Edit tour

Windows Analysis Report
WAXD480.exe

Overview

General Information

Sample name:	WAXD480.exe (renamed file extension from tmp to exe)
Original sample name:	WAXD480.tmp
Analysis ID:	1430820
MD5:	7f1ffc9be9757477a8a39cb06d5032c8
SHA1:	31a174cb6a0d6b4f59529235d8efdb5bf5cca94a
SHA256:	f9a43eaa4e4ba619d3470762e5cd4226ad707f59bd89d892584df2771089ef3d
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Binary contains a suspicious time stamp

Creates a process in suspended mode (likely to inject code)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file does not import any functions

Uses 32bit PE files

Classification

Process Tree

System is w10x64

WAXD480.exe (PID: 7260 cmdline: "C:\Users\user\Desktop\WAXD480.exe" MD5: 7F1FFC9BE9757477A8A39CB06D5032C8)

chrome.exe (PID: 7364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=2028,i,4872466835619599832,212431843967096772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1996,i,12553455973178745463,2557296557389022246,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon

Source: WAXD480.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49835 version: TLS 1.2

Source: WAXD480.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Joe Sandbox View	IP Address: 63.140.37.206 63.140.37.206
Source: Joe Sandbox View	IP Address: 13.107.213.69 13.107.213.69
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 63.140.36.51 63.140.36.51

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 23.202.57.177
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.234.57
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.234.57
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917; MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-3.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rest/v1/delivery?client=microsoftmscompoc&sessionId=0791c829041c4c068b787022a66647a2&version=2.9.0 HTTP/1.1Host: target.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917; MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; MSCC=NR; at_check=true; mbox=session#0791c829041c4c068b787022a66647a2#1713944149\|PC#0791c829041c4c068b787022a66647a2.35_0#1748122289
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gztnYs+RTGfK+AB&MD=PdPVE7VN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rest/v1/delivery?client=microsoftmscompoc&sessionId=0791c829041c4c068b787022a66647a2&version=2.9.0 HTTP/1.1Host: target.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917; MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; MSCC=NR; at_check=true; mbox=session#0791c829041c4c068b787022a66647a2#1713944151\|PC#0791c829041c4c068b787022a66647a2.35_0#1748122289; MS0=1e372c3aab014af7b628c367b32124df
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gztnYs+RTGfK+AB&MD=PdPVE7VN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_94.3.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${encodeURIComponent(e)}&text=${encodeURIComponent(dS.replace("{credentialName}",t.title))}" equals www.linkedin.com (Linkedin)
Source: chromecache_94.3.dr	String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
Source: chromecache_94.3.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
Source: chromecache_94.3.dr	String found in binary or memory: </div>`;w(e,t)}}function kA(t){x.documentElement.classList.add("api-search-has-results");for(let{container:e}of vy)e.textContent=t}function Xne(){x.documentElement.classList.remove("api-search-has-results");for(let{container:t}of vy)t.innerHTML=""}function iEe(t,e){let o=dt(),n,r;if(o==="")n=_r[Rt].displayName,r=null;else{let a=e.packagesByMoniker[o];n=a.product.displayName,r=a.versionDisplayName}let s=x.createElement("h2");s.classList.add("api-search-results-heading","font-size-h3");let i=m`${EA.resultsHeadingTemplate.replace("{platformName}",n)}`;if(w(i,s),r!==null&&Rt==="rest"){let a=m`${ee(`${Oe(o)} REST ${EA.resultsHeadingTemplate.replace("{platformName}",n)}`)}`;w(a,s)}else if(r!==null){let a=m`${ee(`${EA.resultsHeadingTemplate.replace("{platformName}",n)} <span class="moniker-version">version ${Oe(r)}</span>`)}`;w(a,s)}t.appendChild(s)}function o1(t,e){if(e!==""&&!/[?&]view=/i.test(t)){let[n,r]=t.split("#");r=r===void 0?"":"#"+r,t=Rt==="rest"?`${n}${r}`:`${n}?view=${encodeURIComponent(e)}${r}`}let o=new URL(t,location.origin);return t=`${o.pathname}${o.search}${o.hash}`,Rt!=="rest"&&(t=`/${_.data.userLocale}${t}`),t}var fm="api-search-term-changed",Ch="";function gm(){return Ch}function n1(t){t=t.trim(),t!==Ch&&(Ch=t,_.data.pageTemplate==="ApiBrowserPage"&&Mt({term:Ch},"pushState"),window.dispatchEvent(new CustomEvent(fm,{detail:{term:Ch}})))}function Zne(){let t=oe().term;return t===void 0?"":t.trim()}_.data.pageTemplate==="ApiBrowserPage"&&(Ch=Zne(),window.addEventListener("popstate",()=>n1(Zne())));function ere(){q.addEventListener(fm,r1),q.addEventListener(Mr,r1),_.data.pageTemplate==="ApiBrowserPage"&&r1()}var AA="";function r1(){let t=gm(),e=dt(),o=`${t}/${e}`;return o===AA?Promise.resolve():(AA=o,_.data.pageTemplate==="ApiBrowserPage"&&e!==""&&t===""?(t1(),Promise.all([Wne(Rt,e,_.data.userLocale),il()]).then(([n,r])=>{if(o===AA){if(n.apiItems.length===0){kA(Xo);return}CA(r,n.apiItems,null)}},()=>{kA(TP)})):t.length<3?(Xne(),Promise.resolve()):_r[Rt].validSearchTerm.test(t)?(t1(),Promise.all([wA(Rt,e,t,_.data.userLocale),il()]).then(([n,r])=>{o===AA&&(s1(e,t,n.results.length),CA(r,n.results,n["@nextLink"]))},()=>{kA(TP)})):il().then(n=>CA(n,[],null)))}function s1(t,e,o){Ge({actionType:He.OTHER,behavior:Ee.SEARCH,content:{event:"api-browser-search",platform:Rt,moniker:t,term:e,results:o}})}var tre="api-search-field";function ore(){let t=x.createElement("form");t.classList.add(tre,"margin-top-xxs"),t.setAttribute(To.name,tre),t.action="javascript:",t.addEventListener("submit",l=>l.preventDefault());let e=x.createElement("label"),o=x.createElement("span");o.classList.add("visually-hidden"),o.textContent=mo,e.appendChild(o),t.appendChild(e);let n=x.createElement("input");n.type="search",n.classList.add("input","input-lg","padding-right-sm"),n.value=gm(),n.placeholder=mo,e.appendChild(n);let r=x.createElement("a");r.href="#",r.title=_2,r.classList.add("clear"),r.addEventListener("click",l=>{l.preventDefault(),n.value="",n.dispatchEvent(
Source: chromecache_94.3.dr	String found in binary or memory: </div>`;w(e,t)}}function kA(t){x.documentElement.classList.add("api-search-has-results");for(let{container:e}of vy)e.textContent=t}function Xne(){x.documentElement.classList.remove("api-search-has-results");for(let{container:t}of vy)t.innerHTML=""}function iEe(t,e){let o=dt(),n,r;if(o==="")n=_r[Rt].displayName,r=null;else{let a=e.packagesByMoniker[o];n=a.product.displayName,r=a.versionDisplayName}let s=x.createElement("h2");s.classList.add("api-search-results-heading","font-size-h3");let i=m`${EA.resultsHeadingTemplate.replace("{platformName}",n)}`;if(w(i,s),r!==null&&Rt==="rest"){let a=m`${ee(`${Oe(o)} REST ${EA.resultsHeadingTemplate.replace("{platformName}",n)}`)}`;w(a,s)}else if(r!==null){let a=m`${ee(`${EA.resultsHeadingTemplate.replace("{platformName}",n)} <span class="moniker-version">version ${Oe(r)}</span>`)}`;w(a,s)}t.appendChild(s)}function o1(t,e){if(e!==""&&!/[?&]view=/i.test(t)){let[n,r]=t.split("#");r=r===void 0?"":"#"+r,t=Rt==="rest"?`${n}${r}`:`${n}?view=${encodeURIComponent(e)}${r}`}let o=new URL(t,location.origin);return t=`${o.pathname}${o.search}${o.hash}`,Rt!=="rest"&&(t=`/${_.data.userLocale}${t}`),t}var fm="api-search-term-changed",Ch="";function gm(){return Ch}function n1(t){t=t.trim(),t!==Ch&&(Ch=t,_.data.pageTemplate==="ApiBrowserPage"&&Mt({term:Ch},"pushState"),window.dispatchEvent(new CustomEvent(fm,{detail:{term:Ch}})))}function Zne(){let t=oe().term;return t===void 0?"":t.trim()}_.data.pageTemplate==="ApiBrowserPage"&&(Ch=Zne(),window.addEventListener("popstate",()=>n1(Zne())));function ere(){q.addEventListener(fm,r1),q.addEventListener(Mr,r1),_.data.pageTemplate==="ApiBrowserPage"&&r1()}var AA="";function r1(){let t=gm(),e=dt(),o=`${t}/${e}`;return o===AA?Promise.resolve():(AA=o,_.data.pageTemplate==="ApiBrowserPage"&&e!==""&&t===""?(t1(),Promise.all([Wne(Rt,e,_.data.userLocale),il()]).then(([n,r])=>{if(o===AA){if(n.apiItems.length===0){kA(Xo);return}CA(r,n.apiItems,null)}},()=>{kA(TP)})):t.length<3?(Xne(),Promise.resolve()):_r[Rt].validSearchTerm.test(t)?(t1(),Promise.all([wA(Rt,e,t,_.data.userLocale),il()]).then(([n,r])=>{o===AA&&(s1(e,t,n.results.length),CA(r,n.results,n["@nextLink"]))},()=>{kA(TP)})):il().then(n=>CA(n,[],null)))}function s1(t,e,o){Ge({actionType:He.OTHER,behavior:Ee.SEARCH,content:{event:"api-browser-search",platform:Rt,moniker:t,term:e,results:o}})}var tre="api-search-field";function ore(){let t=x.createElement("form");t.classList.add(tre,"margin-top-xxs"),t.setAttribute(To.name,tre),t.action="javascript:",t.addEventListener("submit",l=>l.preventDefault());let e=x.createElement("label"),o=x.createElement("span");o.classList.add("visually-hidden"),o.textContent=mo,e.appendChild(o),t.appendChild(e);let n=x.createElement("input");n.type="search",n.classList.add("input","input-lg","padding-right-sm"),n.value=gm(),n.placeholder=mo,e.appendChild(n);let r=x.createElement("a");r.href="#",r.title=_2,r.classList.add("clear"),r.addEventListener("click",l=>{l.preventDefault(),n.value="",n.dispatchEvent(
Source: chromecache_94.3.dr	String found in binary or memory: </div>`;w(e,t)}}function kA(t){x.documentElement.classList.add("api-search-has-results");for(let{container:e}of vy)e.textContent=t}function Xne(){x.documentElement.classList.remove("api-search-has-results");for(let{container:t}of vy)t.innerHTML=""}function iEe(t,e){let o=dt(),n,r;if(o==="")n=_r[Rt].displayName,r=null;else{let a=e.packagesByMoniker[o];n=a.product.displayName,r=a.versionDisplayName}let s=x.createElement("h2");s.classList.add("api-search-results-heading","font-size-h3");let i=m`${EA.resultsHeadingTemplate.replace("{platformName}",n)}`;if(w(i,s),r!==null&&Rt==="rest"){let a=m`${ee(`${Oe(o)} REST ${EA.resultsHeadingTemplate.replace("{platformName}",n)}`)}`;w(a,s)}else if(r!==null){let a=m`${ee(`${EA.resultsHeadingTemplate.replace("{platformName}",n)} <span class="moniker-version">version ${Oe(r)}</span>`)}`;w(a,s)}t.appendChild(s)}function o1(t,e){if(e!==""&&!/[?&]view=/i.test(t)){let[n,r]=t.split("#");r=r===void 0?"":"#"+r,t=Rt==="rest"?`${n}${r}`:`${n}?view=${encodeURIComponent(e)}${r}`}let o=new URL(t,location.origin);return t=`${o.pathname}${o.search}${o.hash}`,Rt!=="rest"&&(t=`/${_.data.userLocale}${t}`),t}var fm="api-search-term-changed",Ch="";function gm(){return Ch}function n1(t){t=t.trim(),t!==Ch&&(Ch=t,_.data.pageTemplate==="ApiBrowserPage"&&Mt({term:Ch},"pushState"),window.dispatchEvent(new CustomEvent(fm,{detail:{term:Ch}})))}function Zne(){let t=oe().term;return t===void 0?"":t.trim()}_.data.pageTemplate==="ApiBrowserPage"&&(Ch=Zne(),window.addEventListener("popstate",()=>n1(Zne())));function ere(){q.addEventListener(fm,r1),q.addEventListener(Mr,r1),_.data.pageTemplate==="ApiBrowserPage"&&r1()}var AA="";function r1(){let t=gm(),e=dt(),o=`${t}/${e}`;return o===AA?Promise.resolve():(AA=o,_.data.pageTemplate==="ApiBrowserPage"&&e!==""&&t===""?(t1(),Promise.all([Wne(Rt,e,_.data.userLocale),il()]).then(([n,r])=>{if(o===AA){if(n.apiItems.length===0){kA(Xo);return}CA(r,n.apiItems,null)}},()=>{kA(TP)})):t.length<3?(Xne(),Promise.resolve()):_r[Rt].validSearchTerm.test(t)?(t1(),Promise.all([wA(Rt,e,t,_.data.userLocale),il()]).then(([n,r])=>{o===AA&&(s1(e,t,n.results.length),CA(r,n.results,n["@nextLink"]))},()=>{kA(TP)})):il().then(n=>CA(n,[],null)))}function s1(t,e,o){Ge({actionType:He.OTHER,behavior:Ee.SEARCH,content:{event:"api-browser-search",platform:Rt,moniker:t,term:e,results:o}})}var tre="api-search-field";function ore(){let t=x.createElement("form");t.classList.add(tre,"margin-top-xxs"),t.setAttribute(To.name,tre),t.action="javascript:",t.addEventListener("submit",l=>l.preventDefault());let e=x.createElement("label"),o=x.createElement("span");o.classList.add("visually-hidden"),o.textContent=mo,e.appendChild(o),t.appendChild(e);let n=x.createElement("input");n.type="search",n.classList.add("input","input-lg","padding-right-sm"),n.value=gm(),n.placeholder=mo,e.appendChild(n);let r=x.createElement("a");r.href="#",r.title=_2,r.classList.add("clear"),r.addEventListener("click",l=>{l.preventDefault(),n.value="",n.dispatchEvent(
Source: chromecache_94.3.dr	String found in binary or memory: </div>`}function gCe(t){return t.authenticationModes?t.authenticationModes.map(e=>e.type).includes("MSA"):!1}function hCe(t){let e=t.authenticationModes.find(o=>o.type==="MSA");return e?e.upn:null}function bCe(t){let e=t.authenticationModes.find(o=>o.type==="AAD");return e?e.upn:null}function _Ce(t,e,o){return e??(Qt(t.email)?o:t.email)??""}function $re(t){let e=gCe(t),o=e?hCe(t):null,n=e?null:bCe(t),r=_Ce(t,o,n);return[e,r]}function vCe(t,e){let[o,n]=$re(e);if(o){let i=t.querySelector("#report-msa-email-account");i.innerText=n}let r=t.querySelector("#opt-into-email-checkbox"),s=t.querySelector("#submitter-info");r.addEventListener("change",()=>{r.checked?s.hidden=!1:s.hidden=!0})}function yCe(t){if(!t)return;let e=t.querySelector("#select-reason"),o=t.querySelector("#other-reason-textarea-container"),n=o.querySelector("textarea");!e\|\|!o\|\|!n\|\|(e.value==="Other"&&(o.hidden=!1,n.required=!0),e.addEventListener("change",()=>{e.value==="Other"\|\|e.value==="14"?(o.hidden=!1,n.required=!0,n.disabled=!1):(o.hidden=!0,n.required=!1,n.disabled=!0)}))}var oo;function Nre(){let t=document.getElementById("share-to-linkedin-profile");t&&t.addEventListener("click",e=>{let o=e.currentTarget,n=JSON.parse(o.dataset.credential),r=document.createElement("div"),s=xCe(n);w(s,r),oo=new Se(r),oo.show();let i=document.getElementById("share-to-feed-button"),a=document.getElementById("linkedin-feed-message"),l=new URL(decodeURI(i.getAttribute("href")));a.onchange=()=>{l.searchParams.set("text",a.value),i.setAttribute("href",l.toString())}})}function xCe(t){let e=encodeURI(`https://${location.host}/api/credentials/share/${_.data.userLocale}/${R.userName}/${t?.credentialId}?sharingId=${R.sharingId}`),o=1035,n=i=>new Date(i).getFullYear(),r=i=>new Date(i).getMonth()+1,s=encodeURI(`https://www.linkedin.com/profile/add?startTask=CERTIFICATION_NAME&name=${t.title}&organizationId=${o}&issueYear=${n(t.awardedOn)}&issueMonth=${r(t.awardedOn)}&expirationYear=${t.expiresOn?n(t.expiresOn):""}&expirationMonth=${t.expiresOn?r(t.expiresOn):""}&certUrl=${e}&certId=${t.credentialId}&skills=${t.skills?`${t.skills.map(i=>encodeURIComponent(i)).join(",")}`:""}`);return m` equals www.linkedin.com (Linkedin)

