Windows Analysis Report
{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml

Overview

General Information

Sample name: {89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml
Analysis ID: 1541101
MD5: 2d3c508321b32b43ee4192d54bc0ed15
SHA1: e60a6dc0e6374c5adffce59e1b34635769e39767
SHA256: 96003b2bc14e105d7649310c9f5f0cb1b71c809a17b07a6456be4e4841cba187
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Potential browser exploit detected (process start blacklist hit)
Sigma detected: Use Short Name Path in Command Line

Classification

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
Source: Joe Sandbox View IP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 172.64.41.3 172.64.41.3
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown TCP traffic detected without corresponding DNS query: 23.218.232.185
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1730370312&P2=404&P3=2&P4=CRZF1LDXsqws7CBJZ6V7OUHNF7jy64ulhnPdvEkt51hRSvw%2baaHOaMlD29YRKeFdxjMIDLnGJlk%2bfIyzZUl6yw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: fYgkVLIQWmc10c8o/2zhxNSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: 000003.log.9.dr String found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log.9.dr String found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log.9.dr String found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: msapplication.xml1.2.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x144b3694,0x01db25ff</date><accdate>0x144d98c1,0x01db25ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml6.2.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x14525df8,0x01db25ff</date><accdate>0x14525df8,0x01db25ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml8.2.dr String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x14525df8,0x01db25ff</date><accdate>0x14525df8,0x01db25ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknown HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: msapplication.xml.2.dr String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml2.2.dr String found in binary or memory: http://www.google.com/
Source: msapplication.xml3.2.dr String found in binary or memory: http://www.live.com/
Source: msapplication.xml4.2.dr String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml5.2.dr String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml6.2.dr String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml7.2.dr String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml8.2.dr String found in binary or memory: http://www.youtube.com/
Source: manifest.json0.9.dr String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.9.dr String found in binary or memory: https://chromewebstore.google.com/
Source: ad01b382-c09e-4199-b5ca-ce545204d3e2.tmp.10.dr, c1a9dd93-23a1-4e5b-ad6c-e84ac4f2a7d5.tmp.10.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json.9.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: ad01b382-c09e-4199-b5ca-ce545204d3e2.tmp.10.dr, c1a9dd93-23a1-4e5b-ad6c-e84ac4f2a7d5.tmp.10.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json.9.dr String found in binary or memory: https://docs.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.9.dr String found in binary or memory: https://drive.google.com/
Source: ad01b382-c09e-4199-b5ca-ce545204d3e2.tmp.10.dr String found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.log.9.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
Source: 000003.log.9.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log.9.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log.9.dr String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: content_new.js.9.dr, content.js.9.dr String found in binary or memory: https://www.google.com/chrome
Source: ad01b382-c09e-4199-b5ca-ce545204d3e2.tmp.10.dr String found in binary or memory: https://www.googleapis.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: classification engine Classification label: clean2.winXML@49/219@8/5
Source: C:\Program Files\Internet Explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DFA8146A3F7DD53FBF.TMP Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml"
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml
Source: C:\Program Files\Internet Explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7348 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2044,i,16802615332830959518,16888877389882489269,262144 /prefetch:3
Source: unknown Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492 --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=1996,i,865180387715092134,7946586055113773520,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6000 --field-trial-handle=1996,i,865180387715092134,7946586055113773520,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7348 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492 Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=2044,i,16802615332830959518,16888877389882489269,262144 /prefetch:3 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=1996,i,865180387715092134,7946586055113773520,262144 /prefetch:3 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6000 --field-trial-handle=1996,i,865180387715092134,7946586055113773520,262144 /prefetch:8 Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: appvisvsubsystems32.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: c2r32.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: slc.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: Web Data.9.dr Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Web Data.9.dr Binary or memory string: discord.comVMware20,11696428655f
Source: Web Data.9.dr Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.9.dr Binary or memory string: global block list test formVMware20,11696428655
Source: Web Data.9.dr Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.9.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.9.dr Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Web Data.9.dr Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: Web Data.9.dr Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.9.dr Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.9.dr Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Web Data.9.dr Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.9.dr Binary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.9.dr Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.9.dr Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.9.dr Binary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.9.dr Binary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.9.dr Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.9.dr Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.9.dr Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.9.dr Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.9.dr Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: ie_to_edge_stub.exe, 00000004.00000002.2073943203.0000027AD3045000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Prod_VMware_SATA_CD00#4&224f42ef&0&00000
Source: Web Data.9.dr Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.9.dr Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Web Data.9.dr Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\{89eeeac4-e4d3-40a8-9048-e7cecfc98851}.xml Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10492 Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs