Windows Analysis Report
PUESTO.zip

Overview

General Information

Sample name:	PUESTO.zip
Analysis ID:	1542214
MD5:	0cf1dcd8733817ea870b6722abfac4f7
SHA1:	3de94ab5e4343220cbbc8251861c82be1a125f9e
SHA256:	44bb56713e672c1f09f7cf7a37ea92a328b427f6d30b6b823e48198ee0c95965
Infos:

Detection

Score:	6
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Potential browser exploit detected (process start blacklist hit)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Use Short Name Path in Command Line

Classification

Signatures

Source: file:///C:/Users/user/Desktop/PUESTO/PUESTO/bin/bin/DIMSA.Negocios.General.xml

HTTP Parser: No favicon

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49707 version: TLS 1.2

Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Datos\obj\Debug\DIMSA.Datos.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2449581138.0000000006292000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: bin/DIMSA.Modulos.Operaciones.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.InterfacesBCT.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: A bin/DIMSA.Modulos.Portafolio.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Clientes.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Bancos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Normativa.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Custodia.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Componentes\Windows\FormasBase\obj\Debug\DIMSA.Componentes.FormasBase.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2455694318.0000000008912000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: bin/DIMSA.Principal.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.CRM.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Windows\Principal\obj\Debug\DIMSA.Principal.pdb source: DIMSA.Principal.exe, 0000000B.00000000.1611998060.0000000000C12000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: bin/DIMSA.Datos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Contabilidad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.Controles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Auditoria.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Portafolio.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Servicios\Utiles\obj\Debug\DIMSA.Servicios.Utiles.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2447439775.0000000005AA6000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Negocios\Negocios\obj\Debug\DIMSA.Negocios.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2448194807.0000000005CB2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: bin/DIMSA.Servicios.Utiles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Servicios\Datos\obj\Debug\DIMSA.Servicios.Datos.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2455054991.000000000868C000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: 'bin/DIMSA.Componentes.FormasBase_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Servicios.Datos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Negocios.General.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Sistemas.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Seguridad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.General.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Componentes\Windows\Controles\obj\Debug\DIMSA.Componentes.Controles.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2448006122.0000000005C72000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: &bin/DIMSA.Componentes.Controles_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Negocios.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.FormasBase.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: $bin/DIMSA.Componentes.FormasBase.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: !bin/DIMSA.Modulos.Operaciones.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: ,"bin/DIMSA.Modulos.Contabilidad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: #bin/DIMSA.Componentes.Controles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.Controles_CS.pdb source: PUESTO.zip, bin.zip

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\bin\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\	Jump to behavior

Potential browser exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 13.107.5.80 13.107.5.80
Source: Joe Sandbox View	IP Address: 13.107.246.57 13.107.246.57
Source: Joe Sandbox View	IP Address: 94.245.104.56 94.245.104.56

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=V1kcXRRrYdrdoxk&MD=EcXYUNOg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=V1kcXRRrYdrdoxk&MD=EcXYUNOg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fwlink/?linkid=2195291 HTTP/1.1Host: go.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BHaJzdft.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/entry.BKNo5zv8.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/RrmR7gq6.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BM5S_dgO.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/fluent.DQUrPGx4.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonButton.DsE7i96M.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/B_tnkFzv.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/MediaItemDynamic.D7Wfl_n_.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BnLooRZN.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/experiments.Dj6f7dZD.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/EmbedSearchAdvanced.EqXPeozx.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/Bcoy3nbI.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CC9zzU9K.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/0j1E9oWO.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ChannelEulaPopup.BfTfDDP2.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CTr4L9Xs.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/edge-icon.inU5tFXA.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/Mi3qrYoY.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/FocusStepper.DHb6_Xco.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/C5scFKhX.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/C58VzGeh.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CbvVkDOI.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/Cz0CWeBA.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/1srgkU_i.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/logos/5a74283229e24d0ca59fb94ed941c3a0.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/PxTransitionExpand.CmhpY4_t.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ActionList.CLFPw20V.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BannerDefault.Do6COboj.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonDialog.ClbiGNu7.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ActionBrowserFeature.SpSLu4Zn.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/PxBalancedText.kZBONQez.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonHeading.BSHwE-1M.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/SlideBackground.BnPjvgv-.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/PxDropdown.BvA1M7nr.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonTag.ygB6C9WU.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/_...DNNeeoNo.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/C6afkfo1.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CQdQvNd8.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BGL6qUKg.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/DKuvVT1G.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/Cl9Fc0TW.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/LWKN4aLC.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/segoeui-vf-display.BxQqxUD_.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/_nuxt/entry.BKNo5zv8.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BiTr9abB.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CC7sAtI0.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/q4GEmURe.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/vhIJ2iW6.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BRD2Wkkp.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CHAjejZk.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/XXmp3VOr.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/fH14xvPR.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/7fwckbk1.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/C305Xuyx.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: "url": "http://www.facebook.com/" equals www.facebook.com (Facebook)
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: "url": "http://www.twitter.com/" equals www.twitter.com (Twitter)
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: "url": "http://www.youtube.com/" equals www.youtube.com (Youtube)
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: SiteList.xml.26.dr	String found in binary or memory: <site url="www.yahoo.co.jp"> equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundX-Cache: CONFIG_NOCACHEAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionX-MSEdge-Ref: Ref A: FF01B12BBADE490F9FEEE42D6766BBA8 Ref B: DFW311000103039 Ref C: 2024-10-25T14:50:31ZDate: Fri, 25 Oct 2024 14:50:31 GMTConnection: closeContent-Length: 0

Source: DIMSA.Principal.exe, 0000000B.00000002.2444655253.00000000037C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://1.8.5.61/ServicioWebBCT/BCTService.svc
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.amazon.com/
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.google.com/
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.live.com/
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.nytimes.com/
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.reddit.com/
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.twitter.com/
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.wikipedia.com/
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.youtube.com/
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://bard.google.com/
Source: Web Data.26.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.26.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.26.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: manifest.json.26.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.26.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.26.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.26.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log3.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log3.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log0.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr, HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log3.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr, HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log3.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://gaana.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://m.kugou.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://m.soundcloud.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://m.vk.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://music.amazon.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://music.apple.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://music.yandex.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://open.spotify.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://tidal.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://twitter.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://vibe.naver.com/today
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://web.telegram.org/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://web.whatsapp.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.deezer.com/
Source: Web Data.26.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.instagram.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.last.fm/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.messenger.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.office.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.tiktok.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.youtube.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49707 version: TLS 1.2

Detected potential crypto function

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Code function: 11_2_09717760	11_2_09717760
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Code function: 11_2_09714780	11_2_09714780
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Code function: 11_2_09710CB8	11_2_09710CB8

Source: classification engine

Classification label: clean6.winZIP@57/210@10/10

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery

Jump to behavior

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

Mutant created: NULL

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFE947715A5CB6E41F.TMP

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System information queried: HandleInformation

Source: C:\Program Files\Internet Explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: DIMSA.Principal.exe, 0000000B.00000002.2448194807.0000000005CB2000.00000002.00000001.01000000.00000008.sdmp

Binary or memory string: INSERT INTO RIE_TMP_MONTECARLO(num_secuencia, num_dia, mon_secuencia, cod_emision) VALUES (@num_secuencia, @num_dia, @mon_secuencia, @cod_emision); SELECT num_secuencia, num_dia, mon_secuencia, cod_emision FROM RIE_TMP_MONTECARLO WHERE (cod_emision = @cod_emision) AND (num_dia = @num_dia) AND (num_secuencia = @num_secuencia)

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe "C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.General.xml"
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.General.xml
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202c4
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202c4
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:3
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:333058 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:529666 /prefetch:2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6028 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7060 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1156
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.General.xml	Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202c4	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:333058 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:529666 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202c4	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6028 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7060 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1156

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: appvisvsubsystems32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: c2r32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge_elf.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winnsi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office

Jump to behavior

Source: PUESTO.zip

Static file information: File size 41093246 > 1048576

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Datos\obj\Debug\DIMSA.Datos.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2449581138.0000000006292000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: bin/DIMSA.Modulos.Operaciones.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.InterfacesBCT.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: A bin/DIMSA.Modulos.Portafolio.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Clientes.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Bancos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Normativa.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Custodia.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Componentes\Windows\FormasBase\obj\Debug\DIMSA.Componentes.FormasBase.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2455694318.0000000008912000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: bin/DIMSA.Principal.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.CRM.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Windows\Principal\obj\Debug\DIMSA.Principal.pdb source: DIMSA.Principal.exe, 0000000B.00000000.1611998060.0000000000C12000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: bin/DIMSA.Datos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Contabilidad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.Controles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Auditoria.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Portafolio.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Servicios\Utiles\obj\Debug\DIMSA.Servicios.Utiles.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2447439775.0000000005AA6000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Negocios\Negocios\obj\Debug\DIMSA.Negocios.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2448194807.0000000005CB2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: bin/DIMSA.Servicios.Utiles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Servicios\Datos\obj\Debug\DIMSA.Servicios.Datos.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2455054991.000000000868C000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: 'bin/DIMSA.Componentes.FormasBase_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Servicios.Datos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Negocios.General.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Sistemas.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Seguridad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.General.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Componentes\Windows\Controles\obj\Debug\DIMSA.Componentes.Controles.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2448006122.0000000005C72000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: &bin/DIMSA.Componentes.Controles_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Negocios.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.FormasBase.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: $bin/DIMSA.Componentes.FormasBase.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: !bin/DIMSA.Modulos.Operaciones.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: ,"bin/DIMSA.Modulos.Contabilidad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: #bin/DIMSA.Componentes.Controles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.Controles_CS.pdb source: PUESTO.zip, bin.zip

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Memory allocated: 1B20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Memory allocated: 37C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Memory allocated: 57C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Thread delayed: delay time: 240000			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Window / User API: threadDelayed 438			Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Window / User API: threadDelayed 8511			Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe TID: 7012	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe TID: 7012	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe TID: 7012	Thread sleep time: -13140000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe TID: 7008	Thread sleep time: -91500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe TID: 7008	Thread sleep time: -4255500s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Thread delayed: delay time: 240000	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\bin\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\	Jump to behavior

Source: Web Data.26.dr	Binary or memory string: ms.portal.azure.comVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696586537u
Source: Web Data.26.dr	Binary or memory string: AMC password management pageVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: turbotax.intuit.comVMware20,11696586537t
Source: Web Data.26.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: discord.comVMware20,11696586537f
Source: Web Data.26.dr	Binary or memory string: dev.azure.comVMware20,11696586537j
Source: Web Data.26.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537x
Source: Web Data.26.dr	Binary or memory string: tasks.office.comVMware20,11696586537o
Source: Web Data.26.dr	Binary or memory string: bankofamerica.comVMware20,11696586537x
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: interactivebrokers.comVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696586537h
Source: Web Data.26.dr	Binary or memory string: global block list test formVMware20,11696586537
Source: DIMSA.Principal.exe, 0000000B.00000002.2441704515.00000000017F3000.00000004.00000020.00020000.00000000.sdmp, cookie_exporter.exe, 00000023.00000002.2321556009.000001FD2A446000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.26.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696586537\|UE
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696586537]
Source: Web Data.26.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696586537d
Source: Web Data.26.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537}
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696586537p
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696586537z
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696586537n
Source: Web Data.26.dr	Binary or memory string: outlook.office.comVMware20,11696586537s
Source: Web Data.26.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696586537}
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696586537
Source: DIMSA.Principal.exe, 0000000B.00000002.2441704515.0000000001777000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW>
Source: Web Data.26.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537^
Source: Web Data.26.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696586537x
Source: Web Data.26.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696586537~
Source: Web Data.26.dr	Binary or memory string: outlook.office365.comVMware20,11696586537t

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.General.xml			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202c4			Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Datos.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Datos.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Servicios.Utiles.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Servicios.Utiles.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Componentes.Controles.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Componentes.Controles.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Componentes.FormasBase.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Componentes.FormasBase.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Servicios.Datos.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Servicios.Datos.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\Oracle.DataAccess.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\Oracle.DataAccess.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\Sybase.Data.AseClient.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\Sybase.Data.AseClient.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.5.80	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.70	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.212.161	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
173.223.110.175	unknown	United States	16625	AKAMAI-ASUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17

Contacted Domains

Name	IP	Active
chrome.cloudflare-dns.com	172.64.41.3	true
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true
googlehosted.l.googleusercontent.com	216.58.212.161	true
sni1gl.wpc.nucdn.net	152.199.21.175	true
clients2.googleusercontent.com	unknown	unknown
bzib.nelreports.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://services.bingapis.com/undersideproactive/api/v1/trigger	false		unknown
https://clients2.googleusercontent.com/crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx	false		unknown
file:///C:/Users/user/Desktop/PUESTO/PUESTO/bin/bin/DIMSA.Negocios.General.xml	false		unknown
https://chrome.cloudflare-dns.com/dns-query	false	URL Reputation: safe	unknown

Source: file:///C:/Users/user/Desktop/PUESTO/PUESTO/bin/bin/DIMSA.Negocios.General.xml

HTTP Parser: No favicon

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49707 version: TLS 1.2

Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Datos\obj\Debug\DIMSA.Datos.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2449581138.0000000006292000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: bin/DIMSA.Modulos.Operaciones.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.InterfacesBCT.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: A bin/DIMSA.Modulos.Portafolio.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Clientes.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Bancos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Normativa.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Custodia.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Componentes\Windows\FormasBase\obj\Debug\DIMSA.Componentes.FormasBase.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2455694318.0000000008912000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: bin/DIMSA.Principal.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.CRM.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Windows\Principal\obj\Debug\DIMSA.Principal.pdb source: DIMSA.Principal.exe, 0000000B.00000000.1611998060.0000000000C12000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: bin/DIMSA.Datos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Contabilidad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.Controles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Auditoria.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Portafolio.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Servicios\Utiles\obj\Debug\DIMSA.Servicios.Utiles.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2447439775.0000000005AA6000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Negocios\Negocios\obj\Debug\DIMSA.Negocios.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2448194807.0000000005CB2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: bin/DIMSA.Servicios.Utiles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Servicios\Datos\obj\Debug\DIMSA.Servicios.Datos.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2455054991.000000000868C000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: 'bin/DIMSA.Componentes.FormasBase_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Servicios.Datos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Negocios.General.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Sistemas.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Seguridad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.General.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Componentes\Windows\Controles\obj\Debug\DIMSA.Componentes.Controles.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2448006122.0000000005C72000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: &bin/DIMSA.Componentes.Controles_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Negocios.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.FormasBase.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: $bin/DIMSA.Componentes.FormasBase.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: !bin/DIMSA.Modulos.Operaciones.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: ,"bin/DIMSA.Modulos.Contabilidad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: #bin/DIMSA.Componentes.Controles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.Controles_CS.pdb source: PUESTO.zip, bin.zip

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\bin\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\	Jump to behavior

Potential browser exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

HTTP GET or POST without a user agent

Source: global traffic

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 13.107.5.80 13.107.5.80
Source: Joe Sandbox View	IP Address: 13.107.246.57 13.107.246.57
Source: Joe Sandbox View	IP Address: 94.245.104.56 94.245.104.56

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=V1kcXRRrYdrdoxk&MD=EcXYUNOg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=V1kcXRRrYdrdoxk&MD=EcXYUNOg HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fwlink/?linkid=2195291 HTTP/1.1Host: go.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BHaJzdft.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/entry.BKNo5zv8.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/RrmR7gq6.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BM5S_dgO.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/fluent.DQUrPGx4.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonButton.DsE7i96M.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/B_tnkFzv.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/MediaItemDynamic.D7Wfl_n_.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BnLooRZN.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/experiments.Dj6f7dZD.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/EmbedSearchAdvanced.EqXPeozx.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/Bcoy3nbI.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CC9zzU9K.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/0j1E9oWO.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ChannelEulaPopup.BfTfDDP2.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CTr4L9Xs.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/edge-icon.inU5tFXA.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/Mi3qrYoY.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/FocusStepper.DHb6_Xco.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/C5scFKhX.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/C58VzGeh.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CbvVkDOI.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/Cz0CWeBA.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/1srgkU_i.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/logos/5a74283229e24d0ca59fb94ed941c3a0.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/PxTransitionExpand.CmhpY4_t.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ActionList.CLFPw20V.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BannerDefault.Do6COboj.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonDialog.ClbiGNu7.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/ActionBrowserFeature.SpSLu4Zn.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/PxBalancedText.kZBONQez.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonHeading.BSHwE-1M.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/SlideBackground.BnPjvgv-.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/PxDropdown.BvA1M7nr.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CommonTag.ygB6C9WU.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/_...DNNeeoNo.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/C6afkfo1.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CQdQvNd8.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BGL6qUKg.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/DKuvVT1G.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/Cl9Fc0TW.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/LWKN4aLC.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/segoeui-vf-display.BxQqxUD_.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/_nuxt/entry.BKNo5zv8.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BiTr9abB.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CC7sAtI0.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/q4GEmURe.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/vhIJ2iW6.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/BRD2Wkkp.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/CHAjejZk.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/XXmp3VOr.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/fH14xvPR.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/7fwckbk1.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/_nuxt/C305Xuyx.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: "url": "http://www.facebook.com/" equals www.facebook.com (Facebook)
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: "url": "http://www.twitter.com/" equals www.twitter.com (Twitter)
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: "url": "http://www.youtube.com/" equals www.youtube.com (Youtube)
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: SiteList.xml.26.dr	String found in binary or memory: <site url="www.yahoo.co.jp"> equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net

Source: unknown

Source: global traffic

Source: DIMSA.Principal.exe, 0000000B.00000002.2444655253.00000000037C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://1.8.5.61/ServicioWebBCT/BCTService.svc
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.amazon.com/
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.google.com/
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.live.com/
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.nytimes.com/
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.reddit.com/
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.twitter.com/
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.wikipedia.com/
Source: c8e88c1e-55a1-4012-9a42-db488f2dfc0e.tmp.26.dr	String found in binary or memory: http://www.youtube.com/
Source: DIMSA.Principal.exe, 0000000B.00000002.2453225153.0000000008162000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://bard.google.com/
Source: Web Data.26.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.26.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json.26.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: manifest.json.26.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.26.dr	String found in binary or memory: https://drive.google.com/
Source: Web Data.26.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.26.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.26.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 000003.log3.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log3.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log0.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr, HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log3.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr, HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log3.26.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://gaana.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://m.kugou.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://m.soundcloud.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://m.vk.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://music.amazon.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://music.apple.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://music.yandex.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://open.spotify.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://tidal.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://twitter.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://vibe.naver.com/today
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://web.telegram.org/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://web.whatsapp.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.deezer.com/
Source: Web Data.26.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.instagram.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.last.fm/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.messenger.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.office.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.tiktok.com/
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://www.youtube.com
Source: e7c53983-f061-4fdb-8a13-196b84d799b3.tmp.26.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49701 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49707 version: TLS 1.2

Detected potential crypto function

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Code function: 11_2_09717760	11_2_09717760
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Code function: 11_2_09714780	11_2_09714780
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Code function: 11_2_09710CB8	11_2_09710CB8

Source: classification engine

Classification label: clean6.winZIP@57/210@10/10

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery

Jump to behavior

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

Mutant created: NULL

Source: C:\Program Files\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFE947715A5CB6E41F.TMP

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System information queried: HandleInformation

Source: C:\Program Files\Internet Explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: DIMSA.Principal.exe, 0000000B.00000002.2448194807.0000000005CB2000.00000002.00000001.01000000.00000008.sdmp

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe "C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe"
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.General.xml"
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.General.xml
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202c4
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202c4
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:3
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:333058 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:529666 /prefetch:2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6028 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7060 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1156
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.General.xml	Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202c4	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:333058 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3964 CREDAT:529666 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202c4	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6028 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6956 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7060 --field-trial-handle=1996,i,16843677924463720048,2768008526204556817,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1156

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: appvisvsubsystems32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: c2r32.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge_elf.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winnsi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office

Jump to behavior

Source: PUESTO.zip

Static file information: File size 41093246 > 1048576

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Datos\obj\Debug\DIMSA.Datos.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2449581138.0000000006292000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: bin/DIMSA.Modulos.Operaciones.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.InterfacesBCT.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: A bin/DIMSA.Modulos.Portafolio.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Clientes.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.FormasBase_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Bancos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Normativa.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Custodia.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Componentes\Windows\FormasBase\obj\Debug\DIMSA.Componentes.FormasBase.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2455694318.0000000008912000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: bin/DIMSA.Principal.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.CRM.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Windows\Principal\obj\Debug\DIMSA.Principal.pdb source: DIMSA.Principal.exe, 0000000B.00000000.1611998060.0000000000C12000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: bin/DIMSA.Datos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Contabilidad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.Controles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Auditoria.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Portafolio.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Servicios\Utiles\obj\Debug\DIMSA.Servicios.Utiles.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2447439775.0000000005AA6000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Sistemas\Puesto de Bolsa\Negocios\Negocios\obj\Debug\DIMSA.Negocios.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2448194807.0000000005CB2000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: bin/DIMSA.Servicios.Utiles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Servicios\Datos\obj\Debug\DIMSA.Servicios.Datos.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2455054991.000000000868C000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: 'bin/DIMSA.Componentes.FormasBase_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Servicios.Datos.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Negocios.General.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Sistemas.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Seguridad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.General.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: C:\CONTROL_DE_VERSIONES\SIB_BCT\SIB_NET\SISTEMAS\Componentes\Windows\Controles\obj\Debug\DIMSA.Componentes.Controles.pdb source: DIMSA.Principal.exe, 0000000B.00000002.2448006122.0000000005C72000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: &bin/DIMSA.Componentes.Controles_CS.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Negocios.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Modulos.Valoracion.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.FormasBase.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: $bin/DIMSA.Componentes.FormasBase.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: !bin/DIMSA.Modulos.Operaciones.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: ,"bin/DIMSA.Modulos.Contabilidad.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: #bin/DIMSA.Componentes.Controles.pdb source: PUESTO.zip, bin.zip
Source:	Binary string: bin/DIMSA.Componentes.Controles_CS.pdb source: PUESTO.zip, bin.zip

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Memory allocated: 1B20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Memory allocated: 37C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Memory allocated: 57C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Thread delayed: delay time: 240000			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Window / User API: threadDelayed 438			Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Window / User API: threadDelayed 8511			Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe TID: 7012	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe TID: 7012	Thread sleep time: -240000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe TID: 7012	Thread sleep time: -13140000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe TID: 7008	Thread sleep time: -91500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe TID: 7008	Thread sleep time: -4255500s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Thread delayed: delay time: 240000	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\PUESTO\bin\	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	File opened: C:\Users\user\Desktop\PUESTO\	Jump to behavior

Source: Web Data.26.dr	Binary or memory string: ms.portal.azure.comVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696586537u
Source: Web Data.26.dr	Binary or memory string: AMC password management pageVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: turbotax.intuit.comVMware20,11696586537t
Source: Web Data.26.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: discord.comVMware20,11696586537f
Source: Web Data.26.dr	Binary or memory string: dev.azure.comVMware20,11696586537j
Source: Web Data.26.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537x
Source: Web Data.26.dr	Binary or memory string: tasks.office.comVMware20,11696586537o
Source: Web Data.26.dr	Binary or memory string: bankofamerica.comVMware20,11696586537x
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: interactivebrokers.comVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696586537h
Source: Web Data.26.dr	Binary or memory string: global block list test formVMware20,11696586537
Source: DIMSA.Principal.exe, 0000000B.00000002.2441704515.00000000017F3000.00000004.00000020.00020000.00000000.sdmp, cookie_exporter.exe, 00000023.00000002.2321556009.000001FD2A446000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.26.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696586537\|UE
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696586537]
Source: Web Data.26.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696586537d
Source: Web Data.26.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696586537}
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696586537
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696586537p
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696586537z
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696586537n
Source: Web Data.26.dr	Binary or memory string: outlook.office.comVMware20,11696586537s
Source: Web Data.26.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696586537}
Source: Web Data.26.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696586537
Source: DIMSA.Principal.exe, 0000000B.00000002.2441704515.0000000001777000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW>
Source: Web Data.26.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696586537^
Source: Web Data.26.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696586537x
Source: Web Data.26.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696586537~
Source: Web Data.26.dr	Binary or memory string: outlook.office365.comVMware20,11696586537t

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.General.xml			Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=202c4			Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Negocios.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Datos.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Datos.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Servicios.Utiles.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Servicios.Utiles.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Componentes.Controles.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Componentes.Controles.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Componentes.FormasBase.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Componentes.FormasBase.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Servicios.Datos.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Servicios.Datos.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\Oracle.DataAccess.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\Oracle.DataAccess.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\Sybase.Data.AseClient.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\Sybase.Data.AseClient.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\PUESTO\PUESTO\bin\bin\DIMSA.Principal.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1542214
Product:	CloudBasic
Start time:	16:47:57
Start date:	25.10.2024
Sample:	PUESTO.zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	0cf1dcd8733817ea870b6722abfac4f7
SHA1:	3de94ab5e4343220cbbc8251861c82be1a125f9e
SHA256:	44bb56713e672c1f09f7cf7a37ea92a328b427f6d30b6b823e48198ee0c95965
Filetype:	ZIP compressed archive (8000/1) 100.00%

Windows Analysis Report
PUESTO.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report PUESTO.zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
PUESTO.zip