Source: unknown

DNS traffic detected: queries for: js.monitor.azure.com

Source: unknown

HTTP traffic detected: POST /rest/v1/delivery?client=microsoftmscompoc&sessionId=0791c829041c4c068b787022a66647a2&version=2.9.0 HTTP/1.1Host: target.microsoft.comConnection: keep-aliveContent-Length: 1111sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plainAccept: */*Origin: https://learn.microsoft.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: MC1=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917; MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; MSCC=NR; at_check=true; mbox=session#0791c829041c4c068b787022a66647a2#1713944147

Source: WAXD480.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl19/
Source: chromecache_94.3.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_94.3.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_94.3.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_94.3.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_93.3.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_85.3.dr, chromecache_103.3.dr	String found in binary or memory: http://www.gimp.org/xmp/
Source: chromecache_93.3.dr	String found in binary or memory: https://aka.ms/ContentUserFeedback
Source: chromecache_94.3.dr	String found in binary or memory: https://aka.ms/banner_mslearn_tier1?wt.mc_id=build24_t1_learnpromotion_events
Source: chromecache_94.3.dr	String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_93.3.dr	String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_94.3.dr	String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_93.3.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_93.3.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_93.3.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: chromecache_94.3.dr	String found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
Source: chromecache_94.3.dr	String found in binary or memory: https://channel9.msdn.com/
Source: chromecache_94.3.dr	String found in binary or memory: https://github.com/$
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/Thraka
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/adegeo
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/dotnet/docs/issues
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_94.3.dr	String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/gewarren
Source: chromecache_94.3.dr	String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_77.3.dr, chromecache_94.3.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/mairaw
Source: chromecache_93.3.dr	String found in binary or memory: https://github.com/nschonni
Source: chromecache_93.3.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js
Source: chromecache_94.3.dr	String found in binary or memory: https://learn-video.azurefd.net/
Source: chromecache_94.3.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: chromecache_94.3.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_94.3.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0
Source: chromecache_94.3.dr	String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: chromecache_94.3.dr	String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: chromecache_94.3.dr	String found in binary or memory: https://schema.org
Source: chromecache_94.3.dr	String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_94.3.dr	String found in binary or memory: https://www.cafbaseline.com/
Source: chromecache_94.3.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=$
Source: chromecache_94.3.dr	String found in binary or memory: https://www.linkedin.com/profile/add?startTask=CERTIFICATION_NAME&name=$

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:49835 version: TLS 1.2

Source: WAXD480.exe

Static PE information: No import functions for PE file found

Source: WAXD480.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: WAXD480.exe

Binary string: a\Device\HarddiskVolume4\Windows>

Source: classification engine

Classification label: clean3.winEXE@25/61@12/7

Source: WAXD480.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\WAXD480.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\WAXD480.exe "C:\Users\user\Desktop\WAXD480.exe"
Source: C:\Users\user\Desktop\WAXD480.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=2028,i,4872466835619599832,212431843967096772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\WAXD480.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1996,i,12553455973178745463,2557296557389022246,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\WAXD480.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=2028,i,4872466835619599832,212431843967096772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1996,i,12553455973178745463,2557296557389022246,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Section loaded: wkscli.dll	Jump to behavior

Source: C:\Users\user\Desktop\WAXD480.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: WAXD480.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: WAXD480.exe

Static file information: File size 14544896 > 1048576

Source: WAXD480.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: WAXD480.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: WAXD480.exe

Static PE information: 0xFF7D5888 [Sat Oct 31 03:59:04 2105 UTC]

Source: WAXD480.exe, 00000000.00000002.1765382088.000000000069C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: WAXD480.exe, 00000000.00000002.1765382088.000000000069C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\

