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: 4F9BD5A2C44B44BA9F72BE9E2B368AE9 Ref B: BOS321000108053 Ref C: 2025-03-12T16:14:33ZDate: Wed, 12 Mar 2025 16:14:33 GMTConnection: closeContent-Length: 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/json; charset=utf-8Access-Control-Allow-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigrated,DDD-TMPL-Removed,deviceFeatures,Server-Timing,DDD-LocationAssignedAccess-Control-Expose-Headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,Velocity,DDD-Auth-Features,SoftLanding,PrefMigrated,DDD-TMPL-Removed,deviceFeatures,Server-Timing,DDD-LocationAssignedDDD-AuthenticatedWithJwtFlow: FalseDDD-UserType: AnonymousMuidDDD-StrategyExecutionLatency: 00:00:00.0015941,00:00:00.0017460DDD-ActivityId: 59dc93b9-16bf-4efb-9987-c2876138904dDDD-TMPL-Removed: FalseDDD-DebugId: 59dc93b9-16bf-4efb-9987-c2876138904d\|2025-03-12T16:14:36.1041821Z\|fabric_msn\|EUS2-A\|News_344DDD-Auth-Features: AT:NA;DID:m-09D127A13BAC64A13625320C3A8C6504;IT:App;MuidStateOrigin:MuidFromCookieOneWebServiceLatency: 3X-MSEdge-ResponseInfo: 3Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAX-Ceto-ref: 67d1b2ec047346158a0929c0d6ab7eab\|AFD:67d1b2ec047346158a0929c0d6ab7eab\|2025-03-12T16:14:36.107ZX-MSEdge-Ref: Ref A: A1D697D2163B41BBA6BE06FE942F355D Ref B: EWR30EDGE0412 Ref C: 2025-03-12T16:14:36ZExpires: Wed, 12 Mar 2025 16:14:36 GMTDate: Wed, 12 Mar 2025 16:14:36 GMTContent-Length: 88Connection: closeSet-Cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponlySet-Cookie: _C_Auth=Set-Cookie: MUIDB=09D127A13BAC64A13625320C3A8C6504; expires=Mon, 06 Apr 2026 16:14:36 GMT; path=/; httponlySet-Cookie: _EDGE_S=F=1&SID=205C5B550D8168240BF14EF80C8069C7; domain=.msn.com; path=/; httponlyAlt-Svc: h3=":443"; ma=86400Akamai-Request-BC: [a=23.200.89.137,b=41942033,c=g,n=US_NJ_SECAUCUS,o=20940],[a=150.171.28.12,c=o]Server-Timing: clientrtt; dur=22, client

Source: license.rtf.0.dr	String found in binary or memory: http://schemas.microsoft.
Source: Reporting and NEL.14.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
Source: Reporting and NEL.14.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingcsp
Source: Reporting and NEL.14.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingserp
Source: Reporting and NEL.14.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp
Source: Reporting and NEL.14.dr	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://bard.google.com/
Source: Reporting and NEL.14.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: 000003.log0.14.dr	String found in binary or memory: https://cdn.mos.cms.futurecdn.net/RjS4neeBaNTg5HjA8PuBmD-480-80.png&q=how
Source: 000003.log0.14.dr	String found in binary or memory: https://cdn.mos.cms.futurecdn.net/ZfVMYXzUn3Yh4dVeWDjoRZ-480-80.png&q=how
Source: 000003.log0.14.dr	String found in binary or memory: https://cdn.mos.cms.futurecdn.net/qiHVqDvYnXGQHGGFpSfag6-1200-80.jpg&q=how
Source: offscreendocument_main.js.14.dr, service_worker_bin_prod.js.14.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
Source: Web Data.14.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.14.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State0.14.dr, a58d56ca-4f5a-4aa6-8845-a1d8642fedcc.tmp.16.dr	String found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.14.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.14.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 983a89da-0dbb-4b4a-b436-a5a161984542.tmp.16.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.14.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 983a89da-0dbb-4b4a-b436-a5a161984542.tmp.16.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: Reporting and NEL.14.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json.14.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.14.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.14.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.14.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.14.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log5.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log3.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.14.dr, ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.14.dr, ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.14.dr, ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log5.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.14.dr, ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.14.dr, ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.14.dr, ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.14.dr, ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://gaana.com/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: Reporting and NEL.14.dr	String found in binary or memory: https://identity.nel.measure.office.net/api/report?catId=GW
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: Session_13386269553009841.14.dr	String found in binary or memory: https://login.microsoftonline.com
Source: 000005.ldb.14.dr, 000003.log0.14.dr, Session_13386269553009841.14.dr	String found in binary or memory: https://login.microsoftonline.com/
Source: Session_13386269553009841.14.dr	String found in binary or memory: https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.netFindAccountProviderWithAuthorityAsyncMalformed
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://m.kugou.com/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://m.soundcloud.com/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://m.vk.com/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://music.amazon.com
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://music.apple.com
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://music.yandex.com
Source: 000003.log0.14.dr	String found in binary or memory: https://ntp.msn.com/
Source: Session_13386269553009841.14.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://open.spotify.com
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://tidal.com/
Source: 000003.log0.14.dr	String found in binary or memory: https://ts1.mm.bing.net/th?id=OVP.ZyxBFwll1ny463qrrKuN6AEkII&pid=15.1&W=89&H=160"
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://vibe.naver.com/today
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://web.telegram.org/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://web.whatsapp.com
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.deezer.com/
Source: content_new.js.14.dr, content.js.14.dr	String found in binary or memory: https://www.google.com/chrome
Source: Web Data.14.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.instagram.com
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.last.fm/
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.messenger.com
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.office.com
Source: Top Sites.14.dr	String found in binary or memory: https://www.office.com/
Source: Top Sites.14.dr	String found in binary or memory: https://www.office.com/Office
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.tiktok.com/
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012ECE000.00000004.00000800.00020000.00000000.sdmp, ntkrnlmp.exe.0.dr	String found in binary or memory: https://www.windows.com/stopcode
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://www.youtube.com
Source: 000003.log0.14.dr	String found in binary or memory: https://www.youtube.com/watch?v=Gx9sPUXs1zI"
Source: 000003.log0.14.dr	String found in binary or memory: https://www.youtube.com/watch?v=ifj6gpW5agw"
Source: ffe0fdb2-741b-4728-a2cf-e5c53a23ba17.tmp.14.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49837 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49867 version: TLS 1.2

Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_c693bfe0-a

Operating System Destruction

Protects its processes via BreakOnTermination flag

Source: C:\Users\user\Desktop\pid.kvai.exe

Process information set: 01 00 00 00

Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB0950	0_2_00007FFC3DDB0950
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB5D08	0_2_00007FFC3DDB5D08
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB5C38	0_2_00007FFC3DDB5C38
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB5B9F	0_2_00007FFC3DDB5B9F
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB0775	0_2_00007FFC3DDB0775
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB32FC	0_2_00007FFC3DDB32FC

Source: mfc140ita.dll.0.dr	Static PE information: No import functions for PE file found
Source: mfc110ita.dll.0.dr	Static PE information: No import functions for PE file found
Source: mfc110jpn.dll.0.dr	Static PE information: No import functions for PE file found
Source: mfc140jpn.dll.0.dr	Static PE information: No import functions for PE file found

Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014E37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUpdateHeartbeat.dllv+ vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014E37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInputSwitch.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2611286803.0000000002D93000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevdsldr.exej% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWindows.UI.Input.Inking.Analysis.dllT vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameactiveds.TLBj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDirectXDatabaseUpdater.exej% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014437000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBitLockerCSP.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.00000000127B8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePSMServiceExtHost.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012ECE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefhshl.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012ECE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTokenBroker.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012ECE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: DefaultCapeDefaultCapLeapSecondsEnabledKVF_HotPatchSimulationProductVersionOriginalFilenameInternalNameLegalCopyrightFileDescriptionCompanyNameProductNameFileVersion\StringFileInfo\000004B0\\StringFileInfo\000004E4\\StringFileInfo\040904B0\\StringFileInfo\040904E4\\REGISTRY\USER vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012968000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWindows.Networking.ServiceDiscovery.Dnssd.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012968000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTenantRestrictionsPlugin.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012968000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUPPrinterInstallsCSP.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000012968000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenametrkwks.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2590325408.0000000000A8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSearchIndexer.exe@ vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2590325408.0000000000A8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSearchIndexer.exe.mui@ vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentkrnlmp.exej% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemstscax.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAppXDeploymentClient.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesrumsvc.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AslStringDuplicate failed [%x]AslFileMappingCreateRtlDosPathNameToNtPathName_U_WithStatus failed for %S [%x]RtlFileMapInitializeByFilePath failed %S [%x]NtQueryInformationFile failed [%x]AslpFileMappingGetFileKind failed %S [%x]AslFileMappingEnsureMappedAsAslFileMappingEnsureAslFileMappingEnsure failed [%x]AslFileMappingGetImageTypeExAslpFileGetImageNtHeader failed [%x]Failed to find the Cor20HeaderException encountered [%x]File mapping invalid [%x]AslpFileMappingGetFileKindAslFileMappingGetFileKindDetailUnhandled ASL_FILE_KIND: %dAslFileMappingGetImageTypeEx failed [%x]\SystemRoot\AslpFileLargeEnsureLargeFileMapping failed [%x]AslFileAllocAndGetAttributesAslpFileGetVersionAttributes failed [%x]AslpFileGetFileKindDetailAttribute failed [%x]AslpFileGetHeaderAttributesPE failed [%x]AslpFileGetPeExportNameExeWrapper failed [%x]AslpFileGetClrVersionAttribute failed [%x]AslpFileGetHeaderAttributesNE failed [%x]AslpFileGetChecksumAttributes failed [%x]AslpFileGetVersionBlock failed [%x]AslpFileGetVersionAttributesAslpFileMakeStringVersionAttributes failed [%x]AslpFileGetVersionBlockRtlFileMapMapView failed [%x]Re-mapped file as image to get version block: %lsFoundDid not find%ls version block after re-mapping as image [%x]LdrResFindResource failed [%x]LdrResFindResource failed %ls [%x]LdrResFindResource returned null version block with status: [%x]Version block has bad sizeVersion block out of rangeVS_VERSION_INFOVersion block invalidException retrieving version block [%x] for '%ls'ProductVersionFileDescriptionCompanyNameProductNameFileVersionOriginalFilenameInternalNameLegalCopyrightAslpFileVerQueryBlock failed [%x]AslpFileMakeStringVersionAttributesAslStringXmlSanitize failed [%x]AslpFileQueryVersionString failed [%x]AslpFileVerQueryBlockVersionBlock is too longVersionBlock not long enough\StringFileInfo\000004B0\\StringFileInfo\000004E4\\StringFileInfo\040904B0\\StringFileInfo\040904E4\RtlStringCchCopyW failed [%x]AslpFileQueryVersionStringRtlStringCchCatW failed [%x]\StringFileInfo\%04X%04X\%sRtlStringCchPrintfW failed [%x]AslpFileGetPeExportNameExeWrapperAslpFileGetHeaderAttributesPEAslpFileGetHeaderAttributesNEAslpFileGetNtHeaderAttributesFile mapping not a PE [%x]AslpFileGetImageNtHeaderAslpFileGetExeWrapperAslpFileHasActiveMarkWrapper failed (FileSize: %I64u) [%x]AslpFileHasActiveMarkWrapper failed [%x].securomAslpFileHasActiveMarkWrapper.ps4AslpFileQueryExportName failed [%x]AslpFileGetExportNameAslStringAnsiToUnicode failed [%x]AslpFileQueryExportNameRtlImageDirectoryEntryToData returned ExportDirectory that was too smallExport directory pointer invalid (points to location outside file), invalid image formatExport directory invalid or invalid image formatRtlStringCchCopyA failed [%x]AslpFileQuery16BitDescription failed [%x]AslpFileGet16BitDescriptionAslpFileQuery16BitModuleName failed [%x]AslpFileGet16BitModuleNameFile mapping invalidAslpFileQuery16BitDescriptionAslpFileQuery16BitModuleNameAslpFileGetChecksumAttributes called with a partial v
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepcwutl.dllj% vs pid.kvai.exe
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUFAT.DLLj% vs pid.kvai.exe

Source: mfc110ita.dll.0.dr	Static PE information: Section .rsrc
Source: mfc110jpn.dll.0.dr	Static PE information: Section .rsrc

