Windows Analysis Report
http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWo

Overview

General Information

Sample URL: http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtAS
Analysis ID: 1640810
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA
Score: 84
Range: 0 - 100
Confidence: 100%

Signatures

Yara detected AntiDebug via timestamp check
Yara detected HtmlPhish44
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected suspicious Javascript
Creates files inside the system directory
Deletes files inside the Windows folder
Detected suspicious crossdomain redirect
HTML page contains hidden javascript code
Queries the volume information (name, serial number etc) of a device

Classification

Phishing
barindex
Yara detected HtmlPhish44
Source: Yara match File source: dropped/chromecache_77, type: DROPPED
Yara detected Invisible JS
Source: Yara match File source: 1.6.d.script.csv, type: HTML
Source: Yara match File source: 1.5.pages.csv, type: HTML
Source: Yara match File source: 1.6.pages.csv, type: HTML
Yara detected Obfuscation Via HangulCharacter
Source: Yara match File source: 1.6.d.script.csv, type: HTML
Source: Yara match File source: 1.5.pages.csv, type: HTML
Source: Yara match File source: 1.6.pages.csv, type: HTML
Yara detected Tycoon 2FA PaaS
Source: Yara match File source: 1.11..script.csv, type: HTML
Source: Yara match File source: 1.7.d.script.csv, type: HTML
Source: Yara match File source: 1.5.pages.csv, type: HTML
Source: Yara match File source: 1.6.pages.csv, type: HTML
AI detected suspicious Javascript
Source: 1.7.d.script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including detecting browser automation tools, blocking keyboard shortcuts and right-click functionality, and redirecting the user to an external website (eBay) after a delay. These behaviors are highly suspicious and indicate potential malicious intent, such as preventing the user from interacting with the page or redirecting them to a phishing site.
Source: 1.6.d.script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk behaviors, including dynamic code execution via `eval()` and potential data exfiltration. The use of obfuscated strings and complex encoding techniques further increases the risk. While the specific intent is unclear, the overall behavior is highly suspicious and likely malicious.
Source: 1.5..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://e8q.dianausil.com/IDLK/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob` and `decodeURIComponent` to decode and execute remote content is a clear indicator of malicious intent. Additionally, the script appears to be sending data to an untrusted domain, which further increases the risk. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
HTML page contains hidden javascript code
Source: https://ea984537f5e0cd5066ea35d8.bensipo.com/ HTTP Parser: Base64 decoded: 1742233981.000000
Source: https://ea984537f5e0cd5066ea35d8.bensipo.com/ HTTP Parser: No favicon
Source: https://ea984537f5e0cd5066ea35d8.bensipo.com/ HTTP Parser: No favicon
Source: https://e8q.dianausil.com/IDLK/ HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49690 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.110.180.34:443 -> 192.168.2.7:49693 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49694 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.7:49695 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.7:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.214.184:443 -> 192.168.2.7:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.7:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.7:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.7:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.3.189:443 -> 192.168.2.7:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.3.189:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.7:49754 version: TLS 1.2
Detected suspicious crossdomain redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: email.shop2.wonderpark.my to https://ea984537f5e0cd5066ea35d8.bensipo.com/
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.185.195
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWo HTTP/1.1Host: email.shop2.wonderpark.myConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: ea984537f5e0cd5066ea35d8.bensipo.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: ea984537f5e0cd5066ea35d8.bensipo.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ea984537f5e0cd5066ea35d8.bensipo.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiKo8sBCIWgzQEI9s/OAQiA1s4BCMHYzgEIydzOAQiE4M4BCKLkzgEIr+TOAQjp5M4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js? HTTP/1.1Host: ea984537f5e0cd5066ea35d8.bensipo.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://ea984537f5e0cd5066ea35d8.bensipo.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/sbfee/0x4AAAAAABBIwHrmlnB0pCkt/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeReferer: https://ea984537f5e0cd5066ea35d8.bensipo.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=921e59015ebb238a&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/sbfee/0x4AAAAAABBIwHrmlnB0pCkt/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/jsd/r/0.21436989151292504:1742232294:ldmsQSYt3ZympvHg39J2rCNtyLb8mgRCv-XFkhfJQWg/921e58f27e884375 HTTP/1.1Host: ea984537f5e0cd5066ea35d8.bensipo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/sbfee/0x4AAAAAABBIwHrmlnB0pCkt/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ea984537f5e0cd5066ea35d8.bensipo.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ea984537f5e0cd5066ea35d8.bensipo.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=0ajdqJYLz2v37trmAkv2BnRQHk65fpPm2b9yaf_F8l0-1742233984-1.2.1.1-Qnbxyxvr1A.YPBfc4ioUhOMVvbOfU93suYVsAXEBjAzD6S9VcKCac6Lmsdh6hV6pV_gT4BecifKWdKlV9XGKt5Bt06a3S5OEQI78VL0A_hW8mm9npsNnin8uORJ8Nb0TqLg8LwzOk8p2o9W935S9mtayLUrGahBA78tANY4Ske2kfsG.wosDseQP3dokvgtA_aSpg1IczanzjYiwO6_gv1cJg2cNrjE3nCEOP1i6J5LZVKyfjI3JWuJCmK4Tywhvx7ALkLYkkruwa_7vWLKLF2ZnmyXsMUyp2gIYVKkPsSczjOMWC3yqnkOy81e3cgdlVgQ9k2NVTuLez8TymgOWI48MU_fPFTgzAp0c0UxsQZg
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ea984537f5e0cd5066ea35d8.bensipo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1294026076:1742232381:41WPoJoCDM-JeaVeJQPTNklA0f0Qmp34xG6yFum_9z0/921e59015ebb238a/hKOBMvc0toaMQwKVbGCdXnuJMW.sBITaALXqlda8iEM-1742233984-1.1.1.1-NqisWCClCY3HSV4ktPrDnOoYZVBh4Y_18y_nSJwnKR8W1nEeSVR9vU.UsiKJyTCP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/921e59015ebb238a/1742233986079/446d303a1f1f1ff73a6f733f3cbed42a33256c3d46e760707309bfe2f6b4e22d/k8Dvnkxfh4Fj6a0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/sbfee/0x4AAAAAABBIwHrmlnB0pCkt/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e59015ebb238a/1742233986081/qSpL7xgYWAE54SW HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/sbfee/0x4AAAAAABBIwHrmlnB0pCkt/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/921e59015ebb238a/1742233986081/qSpL7xgYWAE54SW HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1294026076:1742232381:41WPoJoCDM-JeaVeJQPTNklA0f0Qmp34xG6yFum_9z0/921e59015ebb238a/hKOBMvc0toaMQwKVbGCdXnuJMW.sBITaALXqlda8iEM-1742233984-1.1.1.1-NqisWCClCY3HSV4ktPrDnOoYZVBh4Y_18y_nSJwnKR8W1nEeSVR9vU.UsiKJyTCP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?cf_captcha=verified HTTP/1.1Host: ea984537f5e0cd5066ea35d8.bensipo.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://ea984537f5e0cd5066ea35d8.bensipo.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=0ajdqJYLz2v37trmAkv2BnRQHk65fpPm2b9yaf_F8l0-1742233984-1.2.1.1-Qnbxyxvr1A.YPBfc4ioUhOMVvbOfU93suYVsAXEBjAzD6S9VcKCac6Lmsdh6hV6pV_gT4BecifKWdKlV9XGKt5Bt06a3S5OEQI78VL0A_hW8mm9npsNnin8uORJ8Nb0TqLg8LwzOk8p2o9W935S9mtayLUrGahBA78tANY4Ske2kfsG.wosDseQP3dokvgtA_aSpg1IczanzjYiwO6_gv1cJg2cNrjE3nCEOP1i6J5LZVKyfjI3JWuJCmK4Tywhvx7ALkLYkkruwa_7vWLKLF2ZnmyXsMUyp2gIYVKkPsSczjOMWC3yqnkOy81e3cgdlVgQ9k2NVTuLez8TymgOWI48MU_fPFTgzAp0c0UxsQZg
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/1294026076:1742232381:41WPoJoCDM-JeaVeJQPTNklA0f0Qmp34xG6yFum_9z0/921e59015ebb238a/hKOBMvc0toaMQwKVbGCdXnuJMW.sBITaALXqlda8iEM-1742233984-1.1.1.1-NqisWCClCY3HSV4ktPrDnOoYZVBh4Y_18y_nSJwnKR8W1nEeSVR9vU.UsiKJyTCP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /IDLK/ HTTP/1.1Host: e8q.dianausil.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://ea984537f5e0cd5066ea35d8.bensipo.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e8q.dianausil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e8q.dianausil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e8q.dianausil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://e8q.dianausil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://e8q.dianausil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.png HTTP/1.1Host: developers.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=3tQx6xLi4RW6yCO_JOCJ4MDAKI..7y_cYSDT37ZKA.0-1742234000-1.0.1.1-s6nytCIaAGMJlzRYL1vZ_WK3H07ETC72XyakgDilFHpS1RvsiqJsfLWt_sEjl4X562txyGKeN0JKaSgRxnb8qLtVDNz3UcHsk4wJvJf1kp0
Source: global traffic HTTP traffic detected: GET /chiriya$pbbozaxq HTTP/1.1Host: bl6gb.cuisbp.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://e8q.dianausil.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://e8q.dianausil.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /chiriya$pbbozaxq HTTP/1.1Host: bl6gb.cuisbp.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: e8q.dianausil.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://e8q.dianausil.com/IDLK/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Imx2MElCM202NWZxZkxiZ0IxbWM5U0E9PSIsInZhbHVlIjoiRk4wUi94Uml1Si8xRWZadTVJYjE4Sm5uTUlodjBoWGJmV2hRSjBCMHBlbkxHQ2haNkNONUU3cENIOXErUmJEUjZCT3h2SUFFbUxVRkgyUW05SHEwdEdUQ2YwYUlRZnRtaGV3UXFqOTRPNkhqTUlDVlZCdEp2OTdxeTR1aWw4REkiLCJtYWMiOiJiNGExMmRhZjJmODJiNTA3MWE0YzQxZDUzZTVhNDkwNjYyZmYwNTY1MTE2NWIxOTU4N2JiMTBjNWJhNDVmOGIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktuRjh4TjRMQUdEdkh4OXpjR0hURFE9PSIsInZhbHVlIjoiazV4blVLWW00R2lRYmtwNTlNSzk3TmtvWFJ4VzJSUHdzVm5LTFp6aUN1cE5lQ3ZLbzBYVEd0RkdTLzFjbjFqVXJQQ01HWElmZm8rVTBYN3lUZkx3YSt3SGhpN2NUQ3JBcFFIWFhiV2tOQ3E2OUl5Qjh0OGFiMk1pdXhGWjFIRFYiLCJtYWMiOiIwYzJlN2FmYzgzYmZkNGY3YWQ4MDE3NzUyNTVkNjRmNTBjNzU1NTVhYmUyM2EwYTM2M2E0NTMzMTMxMzdkNjZhIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: email.shop2.wonderpark.my
Source: global traffic DNS traffic detected: DNS query: ea984537f5e0cd5066ea35d8.bensipo.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: e8q.dianausil.com
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: developers.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: bl6gb.cuisbp.ru
Source: unknown HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/jsd/r/0.21436989151292504:1742232294:ldmsQSYt3ZympvHg39J2rCNtyLb8mgRCv-XFkhfJQWg/921e58f27e884375 HTTP/1.1Host: ea984537f5e0cd5066ea35d8.bensipo.comConnection: keep-aliveContent-Length: 16646sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: text/plain;charset=UTF-8sec-ch-ua-mobile: ?0Accept: */*Origin: https://ea984537f5e0cd5066ea35d8.bensipo.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 17 Mar 2025 17:53:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: cloudflareReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y884iMIgPVi3knRLZTUtq4LxZljcqyY6RjefASVkSypQafysjJtIKrL92cvrXssALgCgNouJlJaz01LPX4gDhdSNom1FU7pdakUFHRBzFE6uGcKIH00aQVnza7dN"}],"group":"cf-nel","max_age":604800}Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-EncodingServer-Timing: cfL4;desc="?proto=TCP&rtt=32982&min_rtt=32840&rtt_var=12417&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=2234&delivery_rate=86723&cwnd=32&unsent_bytes=0&cid=cb9da5b24596e2b1&ts=332&x=0"Cache-Control: max-age=14400Cf-Cache-Status: EXPIREDCF-RAY: 921e5a1d5ee5fbf2-EWRalt-svc: h3=":443"; ma=86400
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://test-exp-s2s.msedge.net/ab/
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://test-exp-s2s.msedge.net/ab/ccacheFileFullNotificationPercentagecacheMemoryFullNotificationPer
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://test-exp-s2s.msedge.net/ab/ccodeintegrityguardd
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://test-exp-s2s.msedge.net/ab/gecacheMemoryFullNotificationPercentagecacheFileFullNotificationPe
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://test-exp-s2s.msedge.net/ab/https://config.edge.skype.com/config/v1/cacheFileFullNotificationP
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.aadrm.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.aadrm.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.addins.store.office.com/app/query
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.cortana.ai
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.diagnostics.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.diagnosticssdf.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.microsoftstream.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.microsoftstream.com/api/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.office.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.onedrive.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://api.scheduler.
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://apis.live.net/v5.0/
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://apis.live.net/v5.0/P
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://app.powerbi.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://augloop.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://augloop.office.com/v2
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://autodiscover-s.outlook.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: HxAccounts.exe, 00000014.00000002.1649346367.0000026220C00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://az804205.vo.msecnd.net/
Source: HxAccounts.exe, 00000014.00000002.1649346367.0000026220C00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://az804205.vo.msecnd.net/f
Source: HxAccounts.exe, 00000014.00000002.1649346367.0000026220C00000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://az815563.vo.msecnd.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://canary.designerapp.
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/create-module
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.entity.
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://clients.config.office.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://clients.config.office.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://config.edge.skype.com/config/v1/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://config.edge.skype.com/config/v1/advancedprotectionsblockremoteimageloadsropstackpivotdetecti
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://config.edge.skype.com/config/v1/standardprotections
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://config.edge.skype.net/config/v1/
Source: HxAccounts.exe, 00000014.00000002.1649560106.0000026220C2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://config.edge.skype.net/config/v1/(
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cortana.ai
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cortana.ai/api
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://cr.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://d.docs.live.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://dataservice.o365filtering.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://dataservice.o365filtering.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://designerapp.azurewebsites.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://designerappservice.officeapps.live.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://dev.cortana.ai
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://devnull.onenote.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://directory.services.
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ecs.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://edge.skype.com/registrar/prod
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://edge.skype.com/rps
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://enrichment.osi.office.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://entitlement.diagnostics.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://graph.ppe.windows.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://graph.ppe.windows.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://graph.windows.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://graph.windows.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ic3.teams.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://incidents.diagnostics.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://invites.office.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://lifecycle.office.com
Source: HxAccounts.exe, 00000014.00000002.1653504478.0000026227024000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com
Source: HxAccounts.exe, 00000014.00000002.1653504478.0000026227024000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://login.microsoftonline.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://login.microsoftonline.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://login.microsoftonline.com/organizations
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: HxAccounts.exe, 00000014.00000002.1653504478.0000026227024000.00000004.00000020.00020000.00000000.sdmp, 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://login.windows.local
Source: HxAccounts.exe, 00000014.00000002.1653504478.0000026227024000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.local/
Source: HxAccounts.exe, 00000014.00000002.1653504478.0000026227024000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.net
Source: HxAccounts.exe, 00000014.00000002.1653504478.0000026227024000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.windows.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://make.powerautomate.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://management.azure.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://management.azure.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://management.core.windows.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://messaging.action.office.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://messaging.engagement.office.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://messaging.lifecycle.office.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://messaging.office.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://mss.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ncus.contentsync.
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ncus.pagecontentsync.
Source: HxAccounts.exe, 00000014.00000002.1649417507.0000026220C13000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nexus.officeapps.live.com
Source: HxAccounts.exe, 00000014.00000002.1649417507.0000026220C13000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nexusrules.officeapps.live.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://officeapps.live.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://officepyservice.office.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://onedrive.live.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://onedrive.live.com/embed?
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://otelrules.svc.static.microsoft
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://outlook.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://outlook.office.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://outlook.office365.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://outlook.office365.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://outlook.office365.com/connectors
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://pages.store.office.com/review/query
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://planner.cloud.microsoft
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://powerlift-user.acompli.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://powerlift.acompli.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://prod.support.office.com/InAppHelp