Source: C:\Users\user\Desktop\WAXD480.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\WAXD480.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	11 Process Injection	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Timestomp	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
WAXD480.exe	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://polymer.github.io/PATENTS.txt	0%	URL Reputation	safe
http://polymer.github.io/PATENTS.txt	0%	URL Reputation	safe
http://polymer.github.io/LICENSE.txt	0%	URL Reputation	safe
http://polymer.github.io/AUTHORS.txt	0%	URL Reputation	safe
https://octokit.github.io/rest.js/#throttling	0%	URL Reputation	safe
https://learn-video.azurefd.net/vod/player	0%	URL Reputation	safe
http://polymer.github.io/CONTRIBUTORS.txt	0%	URL Reputation	safe
https://learn-video.azurefd.net/	0%	Avira URL Cloud	safe
https://www.cafbaseline.com/	0%	Avira URL Cloud	safe
https://www.cafbaseline.com/	1%	Virustotal		Browse
https://learn-video.azurefd.net/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
adobetarget.data.adobedc.net	63.140.36.145	true	false	unknown
part-0041.t-0009.t-msedge.net	13.107.213.69	true	false	unknown
dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com	52.40.13.65	true	false	high
www.google.com	142.250.101.104	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
microsoftmscompoc.tt.omtrdc.net	unknown	unknown	false	unknown
mdec.nelreports.net	unknown	unknown	false	unknown
mscom.demdex.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf	chromecache_93.3.dr	false		high
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md	chromecache_93.3.dr	false		high
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725	chromecache_93.3.dr	false		high
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev	chromecache_94.3.dr	false		high
https://github.com/Thraka	chromecache_93.3.dr	false		high
https://github.com/dotnet/docs/issues	chromecache_93.3.dr	false		high
http://www.gimp.org/xmp/	chromecache_85.3.dr, chromecache_103.3.dr	false		high
http://polymer.github.io/PATENTS.txt	chromecache_94.3.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://aka.ms/certhelp	chromecache_94.3.dr	false		high
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/	chromecache_93.3.dr	false		high
https://www.linkedin.com/cws/share?url=$	chromecache_94.3.dr	false		high
https://aka.ms/ContentUserFeedback	chromecache_93.3.dr	false		high
https://github.com/mairaw	chromecache_93.3.dr	false		high
https://schema.org	chromecache_94.3.dr	false		high
http://polymer.github.io/LICENSE.txt	chromecache_94.3.dr	false	URL Reputation: safe	unknown
https://github.com/Youssef1313	chromecache_93.3.dr	false		high
http://polymer.github.io/AUTHORS.txt	chromecache_94.3.dr	false	URL Reputation: safe	unknown
https://aka.ms/banner_mslearn_tier1?wt.mc_id=build24_t1_learnpromotion_events	chromecache_94.3.dr	false		high
https://aka.ms/yourcaliforniaprivacychoices	chromecache_93.3.dr	false		high
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml	chromecache_93.3.dr	false		high
https://github.com/nschonni	chromecache_93.3.dr	false		high
https://management.azure.com/subscriptions?api-version=2016-06-01	chromecache_94.3.dr	false		high
https://github.com/adegeo	chromecache_93.3.dr	false		high
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md	chromecache_93.3.dr	false		high
https://aka.ms/pshelpmechoose	chromecache_94.3.dr	false		high
https://aka.ms/feedback/report?space=61	chromecache_93.3.dr	false		high
https://github.com/jonschlinkert/is-plain-object	chromecache_94.3.dr	false		high
https://octokit.github.io/rest.js/#throttling	chromecache_94.3.dr	false	URL Reputation: safe	unknown
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2017-0	chromecache_94.3.dr	false		high
https://github.com/js-cookie/js-cookie	chromecache_77.3.dr, chromecache_94.3.dr	false		high
https://learn-video.azurefd.net/vod/player	chromecache_94.3.dr	false	URL Reputation: safe	unknown
https://twitter.com/intent/tweet?original_referer=$	chromecache_94.3.dr	false		high
https://github.com/$	chromecache_94.3.dr	false		high
https://github.com/gewarren	chromecache_93.3.dr	false		high
http://schema.org/Organization	chromecache_93.3.dr	false		high
http://polymer.github.io/CONTRIBUTORS.txt	chromecache_94.3.dr	false	URL Reputation: safe	unknown
https://channel9.msdn.com/	chromecache_94.3.dr	false		high
https://www.linkedin.com/profile/add?startTask=CERTIFICATION_NAME&name=$	chromecache_94.3.dr	false		high
https://learn-video.azurefd.net/	chromecache_94.3.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/dotnet/try	chromecache_94.3.dr	false		high
https://www.cafbaseline.com/	chromecache_94.3.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.101.104	www.google.com	United States	15169	GOOGLEUS	false
52.40.13.65	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com	United States	16509	AMAZON-02US	false
63.140.37.206	unknown	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
13.107.213.69	part-0041.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
63.140.36.51	unknown	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430820
Start date and time:	2024-04-24 09:03:40 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	WAXD480.exe (renamed file extension from tmp to exe)
Original Sample Name:	WAXD480.tmp
Detection:	CLEAN
Classification:	clean3.winEXE@25/61@12/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.202.58.34, 74.125.137.94, 142.251.2.113, 142.251.2.101, 142.251.2.102, 142.251.2.138, 142.251.2.139, 142.251.2.100, 142.251.2.84, 23.35.30.26, 34.104.35.123, 184.28.81.149, 184.28.81.169, 20.189.173.6, 142.250.101.95, 74.125.137.95, 142.251.2.95, 20.125.62.241, 199.232.214.172, 204.79.197.237, 13.107.21.237, 192.229.211.108, 142.251.2.94, 74.125.137.113, 74.125.137.139, 74.125.137.102, 74.125.137.101, 74.125.137.100, 74.125.137.138
Excluded domains from analysis (whitelisted): aijscdn2.afd.azureedge.net, slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, learn.microsoft.com, e11290.dspg.akamaiedge.net, mdec.nelreports.net.akamaized.net, go.microsoft.com, clients2.google.com, ocsp.digicert.com, a1883.dscd.akamai.net, learn.microsoft.com.edgekey.net, update.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, target.microsoft.com, content-autofill.googleapis.com, c-bing-com.dual-a-0034.a-msedge.net, ctldl.windowsupdate.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, aijscdn2.azureedge.net, browser.events.data.microsoft.com, edgedl.me.gvt1.com, e13636.dscb.akamaiedge.net, c.bing.com, learn-public.trafficmanager.net, go.microsoft.com.edgekey.net, dual-a-0034.a-msedge.net, clients.l.google.com, c1.microsoft.com, onedscolprdwus05.westus.cloudapp.azu
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
13.107.213.69	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	Ref_Order04.xls	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse
	https://wmicrosouab-4ba8.udydzj.workers.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://uqgekpc20qn1.azureedge.net/6466/	Get hash	malicious	TechSupportScam	Browse
	https://pub-32bf4e9c1a1344aa8c0925c562b60fd3.r2.dev/index2.html	Get hash	malicious	HTMLPhisher	Browse
	https://hello-world-still-tree-8187.stevenmoulder.workers.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://pub-fc51d290db584b328d6feb3913c634a1.r2.dev/office365webb.html	Get hash	malicious	HTMLPhisher	Browse
	https://pub-ccab1e1c90754b44a899b93b24a61322.r2.dev/pp.html	Get hash	malicious	HTMLPhisher	Browse
	https://loveyawork.com.au/stack/office-3D8/index.php	Get hash	malicious	HTMLPhisher	Browse
239.255.255.250	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse
	#U5c97#U4f4d#U8865#U52a9#U5236#U5ea6.docx.doc	Get hash	malicious	Unknown	Browse
	#U5c97#U4f4d#U8865#U52a9#U5236#U5ea6.docx.doc	Get hash	malicious	Unknown	Browse
	https://tibusiness.cl/css/causarol.rar	Get hash	malicious	Unknown	Browse
	http://damarltda.cl/certificado.php	Get hash	malicious	Unknown	Browse
	http://rum.browser-intake-foxbusiness.com:443	Get hash	malicious	Unknown	Browse
	http://42.193.223.169/extensioncompabilitynode.exe	Get hash	malicious	Unknown	Browse
	https://d-wz.info/mygov	Get hash	malicious	HTMLPhisher	Browse
	https://www.longin-eki.co.jp.cduhzkc.cn/	Get hash	malicious	Unknown	Browse
	https://www.longin-eki.co.jp.nebxshr.cn/	Get hash	malicious	Unknown	Browse
63.140.36.51	https://uqgekpc20qn1.azureedge.net/6466/	Get hash	malicious	TechSupportScam	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:EU:a477f053-09e9-43b1-afaa-68422fe2c73d	Get hash	malicious	Unknown	Browse
	https://googleads.g.doubleclick.net/aclk?nis=4&sa=l&ai=CBy2nBWzuZebBCqaT9fwP3aiQyA_w2oDlddu5z5-iErOjjrWMDhABIPuchwNgpaCVgJgBoAH3paCUKsgBAqgDAcgDyQSqBK4CT9CEq8LQKNPdFDGXOtMpyjS3yMvP1hTqSeq0cEtWo62EIJdDfle1EjLt33lRwACMm2pw-rajkPdYwnT5Hl00cEmv9wBBsQioqExIWGvu6p-f1FgTA4lF99AYzAoZDqjOsgO1Aaf7zNmTuvPiNjPmB0lse0kqkk5ZW_51m-IllOWVbMnCztYUJcNx6Xyq6Uo5_4Le0urHHQPbXxiw_mda5IYUAcwGkwTL52V-4gywNNlNqOTkI7T9S7HMMTWKBFQXVzCHWUWNV3nKOVBWl4pQ82t3zIUfrU4C4jGcwqImfMmBkz7wuJEkik07BsxGcZ0EIPAjKv4S4TXrujRrzO55GTRkRsQnotspAHgJGD676hTPpQWOblgQN618COIhfqe2pEN3V0qQ1mCjVHv33q3ABNS0h5rvBIgFn4XMo06gBgKAB_fd8PMEqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAtgHAdIILQiM4YBAEAEYHzIEi8KBDjoOj9CAgICADIDAgICAoChIvf3BOlj_u4e-lOuEA7EJaBWNCPNfR7iACgGYCwHICwHaDBEKCxDQlNaq1sWkyOIBEgIBA6oNAkFVyA0B2BMC0BUB-BYBgBcBshgJEgKCaBgCIgEA&ae=1&ase=2&gclid=EAIaIQobChMIptiHvpTrhAMVpkmdCR1dFAT5EAEYASAAEgJkAfD_BwE&num=1&cid=CAQSLQB7FLtqOsAeoITkk8_EfWxyFaX6LvfDD7qju4NO3pvtDST86esq5V2hobPA7hgB&sig=AOD64_3YUwGOAhvDgrtLKQSfZbxQDrMiug&client=ca-pub-3734677162347682&rf=2&nb=17&adurl=https://sites.google.com/view/fashionpassrent%3Fgclid%3DEAIaIQobChMIptiHvpTrhAMVpkmdCR1dFAT5EAEYASAAEgJkAfD_BwE	Get hash	malicious	Unknown	Browse
	DHL SHIPPING DOCUMENT - BL - AWB PACKING LIST_02292024.exe	Get hash	malicious	DBatLoader, PureLog Stealer, zgRAT	Browse
	Frija.exe	Get hash	malicious	Unknown	Browse
	https://tjk5ev4wyer7s8.pages.dev/Wi0nAbh0help0secure037/	Get hash	malicious	Unknown	Browse
	https://cwjd96l8a93s6.pages.dev/Wi0nAbh0help0secure037/	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:19673103-b29e-4634-baef-0fbf173db387	Get hash	malicious	Unknown	Browse
	corporations-myGovsecuredocument.html	Get hash	malicious	Unknown	Browse
63.140.37.206	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:67958260-9d34-43ce-a81c-9e6e45fe2b11	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:67958260-9d34-43ce-a81c-9e6e45fe2b11	Get hash	malicious	Unknown	Browse
	https://googleads.g.doubleclick.net/aclk?nis=4&sa=l&ai=CBy2nBWzuZebBCqaT9fwP3aiQyA_w2oDlddu5z5-iErOjjrWMDhABIPuchwNgpaCVgJgBoAH3paCUKsgBAqgDAcgDyQSqBK4CT9CEq8LQKNPdFDGXOtMpyjS3yMvP1hTqSeq0cEtWo62EIJdDfle1EjLt33lRwACMm2pw-rajkPdYwnT5Hl00cEmv9wBBsQioqExIWGvu6p-f1FgTA4lF99AYzAoZDqjOsgO1Aaf7zNmTuvPiNjPmB0lse0kqkk5ZW_51m-IllOWVbMnCztYUJcNx6Xyq6Uo5_4Le0urHHQPbXxiw_mda5IYUAcwGkwTL52V-4gywNNlNqOTkI7T9S7HMMTWKBFQXVzCHWUWNV3nKOVBWl4pQ82t3zIUfrU4C4jGcwqImfMmBkz7wuJEkik07BsxGcZ0EIPAjKv4S4TXrujRrzO55GTRkRsQnotspAHgJGD676hTPpQWOblgQN618COIhfqe2pEN3V0qQ1mCjVHv33q3ABNS0h5rvBIgFn4XMo06gBgKAB_fd8PMEqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH4L2xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAqgH6rGxAqgHmbWxAqgHvrexAtgHAdIILQiM4YBAEAEYHzIEi8KBDjoOj9CAgICADIDAgICAoChIvf3BOlj_u4e-lOuEA7EJaBWNCPNfR7iACgGYCwHICwHaDBEKCxDQlNaq1sWkyOIBEgIBA6oNAkFVyA0B2BMC0BUB-BYBgBcBshgJEgKCaBgCIgEA&ae=1&ase=2&gclid=EAIaIQobChMIptiHvpTrhAMVpkmdCR1dFAT5EAEYASAAEgJkAfD_BwE&num=1&cid=CAQSLQB7FLtqOsAeoITkk8_EfWxyFaX6LvfDD7qju4NO3pvtDST86esq5V2hobPA7hgB&sig=AOD64_3YUwGOAhvDgrtLKQSfZbxQDrMiug&client=ca-pub-3734677162347682&rf=2&nb=17&adurl=https://sites.google.com/view/fashionpassrent%3Fgclid%3DEAIaIQobChMIptiHvpTrhAMVpkmdCR1dFAT5EAEYASAAEgJkAfD_BwE	Get hash	malicious	Unknown	Browse
	https://www.googleadservices.com/pagead/aclk?nis=4&sa=L&ai=CEdmnpF3uZcmCEdLvz7sPgvaqSPDagOV127nPn6ISzuvWiowOEAEg-5yHA2CloJWAmAGgAfeloJQqyAECqAMByAPJBKoEqwJP0BOkHEQ1sHidZNLLodOtOyNxRFvrb6dqQQ9bhh3nOz-pugkuAKGT1JYZfWYhqel0zPTGGIbQQl9WB7_vFRV_MhmW5KIdroYx56OEClXEf-cWKat1aMrWuR35plIHQwgvrSp12MLefXdgr14Q5iELw4ozv24CWRBqCYEfchlQo4JnIovylCFfzNZg20N_V5T9lzIG1Nmm7l9MsFsKkwM-YPqei9OqUr9BDzie_LrcWi_Z2StMoNSQV8r8i1V33taCy4_lrZuMV-NzUQMD4TyIxtNRQLwkroqGCsQ7cBlARGQKqa5EXlyqKFmykXE2LLDQkRi_RahzgB5fX3_TIZgU_j7XfKOQqjgPSHLXdiWLqHfAPFpqdb7SXyjvdXpJEi0l2R3bDl1grQiXI8AE1LSHmu8EiAWfhcyjTqAGAoAH993w8wSoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAfgvbECqAf_nrECqAffn7ECqAfKqbECqAfrpbECqAfqsbECqAeZtbECqAe-t7EC2AcB0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WPfE7-KG64QDsQloFY0I819HuIAKAZgLAcgLAdoMEAoKELC17cf6_vjlBxICAQOqDQJBVcgNAdgTAtAVAfgWAYAXAbIYCRICgmgYAiIBAA&ae=1&ase=2&gclid=EAIaIQobChMIyeTv4obrhAMV0vdzAR0CuwoJEAEYASAAEgL6PvD_BwE&num=1&cid=CAQSOwB7FLtqsHK094spdoaQt-h9iX5PJ9zt-19kvYM1ldowDR1zOpgYOBfr1d5CeT8AheT9Tiy6z0yLnfuSGAE&sig=AOD64_2YAv3hZTWz95W_YbVDPxMhn7xpXg&client=ca-pub-3734677162347682&rf=2&nb=17&adurl=https://sites.google.com/view/fashionpassrent%3Fgclid%3DEAIaIQobChMIyeTv4obrhAMV0vdzAR0CuwoJEAEYASAAEgL6PvD_BwE	Get hash	malicious	Unknown	Browse
	https://yakoowood.com/	Get hash	malicious	Unknown	Browse
	DHL SHIPPING DOCUMENT - BL - AWB PACKING LIST_02292024.exe	Get hash	malicious	DBatLoader, PureLog Stealer, zgRAT	Browse
	https://fnbo-alerts.org	Get hash	malicious	Unknown	Browse
	https://cloudflare-ipfs.com	Get hash	malicious	Unknown	Browse
	https://kvf4bl8dz44hd.pages.dev/Wi0nAbh0help0secure037/	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:19673103-b29e-4634-baef-0fbf173db387	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com	https://in.xero.com/m/g4EjeZDud5lCeLiKvMaATTgixUJedYwIXI96osSo?utm_source=invoiceEmailViewInvoiceButton&utm_campaign=invoicesEmailStandardV2	Get hash	malicious	Unknown	Browse	100.21.16.173
	FFE Order details - Cincy v41720.xlsx	Get hash	malicious	Unknown	Browse	54.71.166.176
	https://18apmic18.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	54.149.168.153
	http://www.sdmts.com/business-center/for-hire-vehicle-administration&c=E,1,pc5oom8YsW1RqHtANaUTLgMvd2z37r_4n-NR90jlF12Z7NyUKYXr1sKmCXY3dgMIENHwNl8jxylzX2garHrVx3wU2gE5fuDMBydZQ2COLEQJ&typo=1	Get hash	malicious	Unknown	Browse	50.112.189.71
	https://dmec.org/	Get hash	malicious	Unknown	Browse	100.21.242.169
	https://earnandexcel.com/blog/how-to-expand-columns-in-excel-multiple-tricks-to-resize-columns-rows/	Get hash	malicious	Unknown	Browse	52.88.22.80
	https://ctgoodjobs.hk/english/count/count_banner.asp?banner_name=newsletter-cthr_20230930_footer_privacy&href=https://acrobat.adobe.com/id/urn:aaid:sc:EU:496e3280-db43-4f27-9c85-1d9ad2126f15	Get hash	malicious	Unknown	Browse	44.235.166.15
	https://1drv.ms/f/s!Ah3RUujFpGTrbZcZBXk_HMFtmRQ	Get hash	malicious	Unknown	Browse	100.21.242.169
	https://yxu.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=%2Faccount%2Fchallenge%2Fpassword	Get hash	malicious	HTMLPhisher	Browse	52.40.174.159
	http://zarabidarix.xyz/4kKUDf2271ibnX494fplpivknze26JVIISAKNWCQFBYE13955JAYA338314o10	Get hash	malicious	Unknown	Browse	54.71.166.176
adobetarget.data.adobedc.net	KxgGGaiW3E.exe	Get hash	malicious	Quasar	Browse	63.140.39.82
	https://acrobat.adobe.com/id/urn:aaid:sc:AP:c47bd847-0028-43f6-8564-6c8445af0ecc	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	63.140.39.93
	23xCOZerXg.exe	Get hash	malicious	PureLog Stealer, Xmrig, zgRAT	Browse	63.140.39.82
	https://22apmic22.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	63.140.39.248
	https://in.xero.com/m/g4EjeZDud5lCeLiKvMaATTgixUJedYwIXI96osSo?utm_source=invoiceEmailViewInvoiceButton&utm_campaign=invoicesEmailStandardV2	Get hash	malicious	Unknown	Browse	63.140.38.55
	https://yxv.ens.mybluehost.me/Ca/net/login.php	Get hash	malicious	Unknown	Browse	63.140.38.111
	https://19apmic17.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	63.140.38.55
	https://19apmic11.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	63.140.38.189
	https://librospy.com/	Get hash	malicious	Unknown	Browse	63.140.39.35
	https://18apmic18.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	63.140.39.93
part-0041.t-0009.t-msedge.net	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	13.107.246.69
	Payment MT103.xls	Get hash	malicious	Unknown	Browse	13.107.246.69
	Ref_Order04.xls	Get hash	malicious	Unknown	Browse	13.107.213.69
	3Shape Unite Installer.exe	Get hash	malicious	Unknown	Browse	13.107.246.69
	SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	13.107.213.69
	https://wmicrosouab-4ba8.udydzj.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	https://uqgekpc20qn1.azureedge.net/6466/	Get hash	malicious	TechSupportScam	Browse	13.107.246.69
	https://magnisteel.lk/4765445b-32c6-49b0-83e6-1d93765276ca.php	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	https://condoresorts.com/	Get hash	malicious	Unknown	Browse	13.107.246.69
	https://mota-engil.caf0sa.com/tiyamike.chikabadwa56078874fessdGl5YW1pa2UuY2hpa2FiYWR3YUBtb3RhLWVuZ2lsLnB097140964?5101245168264822=2215800694735574#dGl5YW1pa2UuY2hpa2FiYWR3YUBtb3RhLWVuZ2lsLnB0	Get hash	malicious	Unknown	Browse	13.107.246.69