Source: ntkrnlmp.exe.0.dr	Binary string: \Device\Unknownnt!store memory compression
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\FileInfo
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\Harddisk%d\Partition0
Source: ntkrnlmp.exe.0.dr	Binary string: \\Device\Ramdisk%wZ
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\VRegDriver
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\HarddiskVolume
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\Mup
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\PhysicalMemory
Source: ntkrnlmp.exe.0.dr	Binary string: \KernelObjects\MemoryPartition0\Device\RawDisk\Device\RawTape\Device\RawCdRom
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\ahcache\Registry\Machine\System\LastKnownGoodRecovery\LastGood.Tmp
Source: ntkrnlmp.exe.0.dr	Binary string: FullProcessInformationSID\Registry\Machine\SYSTEM\CurrentControlSet\Control\Windows\Device\UwfvolControl
Source: ntkrnlmp.exe.0.dr	Binary string: \Registry\Machine\System\CurrentControlSet\Control\Compatibility\Device\Registry\Machine\System\CurrentControlSet\Control\Compatibility
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\Harddisk%lu\Partition%lu
Source: ntkrnlmp.exe.0.dr	Binary string: SyspartGetPhysicalPartitions failed with error code: %x\Device\Harddisk%u\Partition%u
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\%08lx
Source: ntkrnlmp.exe.0.dr	Binary string: \Registry\Machine\System\SetupProductType\Registry\Machine\System\CurrentControlSet\Control\ProductOptionsSystemPrefixSetupTypeProductSuiteWinNTServerNTLanmanNTEnterpriseSmall BusinessConcurrentLimit\Registry\Machine\System\CurrentControlSet\Services\LicenseInfoSuitesTerminal ServerSmall Business(Restricted)BackOfficeCommunicationServerBladePersonalDataCenterEmbeddedNTCompute ServerStorage ServerSecurity ApplianceEmbedded(Restricted)Kernel-ProductTypePhoneNTSystemSetupInProgressWH Server\Callback\SetSystemTime\Callback\EnlightenmentState\Callback\Phase1InitComplete\Callback\ProcessorAdd\Callback\PowerState\Callback\SetSystemState\Callback\SeImageVerificationDriverInfoProductPolicy\Callback\LicensingDataCloudbookDeviceIDOSProductContentIdOSProductPfnConsumeAddonPolicySetSecurity-SPP-IgnoreDeferredActivationCloudbookDeviceLockedClip-SubscriptionPFN\SystemRoot\System32\locale.nls\Registry\Machine\SYSTEM\CurrentControlSet\Control\Nls\NLSTableVersion\Registry\Machine\System\CurrentControlSet\Control\Notifications\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\VolatileNotifications\REGISTRY\MACHINE\OSDATA\Notifications\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\NotificationsMemPersistOfflineDisableOfflineMemPfaTimeoutMemPfaThresholdMemPfaPageCountMemPfaDisableRestoreCmciErrorLimitRestoreCmciMaxAttemptsRestoreCmciEnabledIgnoreDummyWriteCMCPollingLimitCMCThresholdSecondsCMCThresholdCountKernel-NonGenuineNotificationStringIdsKernel-NonGenuineNotificationType\Registry\Machine\System\CurrentControlSet\Control\7503491f-4a39-4f84-b231-8aca3e203b94$Kernel.Purge.AppxFICacheSecurity-SPP-GenuineLocalStatusDriverDateDataDriverVersionMatchingDeviceIdProviderNameEnumPropPages32CoInstallers32DriverDescInfPathInfSectionInfSectionExtInstaller32NoInstallClassNoDisplayClassSilentInstallResourcePickerTagsResourcePickerExceptionsIncludedInfsIconDHPRebalanceOptOutLastDeleteDateFSFilterClassDeviceReportedNoUseClassDefault ServiceIconPathLowerLogoVersionInstallFlags\Device\LanmanRedirector\Device\VMBus\{4d12e519-17a0-4ae4-8eaa-5270fc6abdb7}-{dcc079ae-60ba-4d07-847c-3493609c0870}-0000\Device\vmsmb\Silos
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\RdyBoost
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\CdRom%d\Device\Harddisk%d\Partition0
Source: ntkrnlmp.exe.0.dr	Binary string: Eventlog-System\Device\WindowsTrustedRT\{699AA2F1-A42E-40DF-BABE-3AAAD2BB6A47}\Device\SysEnv
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\%s\Partition%lu\??\PhysicalDrive%lu
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\CdRom%d\ArcName\%s
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\DeviceApi
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\Harddisk%lu\Partition0
Source: ntkrnlmp.exe.0.dr	Binary string: \\Device\HarddiskVolume%lu
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\Device\BootDevice
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\VolumesSafeForWriteAccess
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\OSDataDevice
Source: ntkrnlmp.exe.0.dr	Binary string: \??\C:\Device\MountPointManager
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\Ramdisk%wZ
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\Harddisk%d\Partition%d
Source: ntkrnlmp.exe.0.dr	Binary string: \Driver\WMIxWDM\Device\WMIDataDevice
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\CdRom%d
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\MountPointManager
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\NamedPipeY
Source: ntkrnlmp.exe.0.dr	Binary string: \Device\Ramdisk

Source: C:\Windows\System32\userinit.exe	Process created: C:\Windows\explorer.exe
Source: C:\Windows\System32\userinit.exe	Process created: C:\Windows\explorer.exe

Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _ApplicationID, _Revision, _WorkId, Package, "Index", ApplicationType, Flags, Subsystem, PackageRelativeApplicationId, ApplicationUserModelId, DisplayName, Description, Square150x150Logo, Square44x44Logo, Wide310x150Logo, Square310x310Logo, Square71x71Logo, ForegroundText, BackgroundColor, Activation, HostId, Executable, Entrypoint, StartPage, ResourceGroup, LockScreenNotification, LockScreenBadgeLogo, SplashScreenImage, SplashScreenBackgroundColor, InitialRotationPreference, ApplicationViewMinWidth, AppListEntry, EditionId, VisualGroup, Parameters, _Dictionary FROM Application WHERE Package=? AND PackageRelativeApplicationId=? AND _WorkId=0;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _Revision, _WorkId, Application, "Index", Category, Activation, HostId, Executable, Entrypoint, RuntimeType, StartPage, ResourceGroup, Flags, Subsystem, Parameters, _LocalizedDictionary, _Dictionary FROM ApplicationExtension WHERE _ApplicationExtensionID=? AND (_WorkId=0 OR _WorkId=?) ORDER BY _WorkId DESC;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _PackageID, _Revision, _WorkId, PackageFamily, ResourceId, Architecture, Version, PackageFullName, IsInbox, PackageType, Flags, Flags2, DisplayName, PublisherDisplayName, Description, Logo, OSMinVersion, OSMaxVersionTested, TargetDeviceFamily, Capabilities, SupportedUsers, SignatureOrigin, PackageOrigin, Enterprise, SourceBundle, EditionId, OSVersionWhenIndexed, InPlaceUpdateBaseline, _Dictionary FROM Package WHERE _WorkId=0;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _PackageLocationID, _Revision, _WorkId, Package, Volume, InstalledLocation, MutableLink, MutableLocation, _Dictionary FROM PackageLocation WHERE Package=? AND _WorkId=0;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO FileTypeAssociation (_Revision, _WorkId, FileType, ContentType, Extension, "Index", ProgID, _Dictionary) VALUES(?,?,?,?,?,?,?,?);
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO Protocol (_Revision, _WorkId, ProtocolName, ReturnResults, Extension, "Index", ProgID, _Dictionary) VALUES(?,?,?,?,?,?,?,?);
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE ApplicationExtension SET _Revision=?, _WorkId=?, Application=?, "Index"=?, Category=?, Activation=?, HostId=?, Executable=?, Entrypoint=?, RuntimeType=?, StartPage=?, ResourceGroup=?, Flags=?, Subsystem=?, Parameters=?, _LocalizedDictionary=?, _Dictionary=? WHERE _ApplicationExtensionID=? AND _Revision=? AND _WorkId=0;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _ApplicationExtensionID, _Revision, _WorkId, Application, "Index", Category, Activation, HostId, Executable, Entrypoint, RuntimeType, StartPage, ResourceGroup, Flags, Subsystem, Parameters, _LocalizedDictionary, _Dictionary FROM ApplicationExtension WHERE Application=? AND "Index"=? AND _WorkId=0;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _PackageID, _Revision, _WorkId, PackageFamily, ResourceId, Architecture, Version, PackageFullName, IsInbox, PackageType, Flags, Flags2, DisplayName, PublisherDisplayName, Description, Logo, OSMinVersion, OSMaxVersionTested, TargetDeviceFamily, Capabilities, SupportedUsers, SignatureOrigin, PackageOrigin, Enterprise, SourceBundle, EditionId, OSVersionWhenIndexed, InPlaceUpdateBaseline, _Dictionary FROM Package WHERE (_WorkId=0 OR _WorkId=?);
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _ApplicationExtensionID, _Revision, _WorkId, Application, "Index", Category, Activation, HostId, Executable, Entrypoint, RuntimeType, StartPage, ResourceGroup, Flags, Subsystem, Parameters, _LocalizedDictionary, _Dictionary FROM ApplicationExtension WHERE Application=? AND "Index"=? AND (_WorkId=0 OR _WorkId=?) ORDER BY _WorkId DESC;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _PackageExternalLocationID, _Revision, _WorkId, User, Package, Path, _Dictionary FROM PackageExternalLocation WHERE User=? AND Package=? AND _WorkId=0;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _Revision, _WorkId, Application, "Index", Category, Activation, HostId, Executable, Entrypoint, RuntimeType, StartPage, ResourceGroup, Flags, Subsystem, Parameters, _LocalizedDictionary, _Dictionary FROM ApplicationExtension WHERE _ApplicationExtensionID=? AND _WorkId=0;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _ApplicationID, _Revision, _WorkId, Package, "Index", ApplicationType, Flags, Subsystem, PackageRelativeApplicationId, ApplicationUserModelId, DisplayName, Description, Square150x150Logo, Square44x44Logo, Wide310x150Logo, Square310x310Logo, Square71x71Logo, ForegroundText, BackgroundColor, Activation, HostId, Executable, Entrypoint, StartPage, ResourceGroup, LockScreenNotification, LockScreenBadgeLogo, SplashScreenImage, SplashScreenBackgroundColor, InitialRotationPreference, ApplicationViewMinWidth, AppListEntry, EditionId, VisualGroup, Parameters, _Dictionary FROM Application WHERE Package=? AND PackageRelativeApplicationId=? AND (_WorkId=0 OR _WorkId=?) ORDER BY _WorkId DESC;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT ae._ApplicationExtensionID, ae._Revision, ae._WorkId, ae.Application, ae."Index", ae.Category, ae.Activation, ae.HostId, ae.Executable, ae.Entrypoint, ae.RuntimeType, ae.StartPage, ae.ResourceGroup, ae.Flags, ae.Subsystem, ae.Parameters, ae._LocalizedDictionary, ae._Dictionary FROM ApplicationExtension AS ae INNER JOIN Application AS a ON a._ApplicationID=ae.Application WHERE ae.Flags & ?2 != 0 AND a.ApplicationUserModelId=?1 AND (ae._WorkId=0 OR ae._WorkId=?3) AND (a._WorkId=0 OR a._WorkId=?3);
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: UPDATE ApplicationExtension SET _Revision=?, _WorkId=?, Application=?, "Index"=?, Category=?, Activation=?, HostId=?, Executable=?, Entrypoint=?, RuntimeType=?, StartPage=?, ResourceGroup=?, Flags=?, Subsystem=?, Parameters=?, _LocalizedDictionary=?, _Dictionary=? WHERE _ApplicationExtensionID=? AND _Revision=? AND (_WorkId=0 OR _WorkId=?);
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT EXISTS(SELECT 1 FROM ApplicationExtension WHERE _ApplicationExtensionID=? AND (_WorkId=0 OR _WorkId=?) LIMIT 1);
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT EXISTS(SELECT 1 FROM ApplicationExtension WHERE _ApplicationExtensionID=? AND _WorkId=0 LIMIT 1);
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT ae._ApplicationExtensionID, ae._Revision, ae._WorkId, ae.Application, ae."Index", ae.Category, ae.Activation, ae.HostId, ae.Executable, ae.Entrypoint, ae.RuntimeType, ae.StartPage, ae.ResourceGroup, ae.Flags, ae.Subsystem, ae.Parameters, ae._LocalizedDictionary, ae._Dictionary FROM ApplicationExtension AS ae INNER JOIN Application AS a ON a._ApplicationID=ae.Application WHERE ae.Flags & ?2 != 0 AND a.ApplicationUserModelId=?1 AND ae._WorkId=0 AND a._WorkId=0;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO AppUriHandlerGroup (_Revision, _WorkId, Name, Extension, _Dictionary) VALUES(?,?,?,?,?);
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _Revision, ActivationKey, Flags, HostId, Executable, Entrypoint, RuntimeType, StartPage, ResourceGroup, _Dictionary FROM Activation WHERE _ActivationID=?;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _PackageLocationID, _Revision, _WorkId, Package, Volume, InstalledLocation, MutableLink, MutableLocation, _Dictionary FROM PackageLocation WHERE Package=? AND (_WorkId=0 OR _WorkId=?) ORDER BY _WorkId DESC;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT _PackageExternalLocationID, _Revision, _WorkId, User, Package, Path, _Dictionary FROM PackageExternalLocation WHERE User=? AND Package=? AND (_WorkId=0 OR _WorkId=?) ORDER BY _WorkId DESC;
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: INSERT INTO AppUriHandler (_Revision, _WorkId, HostName, Extension, ProgID, AppUriHandlerGroup, _Dictionary) VALUES(?,?,?,?,?,?,?);
Source: Login Data.14.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Users\user\Desktop\pid.kvai.exe "C:\Users\user\Desktop\pid.kvai.exe"
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\UserLanguageProfileCallback.dll
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\winethc.dll
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\PickerPlatform.dll
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528882
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\sechost.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:3
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\txfw32.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6556 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6756 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\provengine.dll
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\tvratings.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8344 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8344 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\userinit.exe "C:\Windows\system32\userinit.exe"
Source: C:\Windows\System32\userinit.exe	Process created: C:\Windows\explorer.exe C:\Windows\Explorer.EXE
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\XboxNetApiSvc.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=2580 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\UserLanguageProfileCallback.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\winethc.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\PickerPlatform.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\sechost.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\txfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\provengine.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\tvratings.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\userinit.exe "C:\Windows\system32\userinit.exe"	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Windows\system32\XboxNetApiSvc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6556 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6756 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8344 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=8344 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=2580 --field-trial-handle=2088,i,10365707062960969891,1768502364186994778,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\userinit.exe	Process created: C:\Windows\explorer.exe C:\Windows\Explorer.EXE

Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: twinui.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Section loaded: actxprxy.dll	Jump to behavior
Source: C:\Windows\System32\userinit.exe	Section loaded: userinitext.dll
Source: C:\Windows\System32\userinit.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\userinit.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\userinit.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\userinit.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\userinit.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: aepic.dll
Source: C:\Windows\explorer.exe	Section loaded: twinapi.dll
Source: C:\Windows\explorer.exe	Section loaded: userenv.dll
Source: C:\Windows\explorer.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\explorer.exe	Section loaded: powrprof.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: dxgi.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: propsys.dll
Source: C:\Windows\explorer.exe	Section loaded: coremessaging.dll
Source: C:\Windows\explorer.exe	Section loaded: urlmon.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\explorer.exe	Section loaded: wininet.dll
Source: C:\Windows\explorer.exe	Section loaded: uxtheme.dll
Source: C:\Windows\explorer.exe	Section loaded: dwmapi.dll
Source: C:\Windows\explorer.exe	Section loaded: sspicli.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: ntmarta.dll
Source: C:\Windows\explorer.exe	Section loaded: cryptsp.dll
Source: C:\Windows\explorer.exe	Section loaded: wldp.dll
Source: C:\Windows\explorer.exe	Section loaded: iertutil.dll
Source: C:\Windows\explorer.exe	Section loaded: srvcli.dll
Source: C:\Windows\explorer.exe	Section loaded: netutils.dll
Source: C:\Windows\explorer.exe	Section loaded: umpdc.dll
Source: C:\Windows\explorer.exe	Section loaded: profapi.dll
Source: C:\Windows\explorer.exe	Section loaded: edputil.dll
Source: C:\Windows\explorer.exe	Section loaded: apphelp.dll
Source: C:\Windows\explorer.exe	Section loaded: appresolver.dll
Source: C:\Windows\explorer.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\explorer.exe	Section loaded: slc.dll
Source: C:\Windows\explorer.exe	Section loaded: sppc.dll
Source: C:\Windows\explorer.exe	Section loaded: starttiledata.dll
Source: C:\Windows\explorer.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\explorer.exe	Section loaded: usermgrproxy.dll
Source: C:\Windows\explorer.exe	Section loaded: cscui.dll
Source: C:\Windows\explorer.exe	Section loaded: structuredquery.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.globalization.dll
Source: C:\Windows\explorer.exe	Section loaded: bcp47mrm.dll
Source: C:\Windows\explorer.exe	Section loaded: icu.dll
Source: C:\Windows\explorer.exe	Section loaded: mswb7.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.search.dll
Source: C:\Windows\explorer.exe	Section loaded: explorerframe.dll
Source: C:\Windows\explorer.exe	Section loaded: actxprxy.dll
Source: C:\Windows\explorer.exe	Section loaded: wintypes.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.staterepositoryps.dll

Source: msvcp120.dll.0.dr	Static PE information: real checksum: 0xacc61 should be: 0xa5c63
Source: mfc140ita.dll.0.dr	Static PE information: real checksum: 0x1bc4e should be: 0x1bb6b
Source: mfc110ita.dll.0.dr	Static PE information: real checksum: 0x1ebbf should be: 0x1edbd
Source: mfcm120.dll.0.dr	Static PE information: real checksum: 0x251d3 should be: 0x25203
Source: mfc120.dll.0.dr	Static PE information: real checksum: 0x568600 should be: 0x564e30
Source: msvcp140_atomic_wait.dll.0.dr	Static PE information: real checksum: 0x11849 should be: 0x1aa93
Source: mfc110jpn.dll.0.dr	Static PE information: real checksum: 0x12522 should be: 0x1c223
Source: pid.kvai.exe	Static PE information: real checksum: 0x0 should be: 0x626eb
Source: vccorlib140.dll.0.dr	Static PE information: real checksum: 0x5cbbf should be: 0x5cb47
Source: mfcm120u.dll.0.dr	Static PE information: real checksum: 0x1aebe should be: 0x24a22
Source: vcruntime140.dll.0.dr	Static PE information: real checksum: 0x1bf13 should be: 0x24926

Source: pid.kvai.exe	Static PE information: section name: z<,>$#
Source: pid.kvai.exe	Static PE information: section name:
Source: vcruntime140.dll.0.dr	Static PE information: section name: _RDATA
Source: mfcm120u.dll.0.dr	Static PE information: section name: .nep
Source: mfcm120.dll.0.dr	Static PE information: section name: .nep
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: PROTDATA
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: GFIDS
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: Pad1
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: PAGELK
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: POOLCODE
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: PAGEKD
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: PAGEVRFY
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: PAGEHDLS
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: PAGEBGFX
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: INITKDBG
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: TRACESUP
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: KVASCODE
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: RETPOL
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: MINIEX
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: Pad2
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: ALMOSTRO
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: CACHEALI
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: PAGEDATA
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: PAGEVRFD
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: INITDATA
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: Pad3
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: CFGRO
Source: ntkrnlmp.exe.0.dr	Static PE information: section name: Pad4

Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00404346 push rdx; retf	0_2_00404349
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00403451 push rbp; retf	0_2_00403459
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00402161 push rbp; iretd	0_2_00402164
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_0040296D push rbp; ret	0_2_00402973
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_0040648F push rsi; retf	0_2_00406490
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_0040359A push rcx; retf	0_2_004035CB
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_004039BB push rbp; retf	0_2_004039BC
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_004032BC push FFFFFF8Fh; retf	0_2_004032BE
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB00BD pushad ; iretd	0_2_00007FFC3DDB00C1
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB10A5 push ds; retf	0_2_00007FFC3DDB10A6
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB0C63 pushfd ; retf	0_2_00007FFC3DDB0C64
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB106F push ds; retf	0_2_00007FFC3DDB1072
Source: C:\Users\user\Desktop\pid.kvai.exe	Code function: 0_2_00007FFC3DDB66BC push edx; retf	0_2_00007FFC3DDB66BD

Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\mfcm120u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\mfc140jpn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\mfc140ita.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\ntkrnlmp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\mfc110ita.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\msclmd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\mfcm120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\msvcp140_atomic_wait.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\mfc110jpn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	File created: C:\Windows\System32\mfc120.dll	Jump to dropped file

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868			Jump to behavior

Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\pid.kvai.exe	Memory allocated: 990000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Memory allocated: 1A7B0000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm120u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\vccorlib140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140jpn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc140ita.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\ntkrnlmp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc110ita.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\msclmd.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\mfcm120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc110jpn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\msvcp140_atomic_wait.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pid.kvai.exe	Dropped PE file which has not been started: C:\Windows\System32\mfc120.dll	Jump to dropped file

Source: C:\Users\user\Desktop\pid.kvai.exe TID: 7948	Thread sleep time: -172000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe TID: 7480	Thread sleep time: -46360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe TID: 7480	Thread sleep time: -40306s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe TID: 7480	Thread sleep time: -56700s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe TID: 7480	Thread sleep time: -47593s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe TID: 7480	Thread sleep time: -44110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe TID: 7480	Thread sleep time: -45134s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\pid.kvai.exe	Thread delayed: delay time: 46360	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Thread delayed: delay time: 40306	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Thread delayed: delay time: 56700	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Thread delayed: delay time: 47593	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Thread delayed: delay time: 44110	Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Thread delayed: delay time: 45134	Jump to behavior

Source: C:\Users\user\Desktop\pid.kvai.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\pid.kvai.exe	Process token adjusted: Debug			Jump to behavior

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report pid.kvai.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
pid.kvai.exe

Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ITfLangBarMgr creation failedShell_TrayWndReBarWindow32ITfLangBarMgr::GetShowFloatingStatus failedRdpXInterfaceRemoteAppCore::sendRailPdu failedRailLanguageBarDeskBandCiceroUIWndFrame-TF_FloatingLangBar_WndTitle
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000014E37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Keyboard Layout\ToggleKeyboard Layout\ShowToast03B5835F-F03C-411B-9CE2-AA23E1171E36shell\ext\inputswitch\switch\inputswitchui.cppmainModeTilePressedModeTileDisabledModeTileInactiveModalityTilePressedModalityTileDisabledIsolatedButtonIsolatedButtonPressedSettingsLinkButtonModeTileScrollViewerModeTileContainerModalityAreaSeparatorModalityTileContainerModalityAreaInfoAreaInputSwitchAccRootsliderShell_TrayWndms-settings:regionlanguageModalityIconShortModalityTileColorPrevalenceSOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeTileContextMenuWindowMessage<toast duration="long" launch="%s"> <visual> <binding template="ToastGeneric"> <text id="1">%s</text> <text id="2" hint-maxLines="4">%s</text> </binding> </visual> <actions> <action activationType="foreground" arguments="Customize" content="%s"/> <action activationType="foreground" arguments="Dismiss" content="%s"/> </actions> </toast>Microsoft.Windows.InputSwitchToastHandlerNonImmersivePackageSWITCH_SOURCE_HOTKEY_FORWARDSWITCH_SOURCE_HOTKEY_PREVIOUSSWITCH_SOURCE_HOTKEY_REVERSESWITCH_SOURCE_HOTKEY_ADVANCEDSWITCH_SOURCE_SHORTCUTSWITCH_SOURCE_UI_DESKTOPSWITCH_SOURCE_UI_LOGONUISWITCH_SOURCE_UI_UACSWITCH_SOURCE_UI_OOBESWITCH_SOURCE_UI_TOUCHKEYBOARDSWITCH_SOURCE_UI_SETTINGSPANESWITCH_SOURCE_UI_OTHERSWITCH_SOURCE_OTHEROOPModeIndicatorShowUIonecore\internal\sdk\inc\wil\Resource.hInputSwitchNotificationShownActivatePostponedProfileActivateProfileRetryAfterZeroInputProfilesFromTsf
Source: pid.kvai.exe, 00000000.00000002.2629407794.0000000013A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Shell_traywnd

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	112 Process Injection	11 Masquerading	11 Input Capture	12 Security Software Discovery	1 Taint Shared Content	11 Input Capture	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Bootkit	1 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	112 Process Injection	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	15 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	22 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Bootkit	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Rundll32	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Timestomp	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 DLL Side-Loading	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement