| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\ | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\ | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\ | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\ | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Config\ | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\ | Jump to behavior |
| Source: fMDYks4W2a.exe, 00000000.00000003.2212378863.000001E65D23F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte |
| Source: fMDYks4W2a.exe, 00000000.00000003.2248432687.000001E65D0F8000.00000004.00000020.00020000.00000000.sdmp, fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D06F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D159000.00000004.00000020.00020000.00000000.sdmp, fMDYks4W2a.exe, 00000000.00000003.2248432687.000001E65D0D8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5 |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D06F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5 |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D06F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D06F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
| Source: fMDYks4W2a.exe, 00000000.00000003.2248432687.000001E65D0F8000.00000004.00000020.00020000.00000000.sdmp, fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D06F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
| Source: fMDYks4W2a.exe, 00000000.00000003.2248432687.000001E65D0F8000.00000004.00000020.00020000.00000000.sdmp, fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D06F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
| Source: fMDYks4W2a.exe, 00000000.00000003.2248432687.000001E65D12C000.00000004.00000020.00020000.00000000.sdmp, fMDYks4W2a.exe, 00000000.00000003.2248432687.000001E65D130000.00000004.00000020.00020000.00000000.sdmp, fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D0A4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
| Source: fMDYks4W2a.exe, 00000000.00000003.2236045591.000001E65D059000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
| Source: fMDYks4W2a.exe, 00000000.00000003.2181415237.000001E65D8BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://g.live.com/0CR%1/30 |
| Source: fMDYks4W2a.exe | String found in binary or memory: http://ns.adobe.queue |
| Source: fMDYks4W2a.exe, 00000000.00000003.2181415237.000001E65D8BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://oe.msn.msnmail.hotmail.com/cgi-bin/hmdata |
| Source: fMDYks4W2a.exe, 00000000.00000003.2264908029.000001E65CF51000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.cB |
| Source: fMDYks4W2a.exe, 00000000.00000003.2264908029.000001E65CF51000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://account.live.cBV2 |
| Source: fMDYks4W2a.exe, 00000000.00000003.2232861986.000001E65CF98000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://arc.msn.com/v4 |
| Source: fMDYks4W2a.exe, 00000000.00000003.2234057339.000001E65CF59000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.147.37?clientId=s:92C86F7C-DB2B-4F6A-95AD-98B |
| Source: fMDYks4W2a.exe, 00000000.00000003.2234057339.000001E65CF66000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.177.11?clientId=s:92C86F7C-DB2B-4F6A-95AD-98B |
| Source: fMDYks4W2a.exe | String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D119000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6 |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D0C9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/Prod.C: |
| Source: fMDYks4W2a.exe, 00000000.00000003.2236045591.000001E65D0B8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/Prod1C: |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D119000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2 |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D0FA000.00000004.00000020.00020000.00000000.sdmp, fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D13F000.00000004.00000020.00020000.00000000.sdmp, fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D119000.00000004.00000020.00020000.00000000.sdmp, fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D14B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C: |
| Source: fMDYks4W2a.exe, 00000000.00000003.2236045591.000001E65D059000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/ProdV21C: |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D119000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96 |
| Source: fMDYks4W2a.exe | String found in binary or memory: https://getsession.org/ |
| Source: fMDYks4W2a.exe, 00000000.00000003.2130986596.000001E65B2A2000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://i.imgur.com/mlUvWYT.jpeg |
| Source: fMDYks4W2a.exe, 00000000.00000002.2279784638.00007FF652978000.00000002.00000001.01000000.00000003.sdmp | String found in binary or memory: https://i.imgur.com/mlUvWYT.jpegd& |
| Source: fMDYks4W2a.exe | String found in binary or memory: https://i.imgur.com/mlUvWYT.jpegd&8 |
| Source: fMDYks4W2a.exe, 00000000.00000003.2232861986.000001E65CF98000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.microsoftonline.com/common |
| Source: fMDYks4W2a.exe, 00000000.00000003.2181415237.000001E65D8BE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://m-vnext.sqlazurelabs.com/ |
| Source: fMDYks4W2a.exe, 00000000.00000003.2212378863.000001E65D23F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://nexus.officeapps.live.comhttps://nexusrules.officeapps.live.com |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D119000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D0C9000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C: |
| Source: fMDYks4W2a.exe, 00000000.00000003.2238098280.000001E65D159000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe1C: |
| Source: fMDYks4W2a.exe, 00000000.00000003.2212378863.000001E65D23F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://otelrules.azureedge.net/rules/.bundlesdxhelper.exeFailed |
| Source: fMDYks4W2a.exe | String found in binary or memory: https://www.blockchain.com/) |
| Source: fMDYks4W2a.exe | String found in binary or memory: https://www.coinbase.com/) |
| Source: fMDYks4W2a.exe, 00000000.00000003.2212378863.000001E65D23F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
| Source: fMDYks4W2a.exe, 00000000.00000003.2174318452.000001E65D8B8000.00000004.00000020.00020000.00000000.sdmp, fMDYks4W2a.exe, 00000000.00000003.2174318452.000001E65D8E8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: CREATE TABLE SchemaVersions(schema_id INTEGER PRIMARY KEY NOT NULL, SchemaVersion INTEGER NOT NULL, GitSHA1 TEXT NOT NULL , UNIQUE (SchemaVersion, GitSHA1)); |
| Source: fMDYks4W2a.exe, 00000000.00000003.2212378863.000001E65D23F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
| Source: fMDYks4W2a.exe, 00000000.00000003.2212378863.000001E65D23F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
| Source: fMDYks4W2a.exe, 00000000.00000003.2212378863.000001E65D23F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
| Source: unknown | Process created: C:\Users\user\Desktop\fMDYks4W2a.exe "C:\Users\user\Desktop\fMDYks4W2a.exe" | |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Process created: C:\Windows\System32\net.exe "net" session | |
| Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 session | |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Process created: C:\Windows\System32\net.exe "net" session | Jump to behavior |