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://pushchannel.1drv.ms
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://res.cdn.office.net
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.41
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://service.powerapps.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://settings.outlook.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://shell.suite.office.com:1443
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://skyapi.live.net/Activity/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://staging.cortana.ai
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://storage.azure.com/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://store.office.cn/addinstemplate
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://store.office.de/addinstemplate
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://substrate.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://syncservice.o365syncservice.com/&quot;
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://teams.cloud.microsoft/ups/global/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://templatesmetadata.office.net/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://web.microsoftstream.com/video/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://webshell.suite.office.com
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://wus2.contentsync.
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://wus2.pagecontentsync.
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://www.odwebp.svc.ms
Source: 6B44DB5D-08AD-4907-BC99-5E541C2473BC.14.dr String found in binary or memory: https://www.yammer.com
Source: HxAccounts.exe, 00000014.00000002.1653504478.0000026227024000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://xsts.auth.xboxlive.com
Source: HxAccounts.exe, 00000014.00000002.1653504478.0000026227024000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://xsts.auth.xboxlive.com/xI
Source: HxAccounts.exe, 00000014.00000002.1653621023.0000026227066000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://xsts.auth.xboxlive.comJ
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown HTTPS traffic detected: 142.250.186.100:443 -> 192.168.2.7:49690 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.110.180.34:443 -> 192.168.2.7:49693 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.7:49694 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.7:49695 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.7:49703 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.7:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.214.184:443 -> 192.168.2.7:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.7:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.18.94.41:443 -> 192.168.2.7:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.7:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.3.189:443 -> 192.168.2.7:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.16.3.189:443 -> 192.168.2.7:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.7:49754 version: TLS 1.2
Creates files inside the system directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\scoped_dir5396_1712520512 Jump to behavior
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\SystemTemp\scoped_dir5396_1712520512 Jump to behavior
Source: classification engine Classification label: mal84.phis.evad.win@29/34@36/12
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe File created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AppData Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,9727884541773850610,4445707927864066667,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2100 /prefetch:3
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWo"
Source: unknown Process created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
Source: unknown Process created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1956,i,9727884541773850610,4445707927864066667,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2100 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: microsoft.applications.telemetry.windows.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: msoimm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: mso40uiimm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: mso30imm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: mso20imm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: office.ui.xaml.core.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: office.ui.xaml.word.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: vccorlib140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: vccorlib140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: vccorlib140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: mso98imm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: mso50imm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: mso98imm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: hxoutlook.model.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.storage.applicationdata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: hxcomm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.applicationmodel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.staterepositorycore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.networking.connectivity.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.networking.hostname.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.energy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: rometadata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: hxoutlook.view.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: office.ui.xaml.hxshared.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: hxoutlook.viewmodel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: clipc.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: hxoutlook.resources.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.ui.xaml.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.staterepositoryclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: execmodelproxy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: uiamanager.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.ui.core.textinput.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: profext.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: office.ui.xaml.hx.mail.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: threadpoolwinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.graphics.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: office.ui.xaml.hxcalendar.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.system.remotedesktop.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.ui.xaml.controls.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.system.profile.systemid.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.system.profile.retailinfo.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: msxml6.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: winrttracing.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: photometadatahandler.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: ploptin.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: webservices.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: userdataaccountapis.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: userdataplatformhelperutil.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.accountscontrol.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: accountsrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: aphostclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: oartim.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: globinputhost.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: gfxim.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: cryptowinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.applicationmodel.datatransfer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: windows.system.profile.hardwareid.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Section loaded: execmodelclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: hxoutlook.model.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: microsoft.applications.telemetry.windows.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: mso20imm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: vccorlib140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: mso30imm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: mso20imm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: vccorlib140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: vccorlib140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: vcruntime140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: msvcp140_app.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.ui.xaml.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.staterepositorycore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: office.ui.xaml.hxaccounts.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.storage.applicationdata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: hxcomm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.applicationmodel.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.networking.connectivity.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.networking.hostname.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.energy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: rometadata.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: mrmcorer.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.staterepositoryclient.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.shell.servicehostbuilder.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: execmodelproxy.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: uiamanager.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.ui.core.textinput.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.accountscontrol.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.security.authentication.web.core.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.ui.xaml.controls.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: profext.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: winrttracing.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: hxoutlook.resources.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: msftedit.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: globinputhost.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: windows.graphics.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: wuceffects.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Section loaded: threadpoolwinrt.dll Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32 Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe File opened: C:\Windows\SYSTEM32\msftedit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Key opened: \REGISTRY\A\{99824dfd-c8cf-e08a-f064-76fc9d660adf}\LocalState\HKEY_CURRENT_USER\Software\Microsoft\Office Test\Special\PerfImm Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiDebug via timestamp check
Source: Yara match File source: 1.7.d.script.csv, type: HTML
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe File Volume queried: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState FullSizeInformation Jump to behavior
Source: settings.dat.14.dr Binary or memory string: VMware, Inc. VMware20,1
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\officons.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\officons.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\officons.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\officons.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\officons.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\officons.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1640810 URL: http://email.shop2.wonderpa... Startdate: 17/03/2025 Architecture: WINDOWS Score: 84 26 Yara detected AntiDebug via timestamp check 2->26 28 Yara detected Tycoon 2FA PaaS 2->28 30 Yara detected Obfuscation Via HangulCharacter 2->30 32 3 other signatures 2->32 6 chrome.exe 10 2->6         started        9 HxOutlook.exe 103 30 2->9         started        11 HxAccounts.exe 1 2->11         started        13 chrome.exe 2->13         started        process3 dnsIp4 18 192.168.2.7, 443, 49672, 49690 unknown unknown 6->18 15 chrome.exe 6->15         started        process5 dnsIp6 20 e8q.dianausil.com 172.67.214.184, 443, 49728, 49743 CLOUDFLARENETUS United States 15->20 22 www.google.com 142.250.186.100, 443, 49690, 49752 GOOGLEUS United States 15->22 24 10 other IPs or domains 15->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
34.110.180.34
 unknown United States
15169 GOOGLEUS false
104.17.24.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
104.16.3.189
 developers.cloudflare.com United States
13335 CLOUDFLARENETUS false
104.18.94.41
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
188.114.97.3
 bl6gb.cuisbp.ru European Union
13335 CLOUDFLARENETUS false
188.114.96.3
 ea984537f5e0cd5066ea35d8.bensipo.com European Union
13335 CLOUDFLARENETUS false
151.101.66.137
 code.jquery.com United States
54113 FASTLYUS false
142.250.186.100
 www.google.com United States
15169 GOOGLEUS false
34.102.239.211
 mailgun.org United States
15169 GOOGLEUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
172.67.214.184
 e8q.dianausil.com United States
13335 CLOUDFLARENETUS true

Private

IP
192.168.2.7

Contacted Domains

Name IP Active
bl6gb.cuisbp.ru 188.114.97.3 true
a.nel.cloudflare.com 35.190.80.1 true
code.jquery.com 151.101.66.137 true
developers.cloudflare.com 104.16.3.189 true
cdnjs.cloudflare.com 104.17.24.14 true
challenges.cloudflare.com 104.18.94.41 true
www.google.com 142.250.186.100 true
ea984537f5e0cd5066ea35d8.bensipo.com 188.114.96.3 true
mailgun.org 34.102.239.211 true
e8q.dianausil.com 172.67.214.184 true
email.shop2.wonderpark.my unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/921e59015ebb238a/1742233986079/446d303a1f1f1ff73a6f733f3cbed42a33256c3d46e760707309bfe2f6b4e22d/k8Dvnkxfh4Fj6a0 false
    		high
    https://ea984537f5e0cd5066ea35d8.bensipo.com/cdn-cgi/challenge-platform/h/g/jsd/r/0.21436989151292504:1742232294:ldmsQSYt3ZympvHg39J2rCNtyLb8mgRCv-XFkhfJQWg/921e58f27e884375 false
    • Avira URL Cloud: safe
    		 unknown
    https://a.nel.cloudflare.com/report/v4?s=YktiOv6DP0G%2FIi2tLmYQnYIzd0n81g5PSqb%2FtDODU1m411kSko8MTu7Ks9z6qlyn1YEHdgqgRwg2I87vF%2BaKePqtAbfKyVRWa5XDJH44rFjEbk8kqA4C8ixhPUZS2CwAlNVzeepS%2FwKUIerexWKgNaFETPMr96o%3D false
      		high
      https://challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js false
        		high
        https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js false
          		high
          https://bl6gb.cuisbp.ru/chiriya$pbbozaxq false
          • Avira URL Cloud: safe
          		 unknown
          https://email.shop2.wonderpark.my/c/eJwUyk1uhSAQAODTwJIM8wPzFiy68R4KYzX1iRHTprdvuv9aiRbTDN5KzIyIokp-K7YirKlWzVWAeRFKVVflF5OpSvJ7QUABijkKKVBgihmqGWBeYGnsGMbWLww__Wx2X_P9Fd6__ijb81zD0YfDyeFk80tZKK9iUJtASjaTNA2LnWO_eqj97XDyd7EWtv45n6OfjqHeNp5jP23rjx3jn_nvgn8BAAD__y9yPWo false
          • Avira URL Cloud: safe
          		 unknown
          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/sbfee/0x4AAAAAABBIwHrmlnB0pCkt/auto/fbE/new/normal/auto/ false
            		high
            https://e8q.dianausil.com/IDLK/ true
              		unknown
              https://challenges.cloudflare.com/turnstile/v0/api.js false
                		high
                https://ea984537f5e0cd5066ea35d8.bensipo.com/favicon.ico false
                • Avira URL Cloud: safe
                		 unknown
                https://code.jquery.com/jquery-3.6.0.min.js false
                  		high