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CHINANET-BACKBONENo31Jin-rongStreetCN	https://d-wz.info/mygov	Get hash	malicious	HTMLPhisher	Browse	63.140.36.145
	https://uqgekpc20qn1.azureedge.net/6466/	Get hash	malicious	TechSupportScam	Browse	63.140.36.51
	KxgGGaiW3E.exe	Get hash	malicious	Quasar	Browse	63.140.39.82
	https://acrobat.adobe.com/id/urn:aaid:sc:AP:c47bd847-0028-43f6-8564-6c8445af0ecc	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	63.140.39.93
	23xCOZerXg.exe	Get hash	malicious	PureLog Stealer, Xmrig, zgRAT	Browse	63.140.39.82
	oVOImRIAaz.elf	Get hash	malicious	Mirai	Browse	220.160.120.160
	NMdpQecbkg.elf	Get hash	malicious	Mirai	Browse	106.86.148.241
	1mHUcsxKG6.elf	Get hash	malicious	Mirai	Browse	171.113.147.175
	xzk9TKqNoI.elf	Get hash	malicious	Mirai	Browse	14.105.136.165
	sora.arm.elf	Get hash	malicious	Mirai	Browse	112.67.254.212
MICROSOFT-CORP-MSN-AS-BLOCKUS	URGENTE_NOTIFICATION.cmd	Get hash	malicious	Remcos, DBatLoader	Browse	13.107.139.11
	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	13.107.213.69
	OKhCyJ619J.rtf	Get hash	malicious	Remcos, DBatLoader	Browse	13.107.137.11
	#U5c97#U4f4d#U8865#U52a9#U5236#U5ea6.docx.doc	Get hash	malicious	Unknown	Browse	52.184.66.142
	fu56fbrtn8.exe	Get hash	malicious	Remcos, DBatLoader	Browse	13.107.139.11
	Payment MT103.xls	Get hash	malicious	Unknown	Browse	13.107.246.69
	Ref_Order04.xls	Get hash	malicious	Unknown	Browse	13.107.213.69
	FT. 40FE CNY .xlsx.lnk	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	13.107.139.11
	3Shape Unite Installer.exe	Get hash	malicious	Unknown	Browse	40.67.232.186
	OHkRFujs2m.exe	Get hash	malicious	Unknown	Browse	104.208.16.94
AMAZON-02US	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	13.226.210.111
	https://tibusiness.cl/css/causarol.rar	Get hash	malicious	Unknown	Browse	52.25.6.244
	PO#0023298413.xls	Get hash	malicious	Unknown	Browse	76.76.21.61
	PO#0023298413.xls	Get hash	malicious	Unknown	Browse	76.76.21.93
	PO#0023298413.xls	Get hash	malicious	Unknown	Browse	76.76.21.9
	Ref_Order04.xls	Get hash	malicious	Unknown	Browse	76.76.21.241
	Ref_Order04.xls	Get hash	malicious	Unknown	Browse	76.76.21.98
	az9a0rNKvy.elf	Get hash	malicious	Mirai, Okiru	Browse	54.171.230.55
	SecuriteInfo.com.Python.Stealer.1437.14994.32063.exe	Get hash	malicious	Python Stealer	Browse	45.112.123.239
	https://d-wz.info/mygov	Get hash	malicious	HTMLPhisher	Browse	18.154.132.7
CHINANET-BACKBONENo31Jin-rongStreetCN	https://d-wz.info/mygov	Get hash	malicious	HTMLPhisher	Browse	63.140.36.145
	https://uqgekpc20qn1.azureedge.net/6466/	Get hash	malicious	TechSupportScam	Browse	63.140.36.51
	KxgGGaiW3E.exe	Get hash	malicious	Quasar	Browse	63.140.39.82
	https://acrobat.adobe.com/id/urn:aaid:sc:AP:c47bd847-0028-43f6-8564-6c8445af0ecc	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	63.140.39.93
	23xCOZerXg.exe	Get hash	malicious	PureLog Stealer, Xmrig, zgRAT	Browse	63.140.39.82
	oVOImRIAaz.elf	Get hash	malicious	Mirai	Browse	220.160.120.160
	NMdpQecbkg.elf	Get hash	malicious	Mirai	Browse	106.86.148.241
	1mHUcsxKG6.elf	Get hash	malicious	Mirai	Browse	171.113.147.175
	xzk9TKqNoI.elf	Get hash	malicious	Mirai	Browse	14.105.136.165
	sora.arm.elf	Get hash	malicious	Mirai	Browse	112.67.254.212

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://u44056869.ct.sendgrid.net/ls/click?upn=u001.nH1ryR-2Btr2av-2Bkfc8quLEXKlGRKFonctFf3nB-2FAP-2Bjae3IsQgCoKtK-2FQ57cEEmmhZzRyd07G16kQ6rsc4EaJT6S7Rh48kOVsBPHV-2Fkkk9Vfz7cojLOCLuj4sUGVMM7pbdmwtinmtiLhfYkhEkgve628OiJsccHyeYc3lkmkn6epsOmmj4-2Fi-2BWjxfm73m7vUzCOGnDWnQJBmmd6DmkDcfIw-3D-3DU_vL_MRfqZW9nS4IDBSHT8MfJfSAq9b0aOVvtJoUhpW1Ga8ePAnfV-2FfXwE0xIGnayeXag21qNKRc5VLcgMkPlIuCBf7Hi8EFUvj1-2FlklJpMLZNx1IQq8eO26tVdmeuxhGn-2B2zjA71oEkiC9pTrxX9Dz-2FMJk8mkJr62ye1KlBo-2B8fxBlVl-2B6T0POpB0GKoibGhcjh4Z-2FnPU453nMAkUkNy65MlaA-3D-3D	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.57.177
	#U5c97#U4f4d#U8865#U52a9#U5236#U5ea6.docx.doc	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.57.177
	http://42.193.223.169/extensioncompabilitynode.exe	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.57.177
	https://d-wz.info/mygov	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.57.177
	https://emv1.3rujia.cn/	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.57.177
	SecuriteInfo.com.Trojan.MSIL.zgRAT.Heur.21652.15881.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	52.165.165.26 23.202.57.177
	https://wmicrosouab-4ba8.udydzj.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	52.165.165.26 23.202.57.177
	https://uqgekpc20qn1.azureedge.net/6466/	Get hash	malicious	TechSupportScam	Browse	52.165.165.26 23.202.57.177
	https://www.3rujia.cn/	Get hash	malicious	Unknown	Browse	52.165.165.26 23.202.57.177
	https://windowdefalerts-error0x21916-alert-virus-detected.pages.dev/	Get hash	malicious	HTMLPhisher, TechSupportScam	Browse	52.165.165.26 23.202.57.177

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.270991297712282
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	WAXD480.exe
File size:	14'544'896 bytes
MD5:	7f1ffc9be9757477a8a39cb06d5032c8
SHA1:	31a174cb6a0d6b4f59529235d8efdb5bf5cca94a
SHA256:	f9a43eaa4e4ba619d3470762e5cd4226ad707f59bd89d892584df2771089ef3d
SHA512:	ba89acb7641f74328f51d6f64d70474b9949d16743f42528aa4e16cb0765c3d0a5ebdd409a4380c2ebf3275d06c9009626136e7c6e472f047e2e82a3a208f458
SSDEEP:	98304:MFo1GWb7bTtHxHV7G67rTPhFGIfxSj7SwMmRe1:MFS79Hpd7rTZFtfxSjIB
TLSH:	3CE63990BB10E522E19C97340CCBCFA96634F8951E43C62BB7F86B3F6D762943C62945
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....X}...............0..............;... ...@....@.. ....................................`................................

Entrypoint:	0x403b9a
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xFF7D5888 [Sat Oct 31 03:59:04 2105 UTC]
TLS Callbacks:
CLR (.Net) Version:	@
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Signature Valid:
Signature Issuer:
Signature Validation Error:
Error Number:
Not Before, Not After
Subject Chain
Version:
Thumbprint MD5:
Thumbprint SHA-1:
Thumbprint SHA-256:
Serial:

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3b45	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x69c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2800	0x25d0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3a4c	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1ba0	0x1c00	e5c55f0b8236d25407478e99de9111d6	False	0.06305803571428571	data	0.5448303170034065	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4000	0x69c	0x800	e4d020c5a1901337fcc99c4758527ff4	False	0.12353515625	data	0.7882981859081486	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x6000	0xc	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 09:04:39.078391075 CEST	53	56338	1.1.1.1	192.168.2.4
Apr 24, 2024 09:04:39.165126085 CEST	53	59211	1.1.1.1	192.168.2.4
Apr 24, 2024 09:04:40.169493914 CEST	53	64583	1.1.1.1	192.168.2.4
Apr 24, 2024 09:04:41.617356062 CEST	65204	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:04:41.617542028 CEST	51835	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:04:43.356378078 CEST	50287	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:04:43.356700897 CEST	61582	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:04:43.510019064 CEST	53	50287	1.1.1.1	192.168.2.4
Apr 24, 2024 09:04:43.510114908 CEST	53	61582	1.1.1.1	192.168.2.4
Apr 24, 2024 09:04:43.649720907 CEST	64465	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:04:43.649868965 CEST	65454	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:04:43.650827885 CEST	52938	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:04:43.650965929 CEST	53549	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:04:43.826327085 CEST	53	64465	1.1.1.1	192.168.2.4
Apr 24, 2024 09:04:43.829787970 CEST	53	52938	1.1.1.1	192.168.2.4
Apr 24, 2024 09:04:43.843866110 CEST	53	53549	1.1.1.1	192.168.2.4
Apr 24, 2024 09:04:43.884671926 CEST	53	65454	1.1.1.1	192.168.2.4
Apr 24, 2024 09:04:46.408267975 CEST	58128	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:04:46.408480883 CEST	56596	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:04:49.957792044 CEST	53	58002	1.1.1.1	192.168.2.4
Apr 24, 2024 09:04:53.318397045 CEST	138	138	192.168.2.4	192.168.2.255
Apr 24, 2024 09:04:57.323059082 CEST	53	62439	1.1.1.1	192.168.2.4
Apr 24, 2024 09:05:16.275897980 CEST	53	60156	1.1.1.1	192.168.2.4
Apr 24, 2024 09:05:38.603982925 CEST	53	61859	1.1.1.1	192.168.2.4
Apr 24, 2024 09:05:38.964452028 CEST	53	55432	1.1.1.1	192.168.2.4
Apr 24, 2024 09:05:47.134768963 CEST	57101	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:05:47.134987116 CEST	54830	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:06:07.947531939 CEST	53	50680	1.1.1.1	192.168.2.4

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 09:04:41.770220995 CEST	1.1.1.1	192.168.2.4	0xe854	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:41.770220995 CEST	1.1.1.1	192.168.2.4	0xe854	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:41.770220995 CEST	1.1.1.1	192.168.2.4	0xe854	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:41.770220995 CEST	1.1.1.1	192.168.2.4	0xe854	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:41.770267010 CEST	1.1.1.1	192.168.2.4	0x29b6	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:41.770627975 CEST	1.1.1.1	192.168.2.4	0x8b	No error (0)	js.monitor.azure.com	aijscdn2.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:41.770663977 CEST	1.1.1.1	192.168.2.4	0x1791	No error (0)	js.monitor.azure.com	aijscdn2.azureedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:41.770663977 CEST	1.1.1.1	192.168.2.4	0x1791	No error (0)	shed.dual-low.part-0041.t-0009.t-msedge.net	part-0041.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:41.770663977 CEST	1.1.1.1	192.168.2.4	0x1791	No error (0)	part-0041.t-0009.t-msedge.net		13.107.213.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:41.770663977 CEST	1.1.1.1	192.168.2.4	0x1791	No error (0)	part-0041.t-0009.t-msedge.net		13.107.246.69	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.510019064 CEST	1.1.1.1	192.168.2.4	0x21fc	No error (0)	www.google.com		142.250.101.104	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.510019064 CEST	1.1.1.1	192.168.2.4	0x21fc	No error (0)	www.google.com		142.250.101.106	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.510019064 CEST	1.1.1.1	192.168.2.4	0x21fc	No error (0)	www.google.com		142.250.101.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.510019064 CEST	1.1.1.1	192.168.2.4	0x21fc	No error (0)	www.google.com		142.250.101.147	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.510019064 CEST	1.1.1.1	192.168.2.4	0x21fc	No error (0)	www.google.com		142.250.101.99	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.510019064 CEST	1.1.1.1	192.168.2.4	0x21fc	No error (0)	www.google.com		142.250.101.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.510114908 CEST	1.1.1.1	192.168.2.4	0x374c	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	mscom.demdex.net	gslb-2.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	gslb-2.demdex.net	edge-usw2.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	edge-usw2.demdex.net	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com		52.40.13.65	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com		34.213.75.202	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com		52.89.237.227	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com		34.215.200.243	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com		34.215.74.30	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com		35.161.28.41	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com		100.21.16.173	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.826327085 CEST	1.1.1.1	192.168.2.4	0x588f	No error (0)	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com		35.83.134.25	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.829787970 CEST	1.1.1.1	192.168.2.4	0xeb78	No error (0)	microsoftmscompoc.tt.omtrdc.net	adobetarget.data.adobedc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:43.829787970 CEST	1.1.1.1	192.168.2.4	0xeb78	No error (0)	adobetarget.data.adobedc.net		63.140.36.145	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.829787970 CEST	1.1.1.1	192.168.2.4	0xeb78	No error (0)	adobetarget.data.adobedc.net		63.140.37.206	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.829787970 CEST	1.1.1.1	192.168.2.4	0xeb78	No error (0)	adobetarget.data.adobedc.net		63.140.37.126	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.829787970 CEST	1.1.1.1	192.168.2.4	0xeb78	No error (0)	adobetarget.data.adobedc.net		63.140.36.51	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.843866110 CEST	1.1.1.1	192.168.2.4	0x8c5	No error (0)	microsoftmscompoc.tt.omtrdc.net	adobetarget.data.adobedc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:43.860871077 CEST	1.1.1.1	192.168.2.4	0x1bef	No error (0)	microsoftmscompoc.tt.omtrdc.net	adobetarget.data.adobedc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:43.861840963 CEST	1.1.1.1	192.168.2.4	0xedc0	No error (0)	microsoftmscompoc.tt.omtrdc.net	adobetarget.data.adobedc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:43.861840963 CEST	1.1.1.1	192.168.2.4	0xedc0	No error (0)	adobetarget.data.adobedc.net		63.140.37.206	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.861840963 CEST	1.1.1.1	192.168.2.4	0xedc0	No error (0)	adobetarget.data.adobedc.net		63.140.37.126	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.861840963 CEST	1.1.1.1	192.168.2.4	0xedc0	No error (0)	adobetarget.data.adobedc.net		63.140.36.51	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.861840963 CEST	1.1.1.1	192.168.2.4	0xedc0	No error (0)	adobetarget.data.adobedc.net		63.140.36.145	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:43.884671926 CEST	1.1.1.1	192.168.2.4	0x78aa	No error (0)	mscom.demdex.net	gslb-2.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:43.884671926 CEST	1.1.1.1	192.168.2.4	0x78aa	No error (0)	gslb-2.demdex.net	edge-usw2.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:43.884671926 CEST	1.1.1.1	192.168.2.4	0x78aa	No error (0)	edge-usw2.demdex.net	dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:46.569220066 CEST	1.1.1.1	192.168.2.4	0xcd0b	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:46.594676018 CEST	1.1.1.1	192.168.2.4	0xe538	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:50.381925106 CEST	1.1.1.1	192.168.2.4	0xb3d5	No error (0)	microsoftmscompoc.tt.omtrdc.net	adobetarget.data.adobedc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:50.381925106 CEST	1.1.1.1	192.168.2.4	0xb3d5	No error (0)	adobetarget.data.adobedc.net		63.140.36.51	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:50.381925106 CEST	1.1.1.1	192.168.2.4	0xb3d5	No error (0)	adobetarget.data.adobedc.net		63.140.37.126	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:50.381925106 CEST	1.1.1.1	192.168.2.4	0xb3d5	No error (0)	adobetarget.data.adobedc.net		63.140.36.145	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:50.381925106 CEST	1.1.1.1	192.168.2.4	0xb3d5	No error (0)	adobetarget.data.adobedc.net		63.140.37.206	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:04:50.382725000 CEST	1.1.1.1	192.168.2.4	0xbc37	No error (0)	microsoftmscompoc.tt.omtrdc.net	adobetarget.data.adobedc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:50.796503067 CEST	1.1.1.1	192.168.2.4	0xf15a	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:50.812432051 CEST	1.1.1.1	192.168.2.4	0x8fa8	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:53.474956989 CEST	1.1.1.1	192.168.2.4	0x8cda	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:04:53.475295067 CEST	1.1.1.1	192.168.2.4	0x9cce	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:05:47.288938046 CEST	1.1.1.1	192.168.2.4	0x12dd	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:05:47.296369076 CEST	1.1.1.1	192.168.2.4	0xeee5	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:04:42 UTC	682	OUT	GET /mscc/lib/v2/wcp-consent.js HTTP/1.1 Host: wcpstatic.microsoft.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://learn.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: MC1=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917; MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE
2024-04-24 07:04:42 UTC	713	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:04:42 GMT Content-Type: application/javascript Content-Length: 52717 Connection: close Access-Control-Allow-Origin: * Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding Age: 26822 Cache-Control: max-age=43200 Content-MD5: QT/MdZzBmCG2G2lBgIsptQ== Etag: 0x8DA85F6F74C6D08 Last-Modified: Wed, 24 Aug 2022 17:34:58 GMT Vary: Accept-Encoding X-Cache: CONFIG_NOCACHE x-ms-blob-type: BlockBlob x-ms-lease-status: unlocked x-ms-request-id: 85ec1d2a-d01e-00ed-56d7-95f393000000 x-ms-version: 2009-09-19 x-azure-ref: 20240424T070442Z-168bb8d798b94t6v8q1baus7z800000000ag0000000090f8 Accept-Ranges: bytes
2024-04-24 07:04:42 UTC	15671	IN	Data Raw: 76 61 72 20 57 63 70 43 6f 6e 73 65 6e 74 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 32 32 39 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 77 69 6e 64 6f 77 2c 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 6e 29 7b 69 66 28 74 5b 6e 5d 29 72 65 74 75 72 6e 20 74 5b 6e 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 72 3d 74 5b 6e 5d 3d 7b 69 3a 6e 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 6e 5d 2e 63 61 6c 6c 28 72 2e 65 78 70 6f 72 74 73 2c 72 2c 72 2e 65 78 70 6f 72 74 73 2c 6f 29 2c 72 2e 6c 3d 21 30 2c 72 2e 65 78 70 6f 72 74 73 7d 72 65 74 75 72 6e 20 6f 2e 6d 3d 65 2c 6f 2e 63 3d 74 2c 6f 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 Data Ascii: var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e
2024-04-24 07:04:42 UTC	16384	IN	Data Raw: 29 7b 72 65 74 75 72 6e 20 65 3f 65 2e 72 65 70 6c 61 63 65 28 2f 26 2f 67 2c 22 26 61 6d 70 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 3c 2f 67 2c 22 26 6c 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 3e 2f 67 2c 22 26 67 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 2c 22 26 71 75 6f 74 3b 22 29 2e 72 65 70 6c 61 63 65 28 2f 27 2f 67 2c 22 26 23 30 33 39 3b 22 29 3a 22 22 7d 2c 65 7d 28 29 2c 61 3d 6e 2e 6c 6f 63 61 6c 73 2c 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 65 2c 74 2c 6f 2c 6e 2c 72 2c 69 2c 61 29 7b 74 68 69 73 2e 64 69 72 65 63 74 69 6f 6e 3d 22 6c 74 72 22 2c 74 68 69 73 2e 70 72 65 76 69 6f 75 73 46 6f 63 75 73 45 6c 65 6d 65 6e 74 42 65 66 6f 72 65 50 6f 70 75 70 3d 6e 75 6c 6c 2c 74 68 69 73 2e 63 6f 6f 6b 69 Data Ascii: ){return e?e.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">").replace(/"/g,""").replace(/'/g,"'"):""},e}(),a=n.locals,l=function(){function e(e,t,o,n,r,i,a){this.direction="ltr",this.previousFocusElementBeforePopup=null,this.cooki
2024-04-24 07:04:42 UTC	713	IN	Data Raw: 6f 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 2c 74 2b 3d 27 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 2e 27 2b 63 2e 63 6f 6f 6b 69 65 49 74 65 6d 52 61 64 69 6f 42 74 6e 2b 22 20 2b 20 6c 61 62 65 6c 3a 68 6f 76 65 72 3a 3a 61 66 74 65 72 20 7b 5c 6e 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 22 2b 65 5b 22 72 61 64 69 6f 2d 62 75 74 74 6f 6e 2d 68 6f 76 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 2c 74 2b 3d 27 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 2e 27 2b 63 2e 63 6f 6f 6b 69 65 49 74 65 6d 52 61 64 69 6f 42 74 6e 2b 22 20 2b 20 6c Data Ascii: or"]+" !important;\n }",t+='input[type="radio"].'+c.cookieItemRadioBtn+" + label:hover::after {\n background-color: "+e["radio-button-hover-background-color"]+" !important;\n }",t+='input[type="radio"].'+c.cookieItemRadioBtn+" + l
2024-04-24 07:04:42 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 22 2b 65 5b 22 72 61 64 69 6f 2d 62 75 74 74 6f 6e 2d 64 69 73 61 62 6c 65 64 2d 63 6f 6c 6f 72 22 5d 2b 22 20 21 69 6d 70 6f 72 74 61 6e 74 3b 5c 6e 20 20 20 20 20 20 20 20 7d 22 7d 2c 65 7d 28 29 2c 64 3d 5b 22 61 72 22 2c 22 68 65 22 2c 22 70 73 22 2c 22 75 72 22 2c 22 66 61 22 2c 22 70 61 22 2c 22 73 64 22 2c 22 74 6b 22 2c 22 75 67 22 2c 22 79 69 22 2c 22 73 79 72 22 2c 22 6b 73 2d 61 72 61 62 22 5d 2c 75 3d 7b 22 63 6c 6f 73 65 2d 62 75 74 74 6f 6e 2d 63 6f 6c 6f 72 22 3a 22 23 36 36 36 36 36 36 22 2c 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d 64 69 73 61 62 6c 65 64 2d 6f 70 61 63 69 74 79 22 3a 22 31 22 2c 22 73 65 63 6f 6e 64 61 72 79 2d 62 75 74 74 6f 6e 2d Data Ascii: background-color: "+e["radio-button-disabled-color"]+" !important;\n }"},e}(),d=["ar","he","ps","ur","fa","pa","sd","tk","ug","yi","syr","ks-arab"],u={"close-button-color":"#666666","secondary-button-disabled-opacity":"1","secondary-button-
2024-04-24 07:04:42 UTC	3565	IN	Data Raw: 2d 22 29 5b 30 5d 3b 6f 3d 65 2e 73 70 6c 69 74 28 22 2d 22 29 5b 30 5d 3d 3d 3d 6e 7d 72 65 74 75 72 6e 20 6f 7d 28 65 2c 63 29 7d 29 29 3b 73 26 26 30 3d 3d 3d 73 2e 6c 65 6e 67 74 68 26 26 28 65 3d 22 65 6e 2d 55 53 22 29 2c 6f 2e 70 6c 61 63 65 68 6f 6c 64 65 72 45 6c 65 6d 65 6e 74 3d 6c 2c 72 26 26 6f 2e 63 6f 6e 73 65 6e 74 43 68 61 6e 67 65 64 43 61 6c 6c 62 61 63 6b 73 2e 72 65 67 69 73 74 65 72 43 61 6c 6c 62 61 63 6b 28 72 29 2c 6f 2e 73 61 76 65 43 6f 6f 6b 69 65 28 29 2c 6f 2e 73 69 74 65 43 6f 6e 73 65 6e 74 3d 6e 65 77 20 66 28 21 31 29 2c 6e 75 6c 6c 3d 3d 6e 7c 7c 6e 28 76 6f 69 64 20 30 2c 6f 2e 73 69 74 65 43 6f 6e 73 65 6e 74 29 2c 6f 2e 69 73 49 6e 69 74 52 65 61 64 79 3d 21 30 2c 74 68 69 73 2e 63 6f 6e 73 65 6e 74 43 68 61 6e 67 65 Data Ascii: -")[0];o=e.split("-")[0]===n}return o}(e,c)}));s&&0===s.length&&(e="en-US"),o.placeholderElement=l,r&&o.consentChangedCallbacks.registerCallback(r),o.saveCookie(),o.siteConsent=new f(!1),null==n\|\|n(void 0,o.siteConsent),o.isInitReady=!0,this.consentChange