| Source: C:\Windows\System32\net.exe | Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 session | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: secur32.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: vcruntime140.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: cryptnet.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\System32\net.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Windows\System32\net.exe | Section loaded: wkscli.dll | Jump to behavior |
| Source: C:\Windows\System32\net.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\System32\net.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Windows\System32\net.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\System32\net.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\net1.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Windows\System32\net1.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\System32\net1.exe | Section loaded: dsrole.dll | Jump to behavior |
| Source: C:\Windows\System32\net1.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\System32\net1.exe | Section loaded: wkscli.dll | Jump to behavior |
| Source: C:\Windows\System32\net1.exe | Section loaded: logoncli.dll | Jump to behavior |
| Source: C:\Windows\System32\net1.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\ | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\ | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\ | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\ | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\Config\ | Jump to behavior |
| Source: C:\Users\user\Desktop\fMDYks4W2a.exe | File opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\Windows\ | Jump to behavior |
| Source: fMDYks4W2a.exe, 00000000.00000003.2174318452.000001E65D8E8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: elwKk1x5+9NJD0oC1Sm0PchOiV+3spsDahFOwVMcIA7E=/ |
| Source: fMDYks4W2a.exe, 00000000.00000003.2174318452.000001E65D8E8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: lwKk1x5+9NJD0oC1Sm0PchOiV+3spsDahFOwVMcIA7E=! |
| Source: fMDYks4W2a.exe, 00000000.00000003.2234057339.000001E65CF66000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: [10/03/23 13:11:26.031][MicrosoftEdgeUpdate:msedgeupdate][6164:6168][Send][url=https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.177.11?clientId=s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A&appBrandCode_edgeupdate=INBX&appBrandCode_webview=GGLS&appChannel_edgeupdate=6&appChannel_webview=5&appCohort_edgeupdate=rrf@0.24&appCohort_webview=rrf@0.75&appConsentState_edgeupdate=0&appConsentState_webview=0&appDayOfInstall_edgeupdate=0&appDayOfInstall_webview=6118&appInactivityBadgeApplied_edgeupdate=0&appInactivityBadgeApplied_webview=0&appInactivityBadgeCleared_edgeupdate=0&appInactivityBadgeCleared_webview=0&appInactivityBadgeDuration_edgeupdate=0&appInactivityBadgeDuration_webview=0&appInstallTimeDiffSec_edgeupdate=0&appInstallTimeDiffSec_webview=0&appIsPinnedSystem_edgeupdate=false&appIsPinnedSystem_webview=false&appLastLaunchCount_edgeupdate=0&appLastLaunchCount_webview=0&appLastLaunchTime_edgeupdate=0&appLastLaunchTimeJson_edgeupdate=0&appLastLaunchTimeDaysAgo_edgeupdate=0&appLastLaunchTime_webview=0&appLastLaunchTimeJson_webview=0&appLastLaunchTimeDaysAgo_webview=0&appUpdateCheckIsUpdateDisabled_edgeupdate=false&appUpdateCheckIsUpdateDisabled_webview=false&appUpdatesAllowedForMeteredNetworks_edgeupdate=false&appUpdatesAllowedForMeteredNetworks_webview=false&appVersion_edgeupdate=1.3.177.11&appVersion_webview=117.0.2045.47&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=2&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=VMware,%20Inc.&oemProductName=VMware20,1&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.2006&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=scheduler&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.177.11][request=][filename=] |
| Source: fMDYks4W2a.exe, 00000000.00000003.2234057339.000001E65CF59000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: [10/03/23 08:56:22.600][MicrosoftEdgeUpdate:msedgeupdate][3356:4472][Send][url=https://msedge.api.cdp.microsoft.com/api/v1.1/contents/Browser/namespaces/Default/names/msedgeupdate-stable-win-x86/versions/latest?action=select][request={"targetingAttributes":{"AppAp":"","AppBrandCode":"INBX","AppCohort":"","AppCohortHint":"","AppCohortName":"","AppLang":"","AppMajorVersion":"1","AppRollout":0.96,"AppTargetVersionPrefix":"","AppVersion":"1.3.147.37","ExpETag":"\"VPQoP1F+fq15wRzh1kPL4PMpWh8ORMB5izvrOC/chjQ=\"","HW_AVX":true,"HW_DiskType":2,"HW_LogicalCpus":2,"HW_PhysicalRamGB":4,"HW_SSE":true,"HW_SSE2":true,"HW_SSE3":true,"HW_SSE41":true,"HW_SSE42":true,"HW_SSSE3":true,"InstallSource":"core","IsInternalUser":false,"IsMachine":true,"OemProductManufacturer":"VMware, Inc.","OemProductName":"VMware20,1","OsArch":"x64","OsPlatform":"win","OsVersion":"10.0.19045.2006","Priority":0,"Updater":"MicrosoftEdgeUpdate","UpdaterVersion":"1.3.147.37"}}][filename=] |
| Source: fMDYks4W2a.exe, 00000000.00000003.2174318452.000001E65D8E8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: PXA5AScIvMCImrQWnUlK4F/6o1LRBi5HHuZNpAnWxvI=+ |
| Source: fMDYks4W2a.exe, 00000000.00000003.2234057339.000001E65CF66000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: [10/03/23 13:06:04.175][MicrosoftEdgeUpdate:msedgeupdate][8536:732][Send][url=https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.177.11?clientId=s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A&appChannel_webview=5&appConsentState_webview=0&appDayOfInstall_webview=-1&appInactivityBadgeApplied_webview=0&appInactivityBadgeCleared_webview=0&appInactivityBadgeDuration_webview=0&appInstallTimeDiffSec_webview=-86400&appIsPinnedSystem_webview=false&appLastLaunchCount_webview=0&appLastLaunchTime_webview=0&appLastLaunchTimeJson_webview=0&appLastLaunchTimeDaysAgo_webview=0&appVersion_webview=117.0.2045.47&appUpdateCheckIsUpdateDisabled_webview=false&appUpdatesAllowedForMeteredNetworks_webview=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=2&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=VMware,%20Inc.&oemProductName=VMware20,1&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.2006&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.177.11][request=][filename=] |
| Source: fMDYks4W2a.exe, 00000000.00000003.2174318452.000001E65D8E8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: eeKcxqaYUpQemuF/g4XeY+/GN/5r9nu6fcwnr/bvuY4c=/ |
| Source: fMDYks4W2a.exe, 00000000.00000003.2174318452.000001E65D8E8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: nHfHDfN6bsbeT8o/5kyYSl66SsuWvyQeMuXDlHbQfqo=9 |
| Source: fMDYks4W2a.exe, 00000000.00000003.2234057339.000001E65CF66000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: [10/03/23 13:05:09.866][MicrosoftEdgeUpdate:msedgeupdate][1336:8952][Send][url=https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.177.11?clientId=s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A&appChannel_edgeupdate=6&appConsentState_edgeupdate=0&appDayOfInstall_edgeupdate=0&appInactivityBadgeApplied_edgeupdate=0&appInactivityBadgeCleared_edgeupdate=0&appInactivityBadgeDuration_edgeupdate=0&appInstallTimeDiffSec_edgeupdate=0&appIsPinnedSystem_edgeupdate=false&appLastLaunchCount_edgeupdate=0&appLastLaunchTime_edgeupdate=0&appLastLaunchTimeJson_edgeupdate=0&appLastLaunchTimeDaysAgo_edgeupdate=0&appVersion_edgeupdate=1.3.177.11&appUpdateCheckIsUpdateDisabled_edgeupdate=false&appUpdatesAllowedForMeteredNetworks_edgeupdate=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=2&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=VMware,%20Inc.&oemProductName=VMware20,1&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.2006&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.177.11][request=][filename=] |
| Source: fMDYks4W2a.exe, 00000000.00000003.2234057339.000001E65CF66000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: [10/05/23 08:22:44.675][MicrosoftEdgeUpdate:msedgeupdate][9612:9436][Send][url=https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.177.11?clientId=s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A&appBrandCode_edgeupdate=INBX&appBrandCode_stable=INBX&appBrandCode_webview=GGLS&appChannel_edgeupdate=6&appChannel_stable=4&appChannel_webview=5&appCohort_edgeupdate=rrf@0.24&appCohort_webview=rrf@0.75&appConsentState_edgeupdate=0&appConsentState_stable=0&appConsentState_webview=0&appDayOfInstall_edgeupdate=0&appDayOfInstall_stable=0&appDayOfInstall_webview=6118&appInactivityBadgeApplied_edgeupdate=0&appInactivityBadgeApplied_stable=0&appInactivityBadgeApplied_webview=0&appInactivityBadgeCleared_edgeupdate=0&appInactivityBadgeCleared_stable=0&appInactivityBadgeCleared_webview=0&appInactivityBadgeDuration_edgeupdate=0&appInactivityBadgeDuration_stable=0&appInactivityBadgeDuration_webview=0&appInstallTimeDiffSec_edgeupdate=86400&appInstallTimeDiffSec_stable=0&appInstallTimeDiffSec_webview=86400&appIsPinnedSystem_edgeupdate=false&appIsPinnedSystem_stable=false&appIsPinnedSystem_webview=false&appLastLaunchCount_edgeupdate=0&appLastLaunchCount_stable=1&appLastLaunchCount_webview=0&appLastLaunchTime_edgeupdate=0&appLastLaunchTimeJson_edgeupdate=0&appLastLaunchTimeDaysAgo_edgeupdate=0&appLastLaunchTime_stable=13340960379323595&appLastLaunchTimeJson_stable=2023-10-05t06:19:39.323z&appLastLaunchTimeDaysAgo_stable=0&appLastLaunchTime_webview=0&appLastLaunchTimeJson_webview=0&appLastLaunchTimeDaysAgo_webview=0&appVersion_stable=117.0.2045.55&appUpdateCheckIsUpdateDisabled_edgeupdate=false&appUpdateCheckIsUpdateDisabled_stable=false&appUpdateCheckIsUpdateDisabled_webview=false&appUpdatesAllowedForMeteredNetworks_edgeupdate=false&appUpdatesAllowedForMeteredNetworks_stable=false&appUpdatesAllowedForMeteredNetworks_webview=false&appVersion_edgeupdate=1.3.177.11&appVersion_webview=117.0.2045.47&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=2&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=VMware,%20Inc.&oemProductName=VMware20,1&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.2006&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=scheduler&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.177.11][request=][filename=] |
| Source: fMDYks4W2a.exe, 00000000.00000003.2234057339.000001E65CF59000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: [10/03/23 08:56:35.318][MicrosoftEdgeUpdate:msedgeupdate][4092:4100][Send][url=https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.147.37?clientId=s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A&appBrandCode_stable=INBX&appChannel_stable=4&appConsentState_stable=0&appDayOfInstall_stable=0&appInstallTimeDiffSec_stable=0&appLastLaunchTime_stable=0&appUpdateCheckIsUpdateDisabled_stable=false&appVersion_stable=92.0.902.67&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=2&hwPhysmemory=4&isMsftDomainJoined=false&oemProductManufacturer=VMware,%20Inc.&oemProductName=VMware20,1&osArch=x64&osPlatform=win&osVersion=10.0.19045.2006&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=core&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.147.37][request=][filename=] |
| Source: fMDYks4W2a.exe, 00000000.00000003.2174318452.000001E65D8E8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: enHfHDfN6bsbeT8o/5kyYSl66SsuWvyQeMuXDlHbQfqo=/ |
| Source: fMDYks4W2a.exe, 00000000.00000003.2234057339.000001E65CF66000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: [10/03/23 13:05:10.568][MicrosoftEdgeUpdate:msedgeupdate][4796:8636][Send][url=https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates][request=[{"Product":"msedgewebview-stable-win-x64","targetingAttributes":{"AppAp":"","AppBrandCode":"","AppCohort":"","AppCohortHint":"","AppCohortName":"","AppLang":"","AppMajorVersion":"","AppRollout":0.63,"AppTargetVersionPrefix":"","AppVersion":"","ExpETag":"\"VPQoP1F+fq15wRzh1kPL4PMpWh8ORMB5izvrOC/chjQ=\"","HW_AVX":true,"HW_DiskType":2,"HW_LogicalCpus":2,"HW_PhysicalRamGB":4,"HW_SSE":true,"HW_SSE2":true,"HW_SSE3":true,"HW_SSE41":true,"HW_SSE42":true,"HW_SSSE3":true,"InstallSource":"otherinstallcmd","IsInternalUser":false,"IsMachine":true,"IsWIP":false,"OemProductManufacturer":"VMware, Inc.","OemProductName":"VMware20,1","OsArch":"x64","OsPlatform":"win","OsRegionDMA":false,"OsRegionName":"CH","OsRegionNation":"223","OsVersion":"10.0.19045.2006","Priority":10,"Updater":"MicrosoftEdgeUpdate","UpdaterVersion":"1.3.177.11","WIPBranch":""}}]][filename=] |
| Source: fMDYks4W2a.exe, 00000000.00000003.2174318452.000001E65D8E8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: ePXA5AScIvMCImrQWnUlK4F/6o1LRBi5HHuZNpAnWxvI=/ |
| Source: fMDYks4W2a.exe, 00000000.00000003.2234057339.000001E65CF66000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: [10/05/23 08:21:22.527][MicrosoftEdgeUpdate:msedgeupdate][10084:4916][Send][url=https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates][request=[{"Product":"msedgeupdate-stable-win-x86","targetingAttributes":{"AppAp":"","AppBrandCode":"INBX","AppCohort":"rrf@0.24","AppCohortHint":"","AppCohortName":"","AppLang":"","AppMajorVersion":"1","AppRollout":0.24,"AppTargetVersionPrefix":"","AppVersion":"1.3.177.11","ExpETag":"\"VPQoP1F+fq15wRzh1kPL4PMpWh8ORMB5izvrOC/chjQ=\"","HW_AVX":true,"HW_DiskType":2,"HW_LogicalCpus":2,"HW_PhysicalRamGB":4,"HW_SSE":true,"HW_SSE2":true,"HW_SSE3":true,"HW_SSE41":true,"HW_SSE42":true,"HW_SSSE3":true,"InstallSource":"scheduler","IsInternalUser":false,"IsMachine":true,"IsWIP":false,"OemProductManufacturer":"VMware, Inc.","OemProductName":"VMware20,1","OsArch":"x64","OsPlatform":"win","OsRegionDMA":false,"OsRegionName":"CH","OsRegionNation":"223","OsVersion":"10.0.19045.2006","Priority":0,"Updater":"MicrosoftEdgeUpdate","UpdaterVersion":"1.3.177.11","WIPBranch":""}},{"Product":"msedge-stable-win-x64","targetingAttributes":{"AppAp":"","AppBrandCode":"INBX","AppCohort":"","AppCohortHint":"","AppCohortName":"","AppLang":"","AppMajorVersion":"117","AppRollout":0.04,"AppTargetVersionPrefix":"","AppVersion":"117.0.2045.47","ExpETag":"\"VPQoP1F+fq15wRzh1kPL4PMpWh8ORMB5izvrOC/chjQ=\"","HW_AVX":true,"HW_DiskType":2,"HW_LogicalCpus":2,"HW_PhysicalRamGB":4,"HW_SSE":true,"HW_SSE2":true,"HW_SSE3":true,"HW_SSE41":true,"HW_SSE42":true,"HW_SSSE3":true,"InstallSource":"scheduler","IsInternalUser":false,"IsMachine":true,"IsWIP":false,"OemProductManufacturer":"VMware, Inc.","OemProductName":"VMware20,1","OsArch":"x64","OsPlatform":"win","OsRegionDMA":false,"OsRegionName":"CH","OsRegionNation":"223","OsVersion":"10.0.19045.2006","Priority":0,"Updater":"MicrosoftEdgeUpdate","UpdaterVersion":"1.3.177.11","WIPBranch":""}},{"Product":"msedgewebview-stable-win-x64","targetingAttributes":{"AppAp":"","AppBrandCode":"GGLS","AppCohort":"rrf@0.75","AppCohortHint":"","AppCohortName":"","AppLang":"","AppMajorVersion":"117","AppRollout":0.75,"AppTargetVersionPrefix":"","AppVersion":"117.0.2045.47","ExpETag":"\"VPQoP1F+fq15wRzh1kPL4PMpWh8ORMB5izvrOC/chjQ=\"","HW_AVX":true,"HW_DiskType":2,"HW_LogicalCpus":2,"HW_PhysicalRamGB":4,"HW_SSE":true,"HW_SSE2":true,"HW_SSE3":true,"HW_SSE41":true,"HW_SSE42":true,"HW_SSSE3":true,"InstallSource":"scheduler","IsInternalUser":false,"IsMachine |
Edit tour
fMDYks4W2a.exe (PID: 2656 cmdline: 
conhost.exe (PID: 3320 cmdline: 