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:04:42 UTC	549	OUT	GET /scripts/c/ms.jsll-3.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://learn.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-24 07:04:42 UTC	960	IN	HTTP/1.1 200 OK Date: Wed, 24 Apr 2024 07:04:42 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 185160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=1800, immutable, no-transform Last-Modified: Mon, 25 Mar 2024 17:36:27 GMT ETag: 0x8DC4CF219992427 x-ms-request-id: 801f4a01-801e-00c6-776c-91e6c3000000 x-ms-version: 2009-09-19 x-ms-meta-jssdkver: 3.2.17 x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-3.2.17.min.js Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240424T070442Z-168bb8d798b5v6l944pfnrufyw000000010g00000000puq2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-24 07:04:42 UTC	15424	IN	Data Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 4c 4c 20 53 4b 55 2c 20 33 2e 32 2e 31 37 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 21 3d 6e 29 74 28 65 78 70 6f 72 74 73 29 3b 65 6c 73 65 20 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 Data Ascii: /! 1DS JSLL SKU, 3.2.17 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&def
2024-04-24 07:04:42 UTC	16384	IN	Data Raw: 39 36 37 32 39 35 7c 33 26 74 29 3e 3e 3e 30 2c 6e 3d 30 29 3b 72 65 74 75 72 6e 20 72 7d 76 61 72 20 57 72 3d 65 2c 47 72 3d 22 32 2e 38 2e 31 38 22 2c 58 72 3d 22 2e 22 2b 4b 72 28 36 29 2c 51 72 3d 30 3b 66 75 6e 63 74 69 6f 6e 20 4a 72 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 5b 4d 5d 7c 7c 39 3d 3d 3d 65 5b 4d 5d 7c 7c 21 2b 65 5b 4d 5d 7d 66 75 6e 63 74 69 6f 6e 20 59 72 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 4d 74 28 65 2b 51 72 2b 2b 2b 28 28 74 3d 76 6f 69 64 20 30 21 3d 3d 74 26 26 74 29 3f 22 2e 22 2b 47 72 3a 70 29 2b 58 72 29 7d 66 75 6e 63 74 69 6f 6e 20 24 72 28 65 29 7b 76 61 72 20 61 3d 7b 69 64 3a 59 72 28 22 5f 61 69 44 61 74 61 2d 22 2b 28 65 7c 7c 70 29 2b 22 2e 22 2b 47 72 29 2c 61 63 63 65 70 74 3a 4a 72 2c 67 65 74 3a 66 75 Data Ascii: 967295\|3&t)>>>0,n=0);return r}var Wr=e,Gr="2.8.18",Xr="."+Kr(6),Qr=0;function Jr(e){return 1===e[M]\|\|9===e[M]\|\|!+e[M]}function Yr(e,t){return Mt(e+Qr+++((t=void 0!==t&&t)?"."+Gr:p)+Xr)}function $r(e){var a={id:Yr("_aiData-"+(e\|\|p)+"."+Gr),accept:Jr,get:fu
2024-04-24 07:04:42 UTC	16384	IN	Data Raw: 2c 68 5b 51 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 4e 26 26 74 6e 28 55 61 29 2c 68 5b 68 65 5d 28 29 26 26 74 6e 28 22 43 6f 72 65 20 73 68 6f 75 6c 64 20 6e 6f 74 20 62 65 20 69 6e 69 74 69 61 6c 69 7a 65 64 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 63 65 22 29 2c 43 3d 65 7c 7c 7b 7d 2c 68 5b 76 65 5d 3d 43 2c 59 28 65 5b 6d 65 5d 29 26 26 74 6e 28 22 50 6c 65 61 73 65 20 70 72 6f 76 69 64 65 20 69 6e 73 74 72 75 6d 65 6e 74 61 74 69 6f 6e 20 6b 65 79 22 29 2c 69 3d 72 2c 68 5b 4c 61 5d 3d 72 3b 65 3d 5a 74 28 43 2e 64 69 73 61 62 6c 65 44 62 67 45 78 74 29 2c 21 30 3d 3d 3d 65 26 26 50 26 26 28 69 5b 49 65 5d 28 50 29 2c 50 3d 6e 75 6c 6c 29 2c 69 26 26 21 50 26 26 21 30 21 3d 3d 65 26 26 28 50 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b Data Ascii: ,h[Q]=function(e,t,n,r){N&&tn(Ua),h[he]()&&tn("Core should not be initialized more than once"),C=e\|\|{},h[ve]=C,Y(e[me])&&tn("Please provide instrumentation key"),i=r,h[La]=r;e=Zt(C.disableDbgExt),!0===e&&P&&(i[Ie](P),P=null),i&&!P&&!0!==e&&(P=function(e){
2024-04-24 07:04:42 UTC	16384	IN	Data Raw: 6f 6e 20 4b 73 28 65 29 7b 76 61 72 20 74 2c 6e 3d 6e 75 6c 6c 3b 69 66 28 65 29 74 72 79 7b 65 5b 4c 73 5d 3f 6e 3d 7a 73 28 65 5b 4c 73 5d 29 3a 65 5b 4d 73 5d 26 26 65 5b 4d 73 5d 5b 4c 73 5d 3f 6e 3d 7a 73 28 65 5b 4d 73 5d 5b 4c 73 5d 29 3a 65 2e 65 78 63 65 70 74 69 6f 6e 26 26 65 2e 65 78 63 65 70 74 69 6f 6e 5b 4c 73 5d 3f 6e 3d 7a 73 28 65 2e 65 78 63 65 70 74 69 6f 6e 5b 4c 73 5d 29 3a 6a 73 28 65 29 3f 6e 3d 65 3a 6a 73 28 65 5b 55 73 5d 29 3f 6e 3d 65 5b 55 73 5d 3a 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 6f 70 65 72 61 26 26 65 5b 48 73 5d 3f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 6e 3d 65 5b 77 6f 5d 28 22 5c 6e 22 29 2c 72 3d 30 3b 72 3c 6e 5b 68 5d 3b 72 2b 2b 29 7b 76 61 72 20 69 3d 6e 5b 72 Data Ascii: on Ks(e){var t,n=null;if(e)try{e[Ls]?n=zs(e[Ls]):e[Ms]&&e[Ms][Ls]?n=zs(e[Ms][Ls]):e.exception&&e.exception[Ls]?n=zs(e.exception[Ls]):js(e)?n=e:js(e[Us])?n=e[Us]:window&&window.opera&&e[Hs]?n=function(e){for(var t=[],n=e[wo]("\n"),r=0;r<n[h];r++){var i=n[r
2024-04-24 07:04:42 UTC	16384	IN	Data Raw: 6b 54 72 61 63 65 20 66 61 69 6c 65 64 2c 20 74 72 61 63 65 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 76 28 72 29 2c 7b 65 78 63 65 70 74 69 6f 6e 3a 73 65 28 72 29 7d 29 7d 7d 2c 53 2e 74 72 61 63 6b 4d 65 74 72 69 63 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 72 79 7b 76 61 72 20 6e 3d 54 63 28 65 2c 74 63 5b 52 63 5d 2c 74 63 5b 4d 63 5d 2c 53 5b 4c 63 5d 28 29 2c 74 29 3b 53 5b 47 5d 5b 55 63 5d 28 6e 29 7d 63 61 74 63 68 28 72 29 7b 64 28 31 2c 33 36 2c 22 74 72 61 63 6b 4d 65 74 72 69 63 20 66 61 69 6c 65 64 2c 20 6d 65 74 72 69 63 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 76 28 72 29 2c 7b 65 78 63 65 70 74 69 6f 6e 3a 73 65 28 72 29 7d 29 7d 7d 2c 53 5b 56 63 5d 3d 66 75 Data Ascii: kTrace failed, trace will not be collected: "+v(r),{exception:se(r)})}},S.trackMetric=function(e,t){try{var n=Tc(e,tc[Rc],tc[Mc],S[Lc](),t);S[G][Uc](n)}catch(r){d(1,36,"trackMetric failed, metric will not be collected: "+v(r),{exception:se(r)})}},S[Vc]=fu
2024-04-24 07:04:43 UTC	16384	IN	Data Raw: 7c 4c 74 28 72 2c 22 2f 22 29 29 26 26 28 61 2e 73 79 6e 63 3d 33 29 29 2c 65 26 26 28 61 2e 74 61 72 67 65 74 55 72 69 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 22 22 3b 73 77 69 74 63 68 28 74 2e 74 61 67 4e 61 6d 65 29 7b 63 61 73 65 22 41 22 3a 63 61 73 65 22 41 52 45 41 22 3a 65 3d 74 2e 68 72 65 66 7c 7c 22 22 3b 62 72 65 61 6b 3b 63 61 73 65 22 49 4d 47 22 3a 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 29 7b 76 61 72 20 65 3d 4d 75 28 74 2c 4c 75 29 3b 69 66 28 65 26 26 31 3d 3d 3d 65 2e 6c 65 6e 67 74 68 29 7b 69 66 28 65 5b 30 5d 2e 68 72 65 66 29 72 65 74 75 72 6e 20 65 5b 30 5d 2e 68 72 65 66 3b 69 66 28 65 5b 30 5d 2e 73 72 63 29 72 65 74 75 72 6e 20 65 5b 30 5d 2e 73 72 63 7d 7d 72 65 74 75 72 6e 22 22 7d 28 29 3b 62 72 Data Ascii: \|Lt(r,"/"))&&(a.sync=3)),e&&(a.targetUri=function(t){var e="";switch(t.tagName){case"A":case"AREA":e=t.href\|\|"";break;case"IMG":e=function(){if(t){var e=Mu(t,Lu);if(e&&1===e.length){if(e[0].href)return e[0].href;if(e[0].src)return e[0].src}}return""}();br
2024-04-24 07:04:43 UTC	16384	IN	Data Raw: 72 79 28 65 2c 74 29 7d 2c 66 2e 74 72 61 63 6b 45 76 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 6e 2c 65 29 7b 6e 2e 6c 61 74 65 6e 63 79 3d 6e 2e 6c 61 74 65 6e 63 79 7c 7c 31 2c 6e 2e 62 61 73 65 44 61 74 61 3d 6e 2e 62 61 73 65 44 61 74 61 7c 7c 7b 7d 2c 6e 2e 64 61 74 61 3d 6e 2e 64 61 74 61 7c 7c 7b 7d 2c 75 65 28 65 29 26 26 65 65 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 6e 2e 64 61 74 61 5b 65 5d 3d 74 7d 29 2c 66 2e 63 6f 72 65 2e 74 72 61 63 6b 28 6e 29 7d 2c 66 2e 74 72 61 63 6b 50 61 67 65 56 69 65 77 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 49 2e 5f 72 65 63 6f 72 64 54 69 6d 65 53 70 61 6e 28 22 64 77 65 6c 6c 54 69 6d 65 22 2c 21 31 29 2c 54 2e 76 3d 30 2c 69 3d 21 31 2c 66 2e 69 64 2e 69 6e 69 74 69 61 6c 69 7a 65 49 64 73 28 29 Data Ascii: ry(e,t)},f.trackEvent=function(n,e){n.latency=n.latency\|\|1,n.baseData=n.baseData\|\|{},n.data=n.data\|\|{},ue(e)&&ee(e,function(e,t){n.data[e]=t}),f.core.track(n)},f.trackPageView=function(e,t){I._recordTimeSpan("dwellTime",!1),T.v=0,i=!1,f.id.initializeIds()
2024-04-24 07:04:43 UTC	16384	IN	Data Raw: 65 72 43 61 73 65 28 29 3d 3d 69 29 7b 6e 3d 21 30 3b 62 72 65 61 6b 7d 7d 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 56 66 28 65 2c 74 2c 6e 2c 72 29 7b 74 26 26 6e 26 26 30 3c 6e 2e 6c 65 6e 67 74 68 26 26 28 72 26 26 4f 66 5b 74 5d 3f 28 65 2e 68 64 72 73 5b 4f 66 5b 74 5d 5d 3d 6e 2c 65 2e 75 73 65 48 64 72 73 3d 21 30 29 3a 65 2e 75 72 6c 2b 3d 22 26 22 2b 74 2b 22 3d 22 2b 6e 29 7d 66 75 6e 63 74 69 6f 6e 20 48 66 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 26 26 28 48 74 28 74 29 3f 65 3d 5b 74 5d 2e 63 6f 6e 63 61 74 28 65 29 3a 46 28 74 29 26 26 28 65 3d 74 2e 63 6f 6e 63 61 74 28 65 29 29 29 2c 65 7d 4d 66 28 63 66 2c 63 66 2c 21 31 29 2c 4d 66 28 6e 66 2c 6e 66 29 2c 4d 66 28 72 66 2c 22 43 6c 69 65 6e 74 2d 49 64 22 29 2c 4d 66 28 Data Ascii: erCase()==i){n=!0;break}}}return n}function Vf(e,t,n,r){t&&n&&0<n.length&&(r&&Of[t]?(e.hdrs[Of[t]]=n,e.useHdrs=!0):e.url+="&"+t+"="+n)}function Hf(e,t){return t&&(Ht(t)?e=[t].concat(e):F(t)&&(e=t.concat(e))),e}Mf(cf,cf,!1),Mf(nf,nf),Mf(rf,"Client-Id"),Mf(
2024-04-24 07:04:43 UTC	16384	IN	Data Raw: 61 74 68 2e 63 65 69 6c 28 72 29 2a 74 5b 31 5d 29 2c 30 3c 3d 6e 26 26 30 3c 3d 74 5b 31 5d 26 26 6e 3e 74 5b 31 5d 26 26 28 6e 3d 74 5b 31 5d 29 2c 74 2e 70 75 73 68 28 6e 29 2c 42 5b 65 5d 3d 74 29 7d 29 7d 2c 6c 2e 66 6c 75 73 68 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 21 30 29 2c 55 7c 7c 28 6e 3d 6e 7c 7c 31 2c 65 3f 6e 75 6c 6c 3d 3d 4c 3f 28 63 28 29 2c 6d 28 31 2c 30 2c 6e 29 2c 4c 3d 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c 3d 6e 75 6c 6c 2c 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 74 29 7b 61 28 31 2c 30 2c 74 29 2c 76 28 29 2c 66 75 6e 63 74 69 6f 6e 20 6e 28 65 29 7b 44 2e 69 73 43 6f 6d 70 6c 65 74 65 6c 79 49 64 6c 65 28 29 3f 65 28 29 3a 4c 3d 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 4c Data Ascii: ath.ceil(r)*t[1]),0<=n&&0<=t[1]&&n>t[1]&&(n=t[1]),t.push(n),B[e]=t)})},l.flush=function(e,t,n){void 0===e&&(e=!0),U\|\|(n=n\|\|1,e?null==L?(c(),m(1,0,n),L=s(function(){L=null,function r(e,t){a(1,0,t),v(),function n(e){D.isCompletelyIdle()?e():L=s(function(){L
2024-04-24 07:04:43 UTC	16384	IN	Data Raw: 28 29 7d 7d 29 2c 65 7d 74 28 73 70 2c 61 70 3d 43 74 29 2c 73 70 2e 5f 5f 69 65 44 79 6e 3d 31 3b 76 61 72 20 63 70 3d 73 70 3b 66 75 6e 63 74 69 6f 6e 20 75 70 28 74 29 7b 76 61 72 20 6e 3d 70 6f 28 29 2c 72 3d 74 61 28 29 3b 72 65 28 75 70 2c 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 67 65 74 54 72 61 63 65 49 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 26 26 74 2e 67 65 74 54 72 61 63 65 43 74 78 26 26 74 2e 67 65 74 54 72 61 63 65 43 74 78 28 29 2e 67 65 74 54 72 61 63 65 49 64 28 29 7c 7c 72 7d 2c 65 2e 67 65 74 4c 61 73 74 50 61 67 65 56 69 65 77 49 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 7d 7d 29 7d 75 70 2e 5f 5f 69 65 44 79 6e 3d 31 3b 76 61 72 20 6c 70 3d 75 70 2c 66 70 3d 22 64 75 72 61 Data Ascii: ()}}),e}t(sp,ap=Ct),sp.__ieDyn=1;var cp=sp;function up(t){var n=po(),r=ta();re(up,this,function(e){e.getTraceId=function(){return t&&t.getTraceCtx&&t.getTraceCtx().getTraceId()\|\|r},e.getLastPageViewId=function(){return n}})}up.__ieDyn=1;var lp=up,fp="dura

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:04:44 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 07:04:44 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=259115 Date: Wed, 24 Apr 2024 07:04:44 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:04:45 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-24 07:04:45 UTC	521	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-MSEdge-Ref: Ref A: CC1186E36C704BA5AF8177F229D6CC87 Ref B: PAOEDGE0621 Ref C: 2023-04-04T13:32:33Z Cache-Control: public, max-age=259066 Date: Wed, 24 Apr 2024 07:04:45 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-24 07:04:45 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:04:49 UTC	915	OUT	POST /rest/v1/delivery?client=microsoftmscompoc&sessionId=0791c829041c4c068b787022a66647a2&version=2.9.0 HTTP/1.1 Host: target.microsoft.com Connection: keep-alive Content-Length: 1111 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://learn.microsoft.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://learn.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: MC1=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917; MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; MSCC=NR; at_check=true; mbox=session#0791c829041c4c068b787022a66647a2#1713944147
2024-04-24 07:04:49 UTC	1111	OUT	Data Raw: 7b 22 72 65 71 75 65 73 74 49 64 22 3a 22 30 64 30 39 62 63 61 35 35 63 37 62 34 61 35 62 39 31 64 62 63 36 38 38 34 37 36 36 61 65 62 62 22 2c 22 63 6f 6e 74 65 78 74 22 3a 7b 22 75 73 65 72 41 67 65 6e 74 22 3a 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 31 31 37 2e 30 2e 30 2e 30 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 22 2c 22 63 6c 69 65 6e 74 48 69 6e 74 73 22 3a 7b 22 6d 6f 62 69 6c 65 22 3a 66 61 6c 73 65 2c 22 70 6c 61 74 66 6f 72 6d 22 3a 22 57 69 6e 64 6f 77 73 22 2c 22 62 72 6f 77 73 65 72 55 41 57 69 74 68 4d 61 6a 6f 72 Data Ascii: {"requestId":"0d09bca55c7b4a5b91dbc6884766aebb","context":{"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36","clientHints":{"mobile":false,"platform":"Windows","browserUAWithMajor
2024-04-24 07:04:50 UTC	845	IN	HTTP/1.1 200 OK date: Wed, 24 Apr 2024 07:04:49 GMT content-type: application/json;charset=UTF-8 vary: origin,access-control-request-method,access-control-request-headers,accept-encoding access-control-allow-origin: https://learn.microsoft.com access-control-allow-credentials: true x-request-id: 5330aeb3-e89c-4a77-8b1c-05cd4f511aa6 timing-allow-origin: * accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List referrer-policy: strict-origin-when-cross-origin server: jag strict-transport-security: max-age=31536000; includeSubDomains cache-control: no-cache, no-store, max-age=0, no-transform, private x-xss-protection: 1; mode=block x-content-type-options: nosniff connection: close transfer-encoding: chunked
2024-04-24 07:04:50 UTC	1534	IN	Data Raw: 35 66 37 0d 0a 7b 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 72 65 71 75 65 73 74 49 64 22 3a 22 30 64 30 39 62 63 61 35 35 63 37 62 34 61 35 62 39 31 64 62 63 36 38 38 34 37 36 36 61 65 62 62 22 2c 22 63 6c 69 65 6e 74 22 3a 22 6d 69 63 72 6f 73 6f 66 74 6d 73 63 6f 6d 70 6f 63 22 2c 22 69 64 22 3a 7b 22 74 6e 74 49 64 22 3a 22 30 37 39 31 63 38 32 39 30 34 31 63 34 63 30 36 38 62 37 38 37 30 32 32 61 36 36 36 34 37 61 32 2e 33 35 5f 30 22 2c 22 74 68 69 72 64 50 61 72 74 79 49 64 22 3a 22 37 34 39 65 65 65 36 30 33 39 63 35 34 38 39 62 39 64 62 33 30 30 30 63 37 61 62 33 66 33 39 39 22 7d 2c 22 65 64 67 65 48 6f 73 74 22 3a 22 6d 62 6f 78 65 64 67 65 33 35 2e 74 74 2e 6f 6d 74 72 64 63 2e 6e 65 74 22 2c 22 70 72 65 66 65 74 63 68 22 3a 7b 7d 2c 22 74 65 Data Ascii: 5f7{"status":200,"requestId":"0d09bca55c7b4a5b91dbc6884766aebb","client":"microsoftmscompoc","id":{"tntId":"0791c829041c4c068b787022a66647a2.35_0","thirdPartyId":"749eee6039c5489b9db3000c7ab3f399"},"edgeHost":"mboxedge35.tt.omtrdc.net","prefetch":{},"te
2024-04-24 07:04:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:04:50 UTC	707	OUT	GET /rest/v1/delivery?client=microsoftmscompoc&sessionId=0791c829041c4c068b787022a66647a2&version=2.9.0 HTTP/1.1 Host: target.microsoft.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: MC1=GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917; MUID=375E6F2E0D8F6B9C2CEB7C8E098F6DFE; MSCC=NR; at_check=true; mbox=session#0791c829041c4c068b787022a66647a2#1713944149\|PC#0791c829041c4c068b787022a66647a2.35_0#1748122289
2024-04-24 07:04:51 UTC	450	IN	HTTP/1.1 405 Method Not Allowed date: Wed, 24 Apr 2024 07:04:51 GMT content-type: application/json;charset=UTF-8 vary: accept-encoding referrer-policy: strict-origin-when-cross-origin server: jag strict-transport-security: max-age=31536000; includeSubDomains cache-control: no-cache, no-store, max-age=0, no-transform, private x-xss-protection: 1; mode=block x-content-type-options: nosniff connection: close transfer-encoding: chunked
2024-04-24 07:04:51 UTC	67	IN	Data Raw: 33 64 0d 0a 7b 22 73 74 61 74 75 73 22 3a 34 30 35 2c 22 6d 65 73 73 61 67 65 22 3a 22 52 65 71 75 65 73 74 20 6d 65 74 68 6f 64 20 27 47 45 54 27 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 22 7d 0d 0a Data Ascii: 3d{"status":405,"message":"Request method 'GET' not supported"}
2024-04-24 07:04:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:04:51 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gztnYs+RTGfK+AB&MD=PdPVE7VN HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-24 07:04:52 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 8c3cf2ba-8e0d-4706-868c-d54e1033e429 MS-RequestId: 552ca7f2-3e8f-4672-821e-ed0d4ea0f23e MS-CV: yljzP9IfqUCDFwMt.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 24 Apr 2024 07:04:51 GMT Connection: close Content-Length: 24490
2024-04-24 07:04:52 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-24 07:04:52 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-04-24 07:05:29 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=gztnYs+RTGfK+AB&MD=PdPVE7VN HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-24 07:05:29 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: b5fe7fbc-da6d-4fd2-b35b-a97950e787c2 MS-RequestId: 43eab237-976f-4aa2-81ce-a165d8ef24bf MS-CV: iafOTrUTq0uJSOa6.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 24 Apr 2024 07:05:29 GMT Connection: close Content-Length: 25457
2024-04-24 07:05:29 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-24 07:05:29 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Target ID:	0
Start time:	09:04:31
Start date:	24/04/2024
Path:	C:\Users\user\Desktop\WAXD480.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\WAXD480.exe"
Imagebase:	0x400000
File size:	14'544'896 bytes
MD5 hash:	7F1FFC9BE9757477A8A39CB06D5032C8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	1
Start time:	09:04:36
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	3
Start time:	09:04:37
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=2028,i,4872466835619599832,212431843967096772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	4
Start time:	09:04:39
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WAXD480.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Target ID:	5
Start time:	09:04:40
Start date:	24/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1996,i,12553455973178745463,2557296557389022246,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report WAXD480.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Windows Analysis Report
WAXD480.exe

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre