Edit tour

Windows Analysis Report
1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Overview

General Information

Sample name:	1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe
Analysis ID:	1590665
MD5:	3e766051d054efc1054ba59f63730b54
SHA1:	1702e3ec499305b1f43feb54ca8f119a694b6b8b
SHA256:	2f958c27bdc0c1f9ab6b1c418c59797e75c78975ebf842cd69fd5f7d262eeed9
Tags:	base64-decodedexeuser-abuse_ch
Infos:

Detection

XWorm

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected XWorm

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Creates a process in suspended mode (likely to inject code)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file does not import any functions

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses insecure TLS / SSL version for HTTPS connection

Yara signature match

Classification

Process Tree

System is w10x64

1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe (PID: 7112 cmdline: "C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe" MD5: 3E766051D054EFC1054BA59F63730B54)

chrome.exe (PID: 6396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6752 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,3598139274571404283,11396411126130775261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7612 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1916,i,9919558999657325056,13372659723111852601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XWorm	Malware with wide range of capabilities ranging from RAT to ransomware.	No Attribution	https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/ https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/ https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ https://cert.pl/en/posts/2023/10/deworming-the-xworm/ https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["38.255.56.125"], "Port": 5858, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	rat_win_xworm_v3	Finds XWorm (version XClient, v3) samples based on characteristic strings	Sekoia.io	0xc22c:$str01: $VB$Local_Port 0xc250:$str02: $VB$Local_Host 0xa1b2:$str03: get_Jpeg 0xa86f:$str04: get_ServicePack 0xd176:$str05: Select * from AntivirusProduct 0xd612:$str06: PCRestart 0xd626:$str07: shutdown.exe /f /r /t 0 0xd6d8:$str08: StopReport 0xd6ae:$str09: StopDDos 0xd7a4:$str10: sendPlugin 0xd942:$str12: -ExecutionPolicy Bypass -File " 0xdc4b:$str13: Content-length: 5235
1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0xecdd:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0xed7a:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0xee8f:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0xdb66:$cnc4: POST / HTTP/1.1

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.2008133839.0000000000DA2000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000000.00000000.2008133839.0000000000DA2000.00000002.00000001.01000000.00000003.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0xeadd:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0xeb7a:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0xec8f:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0xd966:$cnc4: POST / HTTP/1.1
Process Memory Space: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe PID: 7112	JoeSecurity_XWorm	Yara detected XWorm	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe.da0000.0.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
0.0.1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe.da0000.0.unpack	rat_win_xworm_v3	Finds XWorm (version XClient, v3) samples based on characteristic strings	Sekoia.io	0xc22c:$str01: $VB$Local_Port 0xc250:$str02: $VB$Local_Host 0xa1b2:$str03: get_Jpeg 0xa86f:$str04: get_ServicePack 0xd176:$str05: Select * from AntivirusProduct 0xd612:$str06: PCRestart 0xd626:$str07: shutdown.exe /f /r /t 0 0xd6d8:$str08: StopReport 0xd6ae:$str09: StopDDos 0xd7a4:$str10: sendPlugin 0xd942:$str12: -ExecutionPolicy Bypass -File " 0xdc4b:$str13: Content-length: 5235
0.0.1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe.da0000.0.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0xecdd:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0xed7a:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0xee8f:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0xdb66:$cnc4: POST / HTTP/1.1

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Malware Configuration Extractor: Xworm {"C2 url": ["38.255.56.125"], "Port": 5858, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Multi AV Scanner detection for submitted file

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

ReversingLabs: Detection: 23%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.7% probability

Machine Learning detection for sample

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	String decryptor: 38.255.56.125
Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	String decryptor: 5858
Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	String decryptor: <123456789>
Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	String decryptor: <Xwormmm>
Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	String decryptor: XWorm V5.6
Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	String decryptor: USB.exe
Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	String decryptor: %AppData%
Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	String decryptor: Zoom

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49801 version: TLS 1.0

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 38.255.56.125

Source: Joe Sandbox View	IP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 1138de370e523e824bbca92d049a3777

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49801 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: </section>`}function $ce(e=tw,t=gp){return sl(D4,e,t)}function Nce(e=aw,t=sw){return sl(o4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(sQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.facebook.com (Facebook)
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: </section>`}function $ce(e=tw,t=gp){return sl(D4,e,t)}function Nce(e=aw,t=sw){return sl(o4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(sQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.linkedin.com (Linkedin)
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: </section>`}function $ce(e=tw,t=gp){return sl(D4,e,t)}function Nce(e=aw,t=sw){return sl(o4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI\|\|{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(sQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net

Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_116.4.dr	String found in binary or memory: http://schema.org/Organization
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_116.4.dr	String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://aka.ms/msignite_docs_banner
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_116.4.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_116.4.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_116.4.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://channel9.msdn.com/
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://client-api.arkoselabs.com/v2/api.js
Source: chromecache_116.4.dr	String found in binary or memory: https://github.com/Thraka
Source: chromecache_116.4.dr	String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_116.4.dr	String found in binary or memory: https://github.com/adegeo
Source: chromecache_116.4.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_116.4.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_116.4.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_116.4.dr	String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_116.4.dr	String found in binary or memory: https://github.com/gewarren
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_116.4.dr	String found in binary or memory: https://github.com/mairaw
Source: chromecache_116.4.dr	String found in binary or memory: https://github.com/nschonni
Source: chromecache_116.4.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: chromecache_101.4.dr	String found in binary or memory: https://schema.org
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05
Source: chromecache_101.4.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
Source: chromecache_95.4.dr, chromecache_101.4.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=$

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801

System Summary

Malicious sample detected (through community Yara rule)

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe, type: SAMPLE	Matched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe, type: SAMPLE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0.0.1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe.da0000.0.unpack, type: UNPACKEDPE	Matched rule: Finds XWorm (version XClient, v3) samples based on characteristic strings Author: Sekoia.io
Source: 0.0.1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe.da0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 00000000.00000000.2008133839.0000000000DA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Static PE information: No import functions for PE file found

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe, 00000000.00000000.2008168596.0000000000DB4000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameZoom 9.5.exe4 vs 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe
Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Binary or memory string: OriginalFilenameZoom 9.5.exe4 vs 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe, type: SAMPLE	Matched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe, type: SAMPLE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0.0.1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe.da0000.0.unpack, type: UNPACKEDPE	Matched rule: rat_win_xworm_v3 author = Sekoia.io, description = Finds XWorm (version XClient, v3) samples based on characteristic strings, creation_date = 2023-03-03, classification = TLP:CLEAR, version = 1.0, id = 5fb1cbd3-1e37-43b9-9606-86d896f2150b, hash = de0127ba872c0677c3594c66b2298edea58d097b5fa697302a16b1689147b147
Source: 0.0.1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe.da0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 00000000.00000000.2008133839.0000000000DA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT

Source: classification engine

Classification label: mal88.troj.winEXE@24/66@10/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe "C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe"
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,3598139274571404283,11396411126130775261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1916,i,9919558999657325056,13372659723111852601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,3598139274571404283,11396411126130775261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1916,i,9919558999657325056,13372659723111852601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Section loaded: wkscli.dll	Jump to behavior

Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.2.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociations

Jump to behavior

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior

Stealing of Sensitive Information

Yara detected XWorm

Source: Yara match	File source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe, type: SAMPLE
Source: Yara match	File source: 0.0.1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe.da0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2008133839.0000000000DA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe PID: 7112, type: MEMORYSTR

Remote Access Functionality

Yara detected XWorm

Source: Yara match	File source: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe, type: SAMPLE
Source: Yara match	File source: 0.0.1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe.da0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.2008133839.0000000000DA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe PID: 7112, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	1 Masquerading	OS Credential Dumping	2 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	11 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	13 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	24%	ReversingLabs
1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
38.255.56.125	0%	Avira URL Cloud	safe
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf	0%	Avira URL Cloud	safe
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.185.100	true	false	high
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
mdec.nelreports.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js	false		high
38.255.56.125	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf	chromecache_116.4.dr	false	Avira URL Cloud: safe	unknown
https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md	chromecache_116.4.dr	false		high
https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725	chromecache_116.4.dr	false	Avira URL Cloud: safe	unknown
https://client-api.arkoselabs.com/v2/api.js	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://github.com/Thraka	chromecache_116.4.dr	false		high
http://polymer.github.io/PATENTS.txt	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://aka.ms/certhelp	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/	chromecache_116.4.dr	false		high
https://www.linkedin.com/cws/share?url=$	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://github.com/mairaw	chromecache_116.4.dr	false		high
https://schema.org	chromecache_101.4.dr	false		high
http://polymer.github.io/LICENSE.txt	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://github.com/Youssef1313	chromecache_116.4.dr	false		high
https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://aka.ms/msignite_docs_banner	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9	chromecache_101.4.dr	false		high
http://polymer.github.io/AUTHORS.txt	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://aka.ms/yourcaliforniaprivacychoices	chromecache_116.4.dr	false		high
https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml	chromecache_116.4.dr	false		high
https://github.com/nschonni	chromecache_116.4.dr	false		high
https://management.azure.com/subscriptions?api-version=2016-06-01	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://github.com/adegeo	chromecache_116.4.dr	false		high
https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md	chromecache_116.4.dr	false		high
https://aka.ms/pshelpmechoose	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://aka.ms/feedback/report?space=61	chromecache_116.4.dr	false		high
https://github.com/jonschlinkert/is-plain-object	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://octokit.github.io/rest.js/#throttling	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://github.com/js-cookie/js-cookie	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://learn-video.azurefd.net/vod/player	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://twitter.com/intent/tweet?original_referer=$	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://github.com/gewarren	chromecache_116.4.dr	false		high
http://schema.org/Organization	chromecache_116.4.dr	false		high
http://polymer.github.io/CONTRIBUTORS.txt	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://channel9.msdn.com/	chromecache_95.4.dr, chromecache_101.4.dr	false		high
https://github.com/dotnet/try	chromecache_95.4.dr, chromecache_101.4.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.100	www.google.com	United States	15169	GOOGLEUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590665
Start date and time:	2025-01-14 13:16:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe
Detection:	MAL
Classification:	mal88.troj.winEXE@24/66@10/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.67, 2.23.242.9, 142.250.184.238, 64.233.167.84, 2.23.246.97, 142.250.184.206, 142.250.181.238, 95.101.150.2, 2.16.168.102, 2.16.168.100, 20.44.10.123, 142.250.185.234, 142.250.185.202, 172.217.16.202, 142.250.184.234, 142.250.186.138, 142.250.186.170, 172.217.23.106, 142.250.184.202, 216.58.206.42, 142.250.185.170, 172.217.16.138, 142.250.185.74, 142.250.185.106, 142.250.186.106, 142.250.181.234, 172.217.18.10, 40.79.167.8, 13.74.129.1, 13.107.21.237, 204.79.197.237, 199.232.214.172, 2.17.190.73, 142.250.185.238, 142.250.186.78, 172.217.18.14, 142.250.185.131, 142.250.185.174, 216.58.206.78, 216.58.212.142, 172.217.16.206, 142.250.185.206, 13.107.253.45, 184.28.90.27, 172.202.163.200, 13.107.246.45, 52.149.20.212
Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, learn.microsoft.com, onedscolprdcus05.centralus.cloudapp.azure.com, e11290.dspg.akamaiedge.net, mdec.nelreports.net.akamaized.net, go.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, star-azurefd-prod.trafficmanager.net, a1883.dscd.akamai.net, learn.microsoft.com.edgekey.net, update.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, c-bing-com.dual-a-0034.a-msedge.net, onedscolprdaue02.australiaeast.cloudapp.azure.com, ctldl.windowsupdate.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, browser.events.data.microsoft.com, edgedl.me.gvt1.com, e13636.dscb.akamaiedge.net, c.bing.com, learn-public.traffi
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: https://microsoft.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://microsoft.com
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319. Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "Yes", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319. Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "This application could not be started", "prominent_button_name": "Yes", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319. Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319. Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	http://www.pentamx.com/	Get hash	malicious	CAPTCHA Scam ClickFix	Browse
	https://kmsprinters.co.uk/	Get hash	malicious	Unknown	Browse
	https://web.oncentrl.com/#/index/action?entityType=PUBLISHEDQUESTIONNAIRE&entityId=134955&actionType=PUBLISH&context=CLIENT_MGMT&recieverUserInfoId=68822	Get hash	malicious	Unknown	Browse
	https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH	Get hash	malicious	Unknown	Browse
	https://clients.dedicatedservicesusa.com	Get hash	malicious	Unknown	Browse
	Remittance.html	Get hash	malicious	Unknown	Browse
	http://binary-acceptance-hotel-difficult.trycloudflare.com	Get hash	malicious	Unknown	Browse
	https://cys-bombasml.com	Get hash	malicious	Unknown	Browse
	Signature Required_ Retail Technology Asia Employee Benefit for eddie.chan@rtasia.com.hk.eml	Get hash	malicious	Unknown	Browse
	https://Rtasia-sharepoint.zonivarnoth.ru/ITb4aThU/#Deddie.chan@rtasia.com.hk	Get hash	malicious	Unknown	Browse
13.107.246.60	https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1v	Get hash	malicious	Unknown	Browse	www.mimecast.com/Customers/Support/Contact-support/
13.107.246.60	http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5	Get hash	malicious	Unknown	Browse	wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0017.t-0009.t-msedge.net	hJ1bl8p7dJ.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	ORDER ENQIRY #093727664.exe	Get hash	malicious	FormBook	Browse	13.107.246.45
	New purchase order.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	13.107.246.45
	ProductBOMpq_v4.xlsm	Get hash	malicious	Unknown	Browse	13.107.246.45
	ProductBOMpq_v4.xlsm	Get hash	malicious	Unknown	Browse	13.107.246.45
	RFQ____PC25-1301.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.45
	Signature Required_ Retail Technology Asia Employee Benefit for eddie.chan@rtasia.com.hk.eml	Get hash	malicious	Unknown	Browse	13.107.246.45
	RFQ____PC25-1301.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://Rtasia-sharepoint.zonivarnoth.ru/ITb4aThU/#Deddie.chan@rtasia.com.hk	Get hash	malicious	Unknown	Browse	13.107.246.45
	RFQ____PC25-1301.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.45
s-part-0032.t-0009.t-msedge.net	https://iyztciuamr.cfolks.pl/pp	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=https%3A%2F%2Fgoogle.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%253Dhttps%3A%2F%2Fwww.google.com%2Furl%3Fq%3D.%2F%2F%2F%2Famp%2Fs%2Filikethislife.com%2Fwinner%2F0SfNj%2FY2N1ZGR5cmVAc3lmdGNvLmNvbQ==?0s57db=MTMmMTMmMTMmMTMmQjEmRjQmb2JxdEczJkQ0Jk11bHdyVGhHeUtZLi45SjNYNlJyamY6ckY0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEmRjQmbW51aUczJkQ0JkIxJkY0JnplcGNHMyZENCZCMSZGNCZ6ZXBjRDQmQjEmRjQmZWJmaUczJkQ0JkIxJkY0JmZtenV0RzMmRDQmMTMmMTMmMTMmMTMmQjEmRTgmMTMmMTMmMTMmMTMmMTMmMTMmMTMmMTMmQjEmQzQmb2ZlZWppMTMmQjQmenVqbWpjanRqdzEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJjEzJkIxJkM0JmZ1aml4MTMmQjQmc3BtcGQxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZDOCYxMyZ1eWZ1Lm9mZWVqaS8xMyYxMyYxMyYxMyYxMyYxMyYxMyYxMyZCMSZGNCZmbXp1dEQ0JjEzJjEzJjEzJjEzJkIxJkY0JmZtdWp1RzMmRDQmZm5wSUY0JmZtdWp1RDQmMTMmMTMmMTMmMTMmQjEmRzMmKzEzJmZzMTMmZWViMTMmRTQmRTQmRTQmRTQmRTQmRTQmRDQmMTMmK0czJjEzJjEzJkY0JjMzJkI6NjMmMTk2MyYzRjYzJkRCNjMmMzk2MyYzRjYzJjRCNjMmNEQ2MyY1MyY1MyZCOjYzJjE5NjMmM0Y2MyZEQjYzJjM5NjMmM0Y2MyY0QjYzJjRENjMmRTQmRTQmeGN6Nnpka21IZXtHSGN4MlRaelM0Wm1HSFJpT1hidkdIZXs2VFp2R25bbVM0ZEczJkROUEVHMyZ6ZndzdnR0c2Z6YkczJmx2L3BkL3pmd3N2dHRzZnpiRzMmRzMmQjQmdHF1dWlFNCZtc3ZDNCYzMzMmRTQmdW9mdW9wZDEzJjMzJml0ZnNnZnMzMyZFNCZ3anZyZi5xdXVpMTMmYnVmbkQ0JjEzJjEzJjEzJjEzJkIxJkY0JjMzJjkuR1VWMzMmRTQmdWZ0c2JpZDEzJmJ1Zm5ENCYxMyYxMyYxMyYxMyZCMSZGNCZlYmZpRDQmQjEmRjQmbW51aUQ0JkIxJkY0Jm9icXRHMyZENCZkazdoWlZENCZ0ezVNRTQmTFhteDFPUWdkWFBZc3s1d0c5e1FFNiZDT0Y0JjMzJnV5ZnUub2ZlZWppMzMmRTQmdHRibWQxMyZvYnF0RDQmQjEm	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://services221.com/mm/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://atpscan.global.hornetsecurity.com/?d=W3rdHn1Og9hhUJnVJzqWF36wMmxswAZldvtx3E21ybg&f=v8m9AqGfgV2Ri7cjqmfsuyl2V2Mu_lVW0BRsqcFw4upagWAQ1C-MqANvN6gf4zNV&i=&k=xREg&m=b_ORYMkPffImCXbCPli-aiR7Ga6rGe55sar2xtigCL4MrowDPSzt7ABKETTGxzegakAfoZ57KD02aVix8V8TVmZ2VcxzjeybXYrPiS2SB73LCKYktj5jv2aw6VcPRslz&n=s4crRkyHC4bab6S3yrgn1E3n-VmdqgfSqNiaCJyPrf6hnyL_SE4PHEo5SUcwwsFGV6rnB35iQFM5FLsE91obvZ0HTAEiqHnB8ROLzY5JVgg&r=oMs_cp4DXIjeQhcPWsPLyR3_oxBVUN4Iok_tSVE4DNNtzqeot7ZzvdXkh4vatwpC&s=bd82eb507a358fd35f72f18b86e67f3bfc1ce64bbeab0c01d700897b1b678efb&u=https%3A%2F%2Fe.trustifi.com%2F%23%2Ffff2af%2F32054d%2F67960f%2Fee6fed%2F5d1d11%2F46c760%2Ff79190%2Fc5ec40%2Fe8666a%2Fef542d%2F85972d%2F627493%2F9a11d6%2F1f4096%2F1d247f%2F818e78%2Fc53383%2Fd59aa0%2Fedfa57%2F7914c7%2Fc38cf6%2Ff74f56%2Ff45915%2F39dbbd%2Ff48710%2F1ddf22%2F37d5f2%2F9de9f7%2F96109e%2F882355%2F854b66%2F9d606d%2F2d0447%2Fad3b01%2F637d1c%2F3c0f2b%2F606f48%2Fa6d904%2F8fefe3%2F00a4bb%2F6520c6%2F9b795c%2Fb7de1a%2Fb5dde6%2F3f5692%2F997c7d%2Fc00925%2F782cce%2F511459%2Fab5aa8%2F91722a%2Feec933%2F3f4f91%2F894088%2F43adfa%2Fb78195%2F0407d0%2F56f022%2Fddf20e%2F946567%2Faa271a%2F507b7a%2Faccd06%2F50d63c%2F485c4b%2F07ced8%2Fd0ec21%2F260ce6%2Fb5edbb%2F79a81e%2F1fd160%2Ff4da41%2F7073e0%2F8a5e9a%2Fdac829%2F521e52%2Fa1a847%2F13ea63%2Fabb5a3%2Fe1901e%2Fd876f6%2F7b0bf4%2Fbd19df%2F89bdcd%2F1874d8%2F0fb7f3%2F72f438%2Fa098c5%2F4e2214%2F4b6e54%2F0c4a8f	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://probashkontho.com/work/Organization/privacy/index_.html	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://na4.docusign.net/Signing/EmailStart.aspx?a=ffa78034-d960-4bb3-b2a2-bb62a1fc4a65&etti=24&acct=86dab687-685e-40aa-af52-e5c3fc07b508&er=04714c6d-cc25-4a21-be91-01e1c43a5f3f	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://eu.jotform.com/app/250092704521347	Get hash	malicious	Unknown	Browse	13.107.246.60
	https://form.fillout.com/t/emEtLm993dus	Get hash	malicious	Unknown	Browse	13.107.246.60
	Invoice_R6GPN23V_TransactionSuccess.html.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://email.analystratings.net/ls/click?upn=u001.WeKo-2BCuHku2kJmVIsYmGxteRO-2BqdkFdZns7E8OZ0trgZRhaAY0f4dRd5bGXo8w1-2B5SPZj6mt6bkINmYNA1f4blf-2F2qp6pSrdQgqdtKPVZlFfsGiBd9L9S-2BVNmfUTaZ-2BpuOeo6wXhYyQnN5Dmhl9EwD4jJy2QucAxD5PJ8TFaAtq5-2Fa2JLywFyD22uAsFmhYjQLp65IuicFXReMolU22hvgQ-2B1S2bacC3gnzhuRxI8SAkOsPFFxOcYEiSSZTqVyp3m1OxPmLRrTi1o5-2FZom3YCyV1EUto77Rrvablg0dLCkGGW0ncnt-2B7IgK6LBBZRD7ITvGmpDjZtTYsz0I1qKiLzZdNfmubxarfJC5-2BcEqOw-2Ft-2FbdrugnVMUWHAHioUxjwvqr4QWKZSVt-2BeoNRvP2Adsk-2FRWXyTy-2FNsOG5tm8W5iiSHTNAe6b2ve-2F-2FMif4OPRLC2jk2zIHDBodMQqimJe7S-2B0c0a6VcurrTf-2BSSIJw1siTQylKaBjy96o6v7aWNACMPOJmDH5ybp8Hfg60OUEGx1ZLebRMpxX9k9AP7u40PlQ7YN0etELZUsiTbXY4PcX2P96RfnnTH8k4gdprbyM68BwIDNXqkSpWupXgXawXvLifC6eFYgMzHs5EFbgb5u6HEHo2__tUVFAbhJxF44ufbifaYzyYApcQooCC4WsuZoiwe419Oh5WFVYobMs1ROnIPWGGcL7zwYzcSR3guHWoKhXDu5EQ7SXJZpci4hCmpp1REa7W1YXEAS6JqnE9LrlFK998LZ271LMIRubQetxBOsHxh3FfsHQej0U45DqU0JnGYKUA9waD6Ny-2BL9vchurlVMDvBupSQHaqHAKs87lmzkMbvNLGI-2BMPx7o1UJrTBuhk-2BVx-2FdFVsZL4Uf2HUcBJTS73hyi	Get hash	malicious	Unknown	Browse	13.107.246.60
s-part-0017.t-0009.fb-t-msedge.net	pdf_2025 QUOTATION - #202401146778.pdf (83kb).com.exe	Get hash	malicious	PureLog Stealer, Quasar	Browse	13.107.253.45
	RFQ____PC25-1301.xlsx	Get hash	malicious	Unknown	Browse	13.107.253.45
	https://Rtasia-sharepoint.zonivarnoth.ru/ITb4aThU/#Deddie.chan@rtasia.com.hk	Get hash	malicious	Unknown	Browse	13.107.253.45
	JDQS879kiy.exe	Get hash	malicious	DBatLoader	Browse	13.107.253.45
	3.19.1+SetupWIService.exe	Get hash	malicious	Unknown	Browse	13.107.253.45
	https://app.box.com/s/it1hhxczqyf0qxif41bma48tat7sqs32	Get hash	malicious	HTMLPhisher	Browse	13.107.253.45
	http://id1223.adsalliance.xyz	Get hash	malicious	Unknown	Browse	13.107.253.45
	NursultanAlphaCrack.bat.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	13.107.253.45
	https://sites.google.com/view/01-25sharepoint/	Get hash	malicious	HTMLPhisher	Browse	13.107.253.45
	YYYY-NNN AUDIT DETAIL REPORT .docx	Get hash	malicious	Unknown	Browse	13.107.253.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	https://jabraxpressonlineprdstor.blob.core.windows.net/jdo/JabraDirectSetup.exe	Get hash	malicious	Unknown	Browse	23.100.122.113
	ProductBOMpq_v4.xlsm	Get hash	malicious	Unknown	Browse	13.107.246.45
	Scanned-IMGS_from NomanGroup IDT.scr.exe	Get hash	malicious	FormBook	Browse	20.244.96.65
	RFQ____PC25-1301.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.45
	possible SPAM## Msig Insurance Europe Complete via-Sign Monday January 2025.msg	Get hash	malicious	Unknown	Browse	20.44.10.123
	phishing.eml	Get hash	malicious	Phisher	Browse	51.116.246.104
	https://iyztciuamr.cfolks.pl/pp	Get hash	malicious	Unknown	Browse	13.107.246.60
	http://ww1.tryd.pro	Get hash	malicious	Unknown	Browse	13.107.21.237
	https://xC.gnoqwwhpwe.ru/3aeK/#Atest@test.com	Get hash	malicious	Unknown	Browse	20.190.160.22
	https://gthlcanada.com	Get hash	malicious	Unknown	Browse	137.117.65.222

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://akirapowered84501.emlnk.com/lt.php?x=3DZy~GDLVnab5KCs-Nu4WOae1qEoiN9xvxk1XaPMVXahD5B9-Uy.xuG-142imNH	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://bombasml.es	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://performancemanager10.successfactors.com/sf/hrisworkflowapprovelink?workflowRequestId=V4-0-a1-iHQRWD3bQis7XhhWNKzjfWwnvURbEsN0CxUc27Zt3ml0ag&company=oceanagoldT2&username=dave.oliver@oceanagold.com	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://inform-customer-sale.vercel.app/	Get hash	malicious	HTMLPhisher	Browse	23.1.237.91
	http://rebrand.ly/3ae1b4	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://precheckcar.com/wp-admin/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://rebrand.ly/8kjnapz	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://reserve-pages.com/sspteztd	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://ctrk.klclick2.com/l/01JHDZ0909KRHM82JGE0C594Y8_0	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://urlz.fr/tJIZ	Get hash	malicious	Unknown	Browse	23.1.237.91

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 11:17:04 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.973259100579624
Encrypted:	false
SSDEEP:	48:8+d+T6eibH2idAKZdA19ehwiZUklqeh2y+3:8bDioBy
MD5:	ED67889B8849F89A55EBE501C6775C69
SHA1:	B45B49D7C3CA60D0C791A73C7C38060A40FC87CC
SHA-256:	0415904E5443F8F519B409D9B10579CBAC7AB05B25E4B69500FBB49E091B04C2
SHA-512:	775C9024E272E6ACFCE7B0AD56F58B96430C7B750FC500DC6CBB5BB784E48E90BF22730A281B2F9E51ACD71B8105A92EF4B2F53BA09C1B4DCCED6CC3372FA8A0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......8~f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z!b....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z!b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z!b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z!b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z#b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........I.0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 11:17:04 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9842118502140105
Encrypted:	false
SSDEEP:	48:8xMd+T6eibH2idAKZdA1weh/iZUkAQkqehxy+2:87Dii9QEy
MD5:	3268C8DE978EEF051A2C7379588D24F4
SHA1:	8C1EFE7E04F1DE4826945EA584B998282FF45790
SHA-256:	7A07646F18AAFBA6F62C5C6E51E5F1E6DB408AFD4A5E571A1E46AD4DE7596F93
SHA-512:	D1FBD6181B68BA7B9A33E69515E18422829BC6058D3730C27E3799916A4A362AE63CE2F57FF9D3B27E88A259537E2AE3BF5BACEE4897DFABB7EAD5D35FCC8C49
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....%p.8~f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z!b....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z!b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z!b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z!b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z#b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........I.0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.000911858620487
Encrypted:	false
SSDEEP:	48:8x/d+T6esH2idAKZdA14tseh7sFiZUkmgqeh7sny+BX:8xMDzndy
MD5:	36DBB8EF9D7F97D9D469B0C46C4A3E47
SHA1:	D4832FCA0C0AF0A3565B823D97488550F4703ADB
SHA-256:	D5B971E909A8721D5FABBCFAA490DF8A6F7BEC190C0F77FE9364C4DE621E9CF1
SHA-512:	05BC789971E60DE6224A40EB2F48762B0C1392EF91ED0E128A27FD1260BC1EFB6A4499906EB81006F72BEC724151E30DABA49BD72F58EF7901AEFFB34103A0E2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z!b....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z!b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z!b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z!b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........I.0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 11:17:04 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9884762060716064
Encrypted:	false
SSDEEP:	48:8id+T6eibH2idAKZdA1vehDiZUkwqehFy+R:8nDipvy
MD5:	3E1FDD0EBC212F159E0095832360F77E
SHA1:	F3B6D3D95E2E3F79726B6D24753F6DC507300B70
SHA-256:	7945D519B045339C1FBD32F450ECD993BD7C776F1D7F008C0EEC603AB129BD8A
SHA-512:	E2E23735611DD271A4D3A1B7232D0559C879DC395405305B340C6688F4C1B747F6D25CB9A4366018DE11D813192C1C8C98B291CB6E6903427BD264C8C21919D1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......8~f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z!b....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z!b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z!b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z!b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z#b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........I.0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 11:17:04 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.976338697277711
Encrypted:	false
SSDEEP:	48:8Hd+T6eibH2idAKZdA1hehBiZUk1W1qehTy+C:8EDiZ9zy
MD5:	DFB77E02DBB72F6623091354CB4DB2BF
SHA1:	3CDD0F8F573D43FA7A66A095B53B17EB4AA32BC9
SHA-256:	E34944F2D34FF40A3497CF1788224CCA86E44F49E3F2EBAF9C60FB1CB1C56478
SHA-512:	C1A9F9823B803B6217599EE6C6D7D24B67BE73680459411A22C7372542FE9634A38021342EB5AE2D287C9F5B356BA007FA3132C130A787A5B008378745990961
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....x..8~f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z!b....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z!b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z!b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z!b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z#b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........I.0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jan 14 11:17:04 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9889547168585633
Encrypted:	false
SSDEEP:	48:8Gd+T6eibH2idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbdy+yT+:8zDilT/TbxWOvTbdy7T
MD5:	639C75014BEA82785A32406A3F15FDDA
SHA1:	F8FC1AD698E2F18DCC2D057CBA3E046C4AB6FC17
SHA-256:	0F2C44C9A0FF79970E2AADB58336F10BAC5C27652EEEAAB7FAA32D05F0C592A7
SHA-512:	C9F3A88F0D1DB767581D195B5638BFCC8D04F7C4AFF017488E6C2F5FDB7B2371BA9C2B27A51715C330EE06925711ABCA3A551736A0A63DE685C4FD94C280FBD9
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......8~f..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Z!b....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Z!b....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Z!b....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Z!b..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Z#b...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........I.0.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	downloaded
Size (bytes):	1818092
Entropy (8bit):	5.501071015666065
Encrypted:	false
SSDEEP:	24576:TEFlaH2sK7YSB1DkCXWJjO4JEC+jBxjtve:T1H2sK7YSB1DkCXWJjOWEC+jzjt2
MD5:	65C482790B609320265F2BE87B2E238F
SHA1:	E93E327FFCB682183410AFCFE7292695E6926DCB
SHA-256:	4AE8B96C58A143F07BF1A51100DBA6D56AF61FDED4FC996A4E0153541C838571
SHA-512:	E4BC6BEFCA8AFEF9B7D06BF24EB0BBB87AF5CC0CBF26DAF3C8239DB64175214EF411484876AAFD79183744935A35B352BD76F66CB23C4FF800E96B319250BCFE
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029296191/scripts/en-us/index-docs.js
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var C2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=C2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?C2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var Qi=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://learn.microsoft.com/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33341), with no line terminators
Category:	dropped
Size (bytes):	33341
Entropy (8bit):	4.91951126672241
Encrypted:	false
SSDEEP:	384:F7vJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukO:thOEO8chkMet7pCjBfcHkWOzUukO
MD5:	376D6B5D99A650F677FC5F8692C8940C
SHA1:	EA659B738ABA8BC8A4CCD481C7B829327B249B1E
SHA-256:	3AD57A9EB618245947B7672AF9A89C9AFC0F9DBA775265BF0463B21232D9E533
SHA-512:	B068F89B65CC67EE835E08D32FCF3E1848B696D7060ABE6EEDB94C7DF1773B3726B7CE3599599523CB6604C28B6E173824C611CBD264CE8E2A7E8FF33ACC16F3
Malicious:	false
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2025","toc_title":"Windows Server 2025"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","t

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json?
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
URL:	https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	4.241202481433726
Encrypted:	false
SSDEEP:	3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY
MD5:	9E576E34B18E986347909C29AE6A82C6
SHA1:	532C767978DC2B55854B3CA2D2DF5B4DB221C934
SHA-256:	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
SHA-512:	5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
Malicious:	false
Preview:	{"Message":"The requested resource does not support http method 'GET'."}

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
URL:	https://learn.microsoft.com/en-us/media/logos/logo_net.svg
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33341), with no line terminators
Category:	downloaded
Size (bytes):	33341
Entropy (8bit):	4.91951126672241
Encrypted:	false
SSDEEP:	384:F7vJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUukO:thOEO8chkMet7pCjBfcHkWOzUukO
MD5:	376D6B5D99A650F677FC5F8692C8940C
SHA1:	EA659B738ABA8BC8A4CCD481C7B829327B249B1E
SHA-256:	3AD57A9EB618245947B7672AF9A89C9AFC0F9DBA775265BF0463B21232D9E533
SHA-512:	B068F89B65CC67EE835E08D32FCF3E1848B696D7060ABE6EEDB94C7DF1773B3726B7CE3599599523CB6604C28B6E173824C611CBD264CE8E2A7E8FF33ACC16F3
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/toc.json
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2025","toc_title":"Windows Server 2025"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","t

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	47062
Entropy (8bit):	5.016253322487316
Encrypted:	false
SSDEEP:	768:haAC16LIElO6L6x2bTI1ln4a1T0MCFnFMBVeZgdLp:hTCGLlO6eAbTIr4audZqBkZ0Lp
MD5:	B414303561CB6E18DA07E51A6525116D
SHA1:	7FB251BA8584D9A5C7D36530EDBA0596A35E597E
SHA-256:	1C83353E1AC9BA9B8E503479C9D0E0804C94A129259D0286DD36B7EB8FF8F6FC
SHA-512:	7D1576109772469EB8068296B22361E2C0527F82A632A167743D9D496D6680E62CE5FCB5ABBB32138A0C05276FBB3B98ED29F36A345347FA4EE064FB22FED5FD
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Preview:	<!DOCTYPE html><html..class="hasSidebar hasPageActions hasBreadcrumb conceptual has-default-focus theme-light"..lang="en-us"..dir="ltr"..data-authenticated="false"..data-auth-status-determined="false"..data-target="docs"..x-ms-format-detection="none">..<head>..<meta charset="utf-8" />..<meta name="viewport" content="width=device-width, initial-scale=1.0" />..<meta property="og:title" content="Fix .NET Framework 'This application could not be started' - .NET Framework" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started" /><meta property="og:description" content="Learn what to do if you see a 'This application could not be started' dialog box when running a .NET Framework application." /><meta property="og:image" content="https://learn.microsoft.com/dotnet/media/dotnet-logo.png" />...<meta property="og:image:alt" content="Fix .NET Framework 'This application could not be st

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4897
Entropy (8bit):	4.8007377074457604
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzfwqrLvJ4QG63JkRJ+dRp8TJHr:dgQ+KfZcbhaWjp45qtAdflfDOFnNgByQ
MD5:	0E78F790402498FA57E649052DA01218
SHA1:	9ED4D0846DA5D66D44EE831920B141BBF60A0200
SHA-256:	73F3061A46EA8FD11D674FB21FEEEFE3753FC3A3ED77224E7F66A964C0420603
SHA-512:	B46E4B90E53C7DABC7208A6FDAE53F25BD70FCFBBEF03FFC64B1B5D1EB1C01C870A7309DF167246FCCD114B483038A64D7C46CA3B9FCB3779A77E42DB6967051
Malicious:	false
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029296191/global/deprecation.js
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1154
Entropy (8bit):	4.59126408969148
Encrypted:	false
SSDEEP:	24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS
MD5:	37258A983459AE1C2E4F1E551665F388
SHA1:	603A4E9115E613CC827206CF792C62AEB606C941
SHA-256:	8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44
SHA-512:	184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C
Malicious:	false
Preview:	<svg width="456" height="456" viewBox="0 0 456 456" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect width="456" height="456" fill="#512BD4"/>..<path d="M81.2738 291.333C78.0496 291.333 75.309 290.259 73.052 288.11C70.795 285.906 69.6665 283.289 69.6665 280.259C69.6665 277.173 70.795 274.529 73.052 272.325C75.309 270.121 78.0496 269.019 81.2738 269.019C84.5518 269.019 87.3193 270.121 89.5763 272.325C91.887 274.529 93.0424 277.173 93.0424 280.259C93.0424 283.289 91.887 285.906 89.5763 288.11C87.3193 290.259 84.5518 291.333 81.2738 291.333Z" fill="white"/>..<path d="M210.167 289.515H189.209L133.994 202.406C132.597 200.202 131.441 197.915 130.528 195.546H130.044C130.474 198.081 130.689 203.508 130.689 211.827V289.515H112.149V171H134.477L187.839 256.043C190.096 259.57 191.547 261.994 192.192 263.316H192.514C191.977 260.176 191.708 254.859 191.708 247.365V171H210.167V289.515Z" fill="white"/>..<path d="M300.449 289.515H235.561V171H297.87V187.695H254.746V221.249H294.485V237.861H254.746V

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	465726
Entropy (8bit):	5.074427897789943
Encrypted:	false
SSDEEP:	6144:Le7PreKCerH5dyUJ6Yh6BFPDxZYX04GK7M4:bKCerXyUh
MD5:	22CA94B5242E51DC74BFED511290C6D1
SHA1:	536D14BFE763D1188832C07261889524317E5458
SHA-256:	1606E43A6991FA36940B2CA1091A7A501BEF4BE87BE3C8091FC82E19359E2DFB
SHA-512:	67D789C290BB9EE7DA6516B0FF549DE792F813DD1749C3011492448E59D1E85B66BC9B186F3162C93B0C201716A8C2FAED7B1A8F09C6488ED070AE43CEFF65CB
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029296191/styles/site-ltr.css
Preview:	.CodeMirror{height:300px;color:#000;direction:ltr;font-family:monospace}.CodeMirror-lines{padding:4px 0}.CodeMirror pre.CodeMirror-line,.CodeMirror pre.CodeMirror-line-like{padding:0 4px}.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{background-color:#fff}.CodeMirror-gutters{white-space:nowrap;background-color:#f7f7f7;border-right:1px solid #ddd}.CodeMirror-linenumber{min-width:20px;text-align:right;color:#999;white-space:nowrap;padding:0 3px 0 5px}.CodeMirror-guttermarker{color:#000}.CodeMirror-guttermarker-subtle{color:#999}.CodeMirror-cursor{width:0;border-left:1px solid #000;border-right:none}.CodeMirror div.CodeMirror-secondarycursor{border-left:1px solid silver}.cm-fat-cursor .CodeMirror-cursor{width:auto;background:#7e7;border:0!important}.cm-fat-cursor div.CodeMirror-cursors{z-index:1}.cm-fat-cursor .CodeMirror-line::selection,.cm-fat-cursor .CodeMirror-line>span::selection,.cm-fat-cursor .CodeMirror-line>span>span::selection{background:0 0}.cm-fat-cursor{caret-color:#0

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HMB:k
MD5:	0B04EA412F8FC88B51398B1CBF38110E
SHA1:	E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF
SHA-256:	7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3
SHA-512:	6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkEurwx6c-nJBIFDb_mJfI=?alt=proto
Preview:	CgkKBw2/5iXyGgA=

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	dropped
Size (bytes):	179335
Entropy (8bit):	5.435182897681627
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVa:Wof3G0NSkNzMeO7z/l3a
MD5:	517954FBCEBC2B0669606202492A4888
SHA1:	404819BEF2964D493DF3CB29102719025BEA48AF
SHA-256:	211DF9427FF68A7AA97490D30BABCEC089295E6219D461DD2946D24FE919DAEF
SHA-512:	21F79D8CB099D874CB2AD32BCE04ADBDE919F3499363E51FE875C0EB409A4EEF555F349351DAB84E39214E26F5320E6E472C0A6A7C06A4CA9EFD1421174CA0C3
Malicious:	false
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	28343
Entropy (8bit):	5.157444394582243
Encrypted:	false
SSDEEP:	768:635ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlR:FTvL7HBJv11pOVqlh382/rIN1Z
MD5:	4BCF40FC10BE8B597AFAC4DA95D9E18B
SHA1:	CADA0854AB095B0151ABEBFA1848A4C74DE60E70
SHA-256:	117B0E98E0133A870101BBDAC1B83121F8E016355C8576FC5BA10D88AD9AAD40
SHA-512:	AB8153795189D707A86F9C027FAB3406CA17DE010AC2BCFED001ECE234717425368376F6FA8C6AD94FA87674CFF64AB128F13599C69F335F3CBAB377993499D7
Malicious:	false
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	downloaded
Size (bytes):	207935
Entropy (8bit):	5.420780972514107
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVliMTqwK:Wof3G0NSkNzMeO7z/l3lhTa
MD5:	3DE400B2682E30C3F33FA4B93116491F
SHA1:	BC48B898DF43BA2178DE28F5A29D977B2204F846
SHA-256:	84E9EAD32EFA16BE0D5B2407F799FC3DAE497BCB4A90758C0106C8D8F55003FE
SHA-512:	D4004E4A62A81116D346B7A7F95FC67F97A258E82B3BDDBF4A9F28CEBB633E4A336A17057A765DA306AD9B1E40A99FE349D698B095A6F386B9CDF4A46457FC06
Malicious:	false
URL:	https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19696, version 1.0
Category:	downloaded
Size (bytes):	19696
Entropy (8bit):	7.9898910353479335
Encrypted:	false
SSDEEP:	384:37wfQhsuDSP36Elj0oScS8w3F1ZTt5JwtRGsh1SJR3YL0BeojRs8E:37Cms69owH3FPutReFYL+eods8E
MD5:	4D0BFEA9EBDA0657CEE433600ED087B6
SHA1:	F13C690B170D5BA6BE45DEDC576776CA79718D98
SHA-256:	67E7D8E61B9984289B6F3F476BBEB6CEB955BEC823243263CF1EE57D7DB7AE9A
SHA-512:	9136ADEC32F1D29A72A486B4604309AA8F9611663FA1E8D49079B67260B2B09CEFDC3852CF5C08CA9F5D8EA718A16DBD8D8120AC3164B0D1519D8EF8A19E4EA5
Malicious:	false
URL:	https://learn.microsoft.com/static/assets/0.4.029296191/styles/docons.4d9fc6f.34a85e0c.woff2
Preview:	wOF2......L........`..L..........................T.V..@........6.$........ ..y.......d^..Awp(......<.1..fE.......I......z-.."YTZ.p.eMd.#..7.qY..Z.!..V...!......r...Z.;b........J....X..;.^...>UQ%U..CkT.....zKG.!\8%..>.b.4o4.t..........3..C..?u....E.S$.:.....mfZ......... .Q...].y..@....m.tC.C6. ......37..,V...F.a...A.. .PQ".A...B...p...q..!QA.N..m.......(..........gv..L...5M&._..+@.U..k.....CU..@...._.9q{....B..C.dB.F.a......J_Jo..M..oR....m......r...U0...y!.@-.h7...z....e.....J+...-{.s..1...^...zM[~....Fy.';.V...=.%......"..H..w.9L..$.{d.j&..... K...P`.$.g....;.0..........T.v....j.0Ht..<. ...<\......Ol.\|_U.+rmW..JK..".e<C ...q.?...B..l..Ni.....H....D..n@.......=c.f3.7........t...Z...}{....S;..KU.Ho.`....._?m....y...32l^.(..r..........Z...{U....W(......\|.q..P.`,.YQ....-,c...g*F..=....."M.......sq....-....w(.e.K........^2e.3&.\|,..4.TO..D].........W..W%j.._...nS.X.gE..3;2..:...Y..4j.-....c0A...U...p......d.M..6.L..b....O:[['wN.\|49.......]

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	28343
Entropy (8bit):	5.157444394582243
Encrypted:	false
SSDEEP:	768:635ZUfTvLg6jLjnjrjGjXMQjtzjMFzXY8v1gWj/rlOVqnACpK3o3hhl0OU2/8BlR:FTvL7HBJv11pOVqlh382/rIN1Z
MD5:	4BCF40FC10BE8B597AFAC4DA95D9E18B
SHA1:	CADA0854AB095B0151ABEBFA1848A4C74DE60E70
SHA-256:	117B0E98E0133A870101BBDAC1B83121F8E016355C8576FC5BA10D88AD9AAD40
SHA-512:	AB8153795189D707A86F9C027FAB3406CA17DE010AC2BCFED001ECE234717425368376F6FA8C6AD94FA87674CFF64AB128F13599C69F335F3CBAB377993499D7
Malicious:	false
URL:	https://learn.microsoft.com/en-us/banners/index.json
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
URL:	https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	dropped
Size (bytes):	1818092
Entropy (8bit):	5.501071015666065
Encrypted:	false
SSDEEP:	24576:TEFlaH2sK7YSB1DkCXWJjO4JEC+jBxjtve:T1H2sK7YSB1DkCXWJjOWEC+jzjt2
MD5:	65C482790B609320265F2BE87B2E238F
SHA1:	E93E327FFCB682183410AFCFE7292695E6926DCB
SHA-256:	4AE8B96C58A143F07BF1A51100DBA6D56AF61FDED4FC996A4E0153541C838571
SHA-512:	E4BC6BEFCA8AFEF9B7D06BF24EB0BBB87AF5CC0CBF26DAF3C8239DB64175214EF411484876AAFD79183744935A35B352BD76F66CB23C4FF800E96B319250BCFE
Malicious:	false
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var C2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=C2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?C2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var Qi=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	dropped
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	downloaded
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
URL:	https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1173007
Entropy (8bit):	5.503893944397598
Encrypted:	false
SSDEEP:	24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT
MD5:	2E00D51C98DBB338E81054F240E1DEB2
SHA1:	D33BAC6B041064AE4330DCC2D958EBE4C28EBE58
SHA-256:	300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862
SHA-512:	B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9
Malicious:	false
URL:	https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js
Preview:	(function(){"use strict";var __webpack_modules__={351:function(t,e,r){var n,o=this&&this.__extends\|\|(n=function(t,e){return n=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var r in e)Object.prototype.hasOwnProperty.call(e,r)&&(t[r]=e[r])},n(t,e)},function(t,e){if("function"!=typeof e&&null!==e)throw new TypeError("Class extends value "+String(e)+" is not a constructor or null");function r(){this.constructor=t}n(t,e),t.prototype=null===e?Object.create(e):(r.prototype=e.prototype,new r)}),i=this&&this.__assign\|\|function(){return i=Object.assign\|\|function(t){for(var e,r=1,n=arguments.length;r<n;r++)for(var o in e=arguments[r])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},i.apply(this,arguments)},s=this&&this.__read\|\|function(t,e){var r="function"==typeof Symbol&&t[Symbol.iterator];if(!r)return t;var n,o,i=r.call(t),s=[];try{for(;(void 0===e\|\|e-- >0)&&!(n=i.next()).done;)s.push(n.value)}catch(t){o={error:t}}finally

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.082083434782736
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe
File size:	75'410 bytes
MD5:	3e766051d054efc1054ba59f63730b54
SHA1:	1702e3ec499305b1f43feb54ca8f119a694b6b8b
SHA256:	2f958c27bdc0c1f9ab6b1c418c59797e75c78975ebf842cd69fd5f7d262eeed9
SHA512:	c45e89366c556e3ed0ee073dcb04858a73ba5515bfd2823d6f8101a0724f0365cbe0314d00e63d1d666946af19b20437f3dd2480743cde1064b0b28fa4b8f05d
SSDEEP:	1536:dDqwoc3d2iJzHGadrwwQ1W+bVrk5jvD1kSBBOq7v89kZrR:dXH71wwf+bVrkHbBBOq7U9+rR
TLSH:	0B738E4C7FDA0519E0FF5FB259F12207E738FE1218069A6F60DA316A1737588DA41AF2
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{g.............................$... ...@....@.. ....................................@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4124ce
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x677B06EA [Sun Jan 5 22:25:46 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
int 06h
add byte ptr [ecx], al
add dword ptr [edx], edx
adc byte ptr [ebp+13h], 00000007h
or byte ptr [edx], dl
sbb byte ptr [ebp+1Dh], 00000005h
sbb al, 0Eh
adc al, byte ptr [edx+12051D61h]
and byte ptr [ebp+1Dh], 00000005h
push es
and byte ptr [ecx], al
sbb eax, 0C051D05h
add byte ptr [6D821201h], al
or byte ptr [edx], dl
sub byte ptr [ebp+08h], 00000008h
add eax, 1D010120h
add eax, 01012006h
adc dword ptr [edx+00200575h], eax
adc al, byte ptr [edx+03200861h]
sbb eax, 08051D05h
or byte ptr [edi+eax], al
add dword ptr [0020050Eh], ebx
adc al, byte ptr [edx+01200479h]
add dword ptr [edx], ecx
push es
add byte ptr [ecx], al
adc dword ptr [edx+07070E81h], eax
add al, 0Eh
adc dh, byte ptr [ecx]
or byte ptr [eax], cl
add al, 20h
add dword ptr [ebx], eax
or byte ptr [31120120h], al
add eax, dword ptr [esi]
adc byte ptr [ecx], al
add dword ptr [eax], ecx
push ds
add byte ptr [edx+ecx], al
add dword ptr [ecx], edx
dec eax
add al, 07h
add bl, byte ptr [eax+ecx]
push es
and byte ptr [ecx], al
adc dword ptr [ecx+11h], ecx
dec ecx
push es
pop es
add ecx, dword ptr [esi]
adc dh, byte ptr [ecx]
sbb byte ptr [edi+eax], al
add dword ptr [01200505h], ebx
push cs
sbb eax, 02070505h
push cs
sbb eax, 07070E1Ch
sbb eax, 82120E05h
adc dh, byte ptr [ecx]
add eax, 09051D08h
pop es
add eax, dword ptr [edx]
adc al, byte ptr [ecx-327FED2Bh]
add al, 06h
adc al, byte ptr [ecx+022009D5h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x12478	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x14000	0x1622	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x16000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x104d4	0x10600	cbba3314289482c370df00cb145e390e	False	0.6061396708015268	data	6.088675086804517	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x14000	0x1622	0x1800	39ea258a693447c7ee2862b65c228c89	False	0.23356119791666666	data	3.998353248076914	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x16000	0xc	0x200	cb155bb691b5768f66cf0ba8d75c9cbe	False	0.59375	data	4.83461280507942	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 13:16:55.173420906 CET	49674	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:16:55.173425913 CET	49675	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:16:55.267040014 CET	49673	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:04.775269032 CET	49675	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:04.775338888 CET	49674	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:04.867024899 CET	49673	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:06.517076015 CET	443	49703	23.1.237.91	192.168.2.5
Jan 14, 2025 13:17:06.523492098 CET	49703	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:06.586765051 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:06.586831093 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:06.587048054 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:06.587049007 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:06.587124109 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.261346102 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.261780024 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.261811972 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.263254881 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.263323069 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.264548063 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.264673948 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.264729977 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.305464983 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.305505037 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.351722956 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.369991064 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.370018959 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.370029926 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.370071888 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.370078087 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.370115042 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.370162964 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.370188951 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.370215893 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.370215893 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.370215893 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.370244026 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.404915094 CET	49722	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:17:07.405013084 CET	443	49722	142.250.185.100	192.168.2.5
Jan 14, 2025 13:17:07.405097961 CET	49722	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:17:07.405313969 CET	49722	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:17:07.405337095 CET	443	49722	142.250.185.100	192.168.2.5
Jan 14, 2025 13:17:07.460073948 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.460105896 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.460156918 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.460192919 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.460231066 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.460254908 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.461878061 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.461910963 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.461956978 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.461970091 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.461997032 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.462017059 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.549770117 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.549799919 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.549925089 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.549925089 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.549990892 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.550112963 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.550767899 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.550796032 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.550838947 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.550853968 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.550885916 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.550905943 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.551765919 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.551789045 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.551842928 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.551855087 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.551882982 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.551902056 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.553337097 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.553365946 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.553406954 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.553417921 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.553446054 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.553467989 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.640702963 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.640737057 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.640785933 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.640836000 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.640892982 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.640893936 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.641120911 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.641143084 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.641177893 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.641191959 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.641221046 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.641272068 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.641875029 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.641897917 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.641942978 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.641953945 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.641998053 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.642014980 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.642843962 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.642873049 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.642918110 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.642930031 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.642957926 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.642976999 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.643009901 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.643029928 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.643065929 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.643078089 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.643104076 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.643235922 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.643862009 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.643927097 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.643938065 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.643969059 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:07.644005060 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.644046068 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.644299984 CET	49721	443	192.168.2.5	13.107.246.60
Jan 14, 2025 13:17:07.644325972 CET	443	49721	13.107.246.60	192.168.2.5
Jan 14, 2025 13:17:08.075167894 CET	443	49722	142.250.185.100	192.168.2.5
Jan 14, 2025 13:17:08.075372934 CET	49722	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:17:08.075412035 CET	443	49722	142.250.185.100	192.168.2.5
Jan 14, 2025 13:17:08.076845884 CET	443	49722	142.250.185.100	192.168.2.5
Jan 14, 2025 13:17:08.076905966 CET	49722	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:17:08.077734947 CET	49722	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:17:08.077824116 CET	443	49722	142.250.185.100	192.168.2.5
Jan 14, 2025 13:17:08.128868103 CET	49722	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:17:08.128911018 CET	443	49722	142.250.185.100	192.168.2.5
Jan 14, 2025 13:17:08.176357031 CET	49722	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:17:16.911811113 CET	49703	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:16.911911964 CET	49703	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:16.912651062 CET	49801	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:16.912719965 CET	443	49801	23.1.237.91	192.168.2.5
Jan 14, 2025 13:17:16.912878036 CET	49801	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:16.913181067 CET	49801	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:16.913212061 CET	443	49801	23.1.237.91	192.168.2.5
Jan 14, 2025 13:17:16.916685104 CET	443	49703	23.1.237.91	192.168.2.5
Jan 14, 2025 13:17:16.916712046 CET	443	49703	23.1.237.91	192.168.2.5
Jan 14, 2025 13:17:17.496623039 CET	443	49801	23.1.237.91	192.168.2.5
Jan 14, 2025 13:17:17.496711016 CET	49801	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:17:18.049194098 CET	443	49722	142.250.185.100	192.168.2.5
Jan 14, 2025 13:17:18.049335957 CET	443	49722	142.250.185.100	192.168.2.5
Jan 14, 2025 13:17:18.049626112 CET	49722	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:17:19.134371996 CET	49722	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:17:19.134448051 CET	443	49722	142.250.185.100	192.168.2.5
Jan 14, 2025 13:17:36.657552958 CET	443	49801	23.1.237.91	192.168.2.5
Jan 14, 2025 13:17:36.657633066 CET	49801	443	192.168.2.5	23.1.237.91
Jan 14, 2025 13:18:07.459940910 CET	50071	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:18:07.459983110 CET	443	50071	142.250.185.100	192.168.2.5
Jan 14, 2025 13:18:07.460056067 CET	50071	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:18:07.460263014 CET	50071	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:18:07.460273027 CET	443	50071	142.250.185.100	192.168.2.5
Jan 14, 2025 13:18:08.092921019 CET	443	50071	142.250.185.100	192.168.2.5
Jan 14, 2025 13:18:08.093300104 CET	50071	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:18:08.093327045 CET	443	50071	142.250.185.100	192.168.2.5
Jan 14, 2025 13:18:08.093672037 CET	443	50071	142.250.185.100	192.168.2.5
Jan 14, 2025 13:18:08.093944073 CET	50071	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:18:08.094012022 CET	443	50071	142.250.185.100	192.168.2.5
Jan 14, 2025 13:18:08.146162033 CET	50071	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:18:18.001898050 CET	443	50071	142.250.185.100	192.168.2.5
Jan 14, 2025 13:18:18.002032042 CET	443	50071	142.250.185.100	192.168.2.5
Jan 14, 2025 13:18:18.002306938 CET	50071	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:18:19.272015095 CET	50071	443	192.168.2.5	142.250.185.100
Jan 14, 2025 13:18:19.272054911 CET	443	50071	142.250.185.100	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2025 13:17:03.032479048 CET	53	62466	1.1.1.1	192.168.2.5
Jan 14, 2025 13:17:04.113188982 CET	53	64771	1.1.1.1	192.168.2.5
Jan 14, 2025 13:17:06.577464104 CET	63509	53	192.168.2.5	1.1.1.1
Jan 14, 2025 13:17:06.577994108 CET	64802	53	192.168.2.5	1.1.1.1
Jan 14, 2025 13:17:07.396819115 CET	65267	53	192.168.2.5	1.1.1.1
Jan 14, 2025 13:17:07.397232056 CET	50907	53	192.168.2.5	1.1.1.1
Jan 14, 2025 13:17:07.403629065 CET	53	65267	1.1.1.1	192.168.2.5
Jan 14, 2025 13:17:07.403810024 CET	53	50907	1.1.1.1	192.168.2.5
Jan 14, 2025 13:17:07.669867039 CET	50284	53	192.168.2.5	1.1.1.1
Jan 14, 2025 13:17:07.670137882 CET	59026	53	192.168.2.5	1.1.1.1
Jan 14, 2025 13:17:08.438317060 CET	57570	53	192.168.2.5	1.1.1.1
Jan 14, 2025 13:17:08.438457012 CET	54367	53	192.168.2.5	1.1.1.1
Jan 14, 2025 13:17:10.534157991 CET	53	62911	1.1.1.1	192.168.2.5
Jan 14, 2025 13:17:21.058820963 CET	53	64423	1.1.1.1	192.168.2.5
Jan 14, 2025 13:17:39.920043945 CET	53	57522	1.1.1.1	192.168.2.5
Jan 14, 2025 13:18:02.671406031 CET	53	51191	1.1.1.1	192.168.2.5
Jan 14, 2025 13:18:02.944238901 CET	53	57154	1.1.1.1	192.168.2.5
Jan 14, 2025 13:18:08.444164038 CET	54971	53	192.168.2.5	1.1.1.1
Jan 14, 2025 13:18:08.444288015 CET	53517	53	192.168.2.5	1.1.1.1
Jan 14, 2025 13:18:33.091919899 CET	53	64376	1.1.1.1	192.168.2.5

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 14, 2025 13:17:07.625144005 CET	192.168.2.5	1.1.1.1	c2e4	(Port unreachable)	Destination Unreachable
Jan 14, 2025 13:17:15.653055906 CET	192.168.2.5	1.1.1.1	c265	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 14, 2025 13:17:06.577464104 CET	192.168.2.5	1.1.1.1	0xd035	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 13:17:06.577994108 CET	192.168.2.5	1.1.1.1	0x5aef	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Jan 14, 2025 13:17:07.396819115 CET	192.168.2.5	1.1.1.1	0xd397	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 13:17:07.397232056 CET	192.168.2.5	1.1.1.1	0x1ee1	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 14, 2025 13:17:07.669867039 CET	192.168.2.5	1.1.1.1	0xeca9	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Jan 14, 2025 13:17:07.670137882 CET	192.168.2.5	1.1.1.1	0x4049	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Jan 14, 2025 13:17:08.438317060 CET	192.168.2.5	1.1.1.1	0xffcc	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Jan 14, 2025 13:17:08.438457012 CET	192.168.2.5	1.1.1.1	0x2cfc	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false
Jan 14, 2025 13:18:08.444164038 CET	192.168.2.5	1.1.1.1	0xe955	Standard query (0)	mdec.nelreports.net	A (IP address)	IN (0x0001)	false
Jan 14, 2025 13:18:08.444288015 CET	192.168.2.5	1.1.1.1	0xb8bb	Standard query (0)	mdec.nelreports.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 14, 2025 13:17:06.583686113 CET	1.1.1.1	192.168.2.5	0xa636	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:06.583686113 CET	1.1.1.1	192.168.2.5	0xa636	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:06.583686113 CET	1.1.1.1	192.168.2.5	0xa636	No error (0)	dual.s-part-0017.t-0009.fb-t-msedge.net	s-part-0017.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:06.583686113 CET	1.1.1.1	192.168.2.5	0xa636	No error (0)	s-part-0017.t-0009.fb-t-msedge.net		13.107.253.45	A (IP address)	IN (0x0001)	false
Jan 14, 2025 13:17:06.584022999 CET	1.1.1.1	192.168.2.5	0x8f0d	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:06.584629059 CET	1.1.1.1	192.168.2.5	0xd035	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:06.584629059 CET	1.1.1.1	192.168.2.5	0xd035	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:06.584629059 CET	1.1.1.1	192.168.2.5	0xd035	No error (0)	shed.dual-low.s-part-0032.t-0009.t-msedge.net	s-part-0032.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:06.584629059 CET	1.1.1.1	192.168.2.5	0xd035	No error (0)	s-part-0032.t-0009.t-msedge.net		13.107.246.60	A (IP address)	IN (0x0001)	false
Jan 14, 2025 13:17:06.585410118 CET	1.1.1.1	192.168.2.5	0x5aef	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:06.585410118 CET	1.1.1.1	192.168.2.5	0x5aef	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:07.403629065 CET	1.1.1.1	192.168.2.5	0xd397	No error (0)	www.google.com		142.250.185.100	A (IP address)	IN (0x0001)	false
Jan 14, 2025 13:17:07.403810024 CET	1.1.1.1	192.168.2.5	0x1ee1	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 14, 2025 13:17:07.603502989 CET	1.1.1.1	192.168.2.5	0xe35c	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:07.603650093 CET	1.1.1.1	192.168.2.5	0xed34	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:07.603650093 CET	1.1.1.1	192.168.2.5	0xed34	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	azurefd-t-fb-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:07.603650093 CET	1.1.1.1	192.168.2.5	0xed34	No error (0)	dual.s-part-0017.t-0009.fb-t-msedge.net	s-part-0017.t-0009.fb-t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:07.603650093 CET	1.1.1.1	192.168.2.5	0xed34	No error (0)	s-part-0017.t-0009.fb-t-msedge.net		13.107.253.45	A (IP address)	IN (0x0001)	false
Jan 14, 2025 13:17:07.676683903 CET	1.1.1.1	192.168.2.5	0xeca9	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:07.676683903 CET	1.1.1.1	192.168.2.5	0xeca9	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:07.676683903 CET	1.1.1.1	192.168.2.5	0xeca9	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:07.676683903 CET	1.1.1.1	192.168.2.5	0xeca9	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 14, 2025 13:17:07.678705931 CET	1.1.1.1	192.168.2.5	0x4049	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:07.678705931 CET	1.1.1.1	192.168.2.5	0x4049	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:08.445996046 CET	1.1.1.1	192.168.2.5	0x2cfc	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:08.446147919 CET	1.1.1.1	192.168.2.5	0xffcc	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:12.537151098 CET	1.1.1.1	192.168.2.5	0x2cb3	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:12.540950060 CET	1.1.1.1	192.168.2.5	0x2764	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:15.640532017 CET	1.1.1.1	192.168.2.5	0xf273	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:17:15.652986050 CET	1.1.1.1	192.168.2.5	0x2fd5	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:18:08.452589035 CET	1.1.1.1	192.168.2.5	0xb8bb	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 14, 2025 13:18:08.453408957 CET	1.1.1.1	192.168.2.5	0xe955	No error (0)	mdec.nelreports.net	mdec.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

js.monitor.azure.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49721	13.107.246.60	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 12:17:07 UTC	549	OUT	GET /scripts/c/ms.jsll-4.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://learn.microsoft.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 12:17:07 UTC	889	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 12:17:07 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 207935 Connection: close Vary: Accept-Encoding Cache-Control: no-transform, public, max-age=1800, immutable Last-Modified: Mon, 14 Oct 2024 17:27:31 GMT ETag: 0x8DCEC757C1AD1D1 x-ms-request-id: 275be117-b01e-0006-4a05-581325000000 x-ms-version: 2009-09-19 x-ms-meta-jssdkver: 4.3.3 x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-4.3.3.min.js Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20250114T121707Z-156796c549b47cnbhC1EWRmwan0000000f5g000000000869 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2025-01-14 12:17:07 UTC	15495	IN	Data Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 4c 4c 20 53 4b 55 2c 20 34 2e 33 2e 33 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 21 3d 6e 29 74 28 65 78 70 6f 72 74 73 29 3b 65 6c 73 65 20 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 Data Ascii: /! 1DS JSLL SKU, 4.3.3 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&defi
2025-01-14 12:17:07 UTC	16384	IN	Data Raw: 28 69 29 3a 28 72 3d 66 65 28 22 63 6f 6e 73 6f 6c 65 22 29 29 26 26 28 72 2e 65 72 72 6f 72 7c 7c 72 2e 6c 6f 67 29 28 74 2c 63 65 28 69 29 29 29 29 7d 53 65 28 61 3d 7b 74 68 65 6e 3a 6f 2c 22 63 61 74 63 68 22 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 28 75 6e 64 65 66 69 6e 65 64 2c 65 29 7d 2c 22 66 69 6e 61 6c 6c 79 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 2c 6e 3d 74 3b 72 65 74 75 72 6e 20 51 28 74 29 26 26 28 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 26 26 74 28 29 2c 65 7d 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 72 6f 77 20 74 26 26 74 28 29 2c 65 7d 29 2c 6f 28 65 2c 6e 29 7d 7d 2c 22 73 74 61 74 65 22 2c 7b 67 65 74 3a 64 7d 29 2c 68 74 28 29 26 26 28 61 5b 6d 74 28 Data Ascii: (i):(r=fe("console"))&&(r.error\|\|r.log)(t,ce(i))))}Se(a={then:o,"catch":function(e){return o(undefined,e)},"finally":function(t){var e=t,n=t;return Q(t)&&(e=function(e){return t&&t(),e},n=function(e){throw t&&t(),e}),o(e,n)}},"state",{get:d}),ht()&&(a[mt(
2025-01-14 12:17:07 UTC	16384	IN	Data Raw: 28 65 2c 74 2c 6e 2c 72 29 7b 67 65 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 26 26 65 5b 74 5d 26 26 28 6e 3f 28 6e 2e 63 62 5b 74 65 5d 28 7b 66 6e 3a 72 2c 61 72 67 3a 65 7d 29 2c 6e 2e 68 3d 6e 2e 68 7c 7c 6e 6e 28 70 63 2c 30 2c 6e 29 29 3a 4d 28 72 2c 5b 65 5d 29 29 7d 29 7d 68 63 2e 5f 5f 69 65 44 79 6e 3d 31 3b 76 61 72 20 76 63 3d 68 63 3b 66 75 6e 63 74 69 6f 6e 20 68 63 28 65 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 3d 5b 5d 3b 76 61 72 20 6e 2c 69 3d 5b 5d 2c 61 3d 7b 68 3a 6e 75 6c 6c 2c 63 62 3a 5b 5d 7d 2c 6f 3d 76 6f 28 65 2c 64 63 29 5b 4b 6e 5d 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 3d 21 21 65 2e 63 66 67 2e 70 65 72 66 45 76 74 73 53 65 6e 64 41 6c 6c 7d 29 3b 76 65 28 68 63 2c 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 Data Ascii: (e,t,n,r){ge(e,function(e){e&&e[t]&&(n?(n.cb[te]({fn:r,arg:e}),n.h=n.h\|\|nn(pc,0,n)):M(r,[e]))})}hc.__ieDyn=1;var vc=hc;function hc(e){this.listeners=[];var n,i=[],a={h:null,cb:[]},o=vo(e,dc)[Kn](function(e){n=!!e.cfg.perfEvtsSendAll});ve(hc,this,function(
2025-01-14 12:17:07 UTC	16384	IN	Data Raw: 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 61 2e 66 6c 75 73 68 43 6f 6d 70 6c 65 74 65 3d 65 2c 50 3d 21 30 2c 52 2e 72 75 6e 28 6f 2c 61 29 2c 66 5b 67 72 5d 28 29 2c 6f 5b 6c 72 5d 28 61 29 7d 2c 36 2c 6e 29 2c 69 7d 2c 66 5b 6f 72 5d 3d 73 2c 66 2e 61 64 64 50 6c 75 67 69 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 20 72 26 26 72 28 21 31 29 2c 76 6f 69 64 20 43 28 6f 75 29 3b 76 61 72 20 69 3d 73 28 65 5b 24 6e 5d 29 3b 69 66 28 69 26 26 21 74 29 72 65 74 75 72 6e 20 72 26 26 72 28 21 31 29 2c 76 6f 69 64 20 43 28 22 50 6c 75 67 69 6e 20 5b 22 2b 65 5b 24 6e 5d 2b 22 5d 20 69 73 20 61 6c 72 65 61 64 79 20 6c 6f 61 64 65 64 21 22 29 3b 76 61 72 20 61 2c 6f 3d 7b 72 65 61 73 6f 6e 3a 31 36 7d 3b 66 Data Ascii: (e,function(e){a.flushComplete=e,P=!0,R.run(o,a),f[gr](),o[lr](a)},6,n),i},f[or]=s,f.addPlugin=function(e,t,n,r){if(!e)return r&&r(!1),void C(ou);var i=s(e[$n]);if(i&&!t)return r&&r(!1),void C("Plugin ["+e[$n]+"] is already loaded!");var a,o={reason:16};f
2025-01-14 12:17:07 UTC	16384	IN	Data Raw: 6c 3a 31 2c 43 72 69 74 69 63 61 6c 3a 32 7d 29 2c 75 6e 64 65 66 69 6e 65 64 2c 75 6e 64 65 66 69 6e 65 64 29 2c 53 6c 3d 22 22 3b 66 75 6e 63 74 69 6f 6e 20 78 6c 28 65 29 7b 74 72 79 7b 69 66 28 6f 65 28 6f 74 28 29 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 74 3d 28 6e 65 77 20 44 61 74 65 29 5b 4f 73 5d 28 29 2c 6e 3d 66 65 28 65 3d 3d 3d 45 6c 2e 4c 6f 63 61 6c 53 74 6f 72 61 67 65 3f 22 6c 6f 63 61 6c 53 74 6f 72 61 67 65 22 3a 22 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 22 29 2c 72 3d 53 6c 2b 74 2c 69 3d 28 6e 2e 73 65 74 49 74 65 6d 28 72 2c 74 29 2c 6e 2e 67 65 74 49 74 65 6d 28 72 29 21 3d 3d 74 29 3b 69 66 28 6e 5b 52 73 5d 28 72 29 2c 21 69 29 72 65 74 75 72 6e 20 6e 7d 63 61 74 63 68 28 61 29 7b 7d 72 65 74 75 72 6e 20 6e 75 6c Data Ascii: l:1,Critical:2}),undefined,undefined),Sl="";function xl(e){try{if(oe(ot()))return null;var t=(new Date)[Os](),n=fe(e===El.LocalStorage?"localStorage":"sessionStorage"),r=Sl+t,i=(n.setItem(r,t),n.getItem(r)!==t);if(n[Rs](r),!i)return n}catch(a){}return nul
2025-01-14 12:17:07 UTC	16384	IN	Data Raw: 6f 20 74 72 61 63 6b 20 70 61 67 65 20 76 69 73 69 74 20 74 69 6d 65 20 66 61 69 6c 65 64 2c 20 6d 65 74 72 69 63 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 63 65 28 72 29 29 7d 7d 2c 59 28 65 2c 22 5f 6c 6f 67 67 65 72 22 2c 7b 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 7d 29 2c 59 28 65 2c 22 70 61 67 65 56 69 73 69 74 54 69 6d 65 54 72 61 63 6b 69 6e 67 48 61 6e 64 6c 65 72 22 2c 7b 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 7d 7d 29 7d 29 7d 76 61 72 20 4e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 68 69 73 5b 67 64 5d 3d 50 74 28 29 2c 74 68 69 73 2e 70 61 67 65 4e 61 6d 65 3d 65 2c 74 68 69 73 2e 70 61 67 65 55 72 6c 3d 74 7d 2c 44 64 3d 66 75 6e 63 74 69 6f 6e 28 Data Ascii: o track page visit time failed, metric will not be collected: "+ce(r))}},Y(e,"_logger",{g:function(){return o}}),Y(e,"pageVisitTimeTrackingHandler",{g:function(){return c}})})}var Nd=function(e,t){this[gd]=Pt(),this.pageName=e,this.pageUrl=t},Dd=function(
2025-01-14 12:17:07 UTC	16384	IN	Data Raw: 63 6f 72 65 44 61 74 61 2c 22 62 65 68 61 76 69 6f 72 22 29 2c 75 65 28 6e 2e 70 61 67 65 54 79 70 65 29 26 26 28 65 2e 70 61 67 65 54 79 70 65 3d 6e 2e 70 61 67 65 54 79 70 65 29 2c 75 65 28 72 2e 5f 70 61 67 65 54 79 70 65 4d 65 74 61 54 61 67 29 26 26 21 75 65 28 65 2e 70 61 67 65 54 79 70 65 29 26 26 28 65 2e 70 61 67 65 54 79 70 65 3d 72 2e 5f 70 61 67 65 54 79 70 65 4d 65 74 61 54 61 67 29 2c 75 65 28 72 2e 5f 6d 61 72 6b 65 74 4d 65 74 61 54 61 67 29 26 26 28 65 2e 6d 61 72 6b 65 74 3d 72 2e 5f 6d 61 72 6b 65 74 4d 65 74 61 54 61 67 29 2c 65 2e 69 73 4c 6f 67 67 65 64 49 6e 3d 47 64 28 72 2e 5f 63 6f 6e 66 69 67 29 2c 74 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 3d 6f 63 28 29 7d 2c 69 70 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 73 65 74 50 61 67 65 54 Data Ascii: coreData,"behavior"),ue(n.pageType)&&(e.pageType=n.pageType),ue(r._pageTypeMetaTag)&&!ue(e.pageType)&&(e.pageType=r._pageTypeMetaTag),ue(r._marketMetaTag)&&(e.market=r._marketMetaTag),e.isLoggedIn=Gd(r._config),t.cookieEnabled=oc()},ip.prototype._setPageT
2025-01-14 12:17:07 UTC	16384	IN	Data Raw: 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 41 70 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 69 73 54 72 61 63 6b 65 64 57 69 74 68 44 61 74 61 42 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 7e 74 5b 6e 5d 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 64 61 74 61 2d 62 69 2d 22 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 41 70 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 69 73 54 72 61 63 6b 65 64 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 22 64 61 74 61 2d 6d 22 3d 3d 3d 74 5b 6e 5d 2e 6e 61 6d Data Ascii: n!0;return!1},Ap.prototype._isTrackedWithDataBi=function(e){for(var t=e.attributes,n=0;n<t.length;n++)if(~t[n].name.indexOf("data-bi-"))return!0;return!1},Ap.prototype._isTracked=function(e){for(var t=e.attributes,n=0;n<t.length;n++)if("data-m"===t[n].nam
2025-01-14 12:17:07 UTC	16384	IN	Data Raw: 75 74 68 54 6f 6b 65 6e 22 2c 61 3d 22 41 75 74 68 58 54 6f 6b 65 6e 22 2c 67 67 3d 22 6d 73 66 70 63 22 2c 76 67 3d 22 75 73 65 72 22 2c 68 67 3d 22 61 6c 6c 6f 77 52 65 71 75 65 73 74 53 65 6e 64 69 6e 67 22 2c 6d 67 3d 22 66 69 72 73 74 52 65 71 75 65 73 74 53 65 6e 74 22 2c 79 67 3d 22 73 68 6f 75 6c 64 41 64 64 43 6c 6f 63 6b 53 6b 65 77 48 65 61 64 65 72 73 22 2c 43 67 3d 22 67 65 74 43 6c 6f 63 6b 53 6b 65 77 48 65 61 64 65 72 56 61 6c 75 65 22 2c 62 67 3d 22 73 65 74 43 6c 6f 63 6b 53 6b 65 77 22 2c 79 65 3d 22 6c 65 6e 67 74 68 22 2c 54 67 3d 22 63 6f 6e 63 61 74 22 2c 49 67 3d 22 69 4b 65 79 22 2c 45 67 3d 22 63 6f 75 6e 74 22 2c 5f 67 3d 22 65 76 65 6e 74 73 22 2c 53 67 3d 22 70 75 73 68 22 2c 78 67 3d 22 73 70 6c 69 74 22 2c 4e 67 3d 22 73 70 Data Ascii: uthToken",a="AuthXToken",gg="msfpc",vg="user",hg="allowRequestSending",mg="firstRequestSent",yg="shouldAddClockSkewHeaders",Cg="getClockSkewHeaderValue",bg="setClockSkew",ye="length",Tg="concat",Ig="iKey",Eg="count",_g="events",Sg="push",xg="split",Ng="sp
2025-01-14 12:17:07 UTC	16384	IN	Data Raw: 29 29 2c 65 5b 6c 76 5d 26 26 28 65 5b 6c 76 5d 3d 65 61 28 65 5b 6c 76 5d 29 29 29 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 2c 74 29 7b 69 66 28 65 5b 79 76 5d 7c 7c 28 65 5b 79 76 5d 3d 30 29 2c 65 5b 43 76 5d 7c 7c 28 65 5b 43 76 5d 3d 31 29 2c 6c 28 65 29 2c 65 5b 62 76 5d 29 69 66 28 55 7c 7c 61 65 29 65 5b 43 76 5d 3d 33 2c 65 5b 62 76 5d 3d 21 31 3b 65 6c 73 65 20 69 66 28 48 29 72 65 74 75 72 6e 20 57 26 26 28 65 3d 65 61 28 65 29 29 2c 48 5b 72 76 5d 28 45 76 2e 63 72 65 61 74 65 28 65 5b 49 67 5d 2c 5b 65 5d 29 2c 21 30 3d 3d 3d 65 5b 62 76 5d 3f 31 3a 65 5b 62 76 5d 2c 33 29 3b 76 61 72 20 6e 3d 65 5b 43 76 5d 2c 72 3d 63 65 2c 69 3d 52 2c 61 3d 28 34 3d 3d 3d 6e 26 26 28 72 3d 6f 65 2c 69 3d 4f 29 2c 21 31 29 3b 72 3c 69 3f 61 3d 21 43 28 65 2c Data Ascii: )),e[lv]&&(e[lv]=ea(e[lv])))}function a(e,t){if(e[yv]\|\|(e[yv]=0),e[Cv]\|\|(e[Cv]=1),l(e),e[bv])if(U\|\|ae)e[Cv]=3,e[bv]=!1;else if(H)return W&&(e=ea(e)),H[rv](Ev.create(e[Ig],[e]),!0===e[bv]?1:e[bv],3);var n=e[Cv],r=ce,i=R,a=(4===n&&(r=oe,i=O),!1);r<i?a=!C(e,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49728	13.107.246.45	443	6752	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-14 12:17:08 UTC	370	OUT	GET /scripts/c/ms.jsll-4.min.js HTTP/1.1 Host: js.monitor.azure.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-14 12:17:08 UTC	889	IN	HTTP/1.1 200 OK Date: Tue, 14 Jan 2025 12:17:08 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 207935 Connection: close Vary: Accept-Encoding Cache-Control: no-transform, public, max-age=1800, immutable Last-Modified: Mon, 14 Oct 2024 17:27:31 GMT ETag: 0x8DCEC757C1AD1D1 x-ms-request-id: 275be117-b01e-0006-4a05-581325000000 x-ms-version: 2009-09-19 x-ms-meta-jssdkver: 4.3.3 x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-4.3.3.min.js Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20250114T121708Z-156796c549bwq2hnhC1EWR1y100000001rng000000001f7y x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2025-01-14 12:17:08 UTC	15495	IN	Data Raw: 2f 2a 21 0a 20 2a 20 31 44 53 20 4a 53 4c 4c 20 53 4b 55 2c 20 34 2e 33 2e 33 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 4d 69 63 72 6f 73 6f 66 74 20 61 6e 64 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 20 2a 20 28 4d 69 63 72 6f 73 6f 66 74 20 49 6e 74 65 72 6e 61 6c 20 4f 6e 6c 79 29 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 75 6e 64 65 66 69 6e 65 64 22 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 21 3d 6e 29 74 28 65 78 70 6f 72 74 73 29 3b 65 6c 73 65 20 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 Data Ascii: /! 1DS JSLL SKU, 4.3.3 * Copyright (c) Microsoft and contributors. All rights reserved. * (Microsoft Internal Only) */!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&defi
2025-01-14 12:17:08 UTC	16384	IN	Data Raw: 28 69 29 3a 28 72 3d 66 65 28 22 63 6f 6e 73 6f 6c 65 22 29 29 26 26 28 72 2e 65 72 72 6f 72 7c 7c 72 2e 6c 6f 67 29 28 74 2c 63 65 28 69 29 29 29 29 7d 53 65 28 61 3d 7b 74 68 65 6e 3a 6f 2c 22 63 61 74 63 68 22 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 28 75 6e 64 65 66 69 6e 65 64 2c 65 29 7d 2c 22 66 69 6e 61 6c 6c 79 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 2c 6e 3d 74 3b 72 65 74 75 72 6e 20 51 28 74 29 26 26 28 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 26 26 74 28 29 2c 65 7d 2c 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 72 6f 77 20 74 26 26 74 28 29 2c 65 7d 29 2c 6f 28 65 2c 6e 29 7d 7d 2c 22 73 74 61 74 65 22 2c 7b 67 65 74 3a 64 7d 29 2c 68 74 28 29 26 26 28 61 5b 6d 74 28 Data Ascii: (i):(r=fe("console"))&&(r.error\|\|r.log)(t,ce(i))))}Se(a={then:o,"catch":function(e){return o(undefined,e)},"finally":function(t){var e=t,n=t;return Q(t)&&(e=function(e){return t&&t(),e},n=function(e){throw t&&t(),e}),o(e,n)}},"state",{get:d}),ht()&&(a[mt(
2025-01-14 12:17:08 UTC	16384	IN	Data Raw: 28 65 2c 74 2c 6e 2c 72 29 7b 67 65 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 26 26 65 5b 74 5d 26 26 28 6e 3f 28 6e 2e 63 62 5b 74 65 5d 28 7b 66 6e 3a 72 2c 61 72 67 3a 65 7d 29 2c 6e 2e 68 3d 6e 2e 68 7c 7c 6e 6e 28 70 63 2c 30 2c 6e 29 29 3a 4d 28 72 2c 5b 65 5d 29 29 7d 29 7d 68 63 2e 5f 5f 69 65 44 79 6e 3d 31 3b 76 61 72 20 76 63 3d 68 63 3b 66 75 6e 63 74 69 6f 6e 20 68 63 28 65 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 3d 5b 5d 3b 76 61 72 20 6e 2c 69 3d 5b 5d 2c 61 3d 7b 68 3a 6e 75 6c 6c 2c 63 62 3a 5b 5d 7d 2c 6f 3d 76 6f 28 65 2c 64 63 29 5b 4b 6e 5d 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 3d 21 21 65 2e 63 66 67 2e 70 65 72 66 45 76 74 73 53 65 6e 64 41 6c 6c 7d 29 3b 76 65 28 68 63 2c 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 Data Ascii: (e,t,n,r){ge(e,function(e){e&&e[t]&&(n?(n.cb[te]({fn:r,arg:e}),n.h=n.h\|\|nn(pc,0,n)):M(r,[e]))})}hc.__ieDyn=1;var vc=hc;function hc(e){this.listeners=[];var n,i=[],a={h:null,cb:[]},o=vo(e,dc)[Kn](function(e){n=!!e.cfg.perfEvtsSendAll});ve(hc,this,function(
2025-01-14 12:17:08 UTC	16384	IN	Data Raw: 28 65 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 61 2e 66 6c 75 73 68 43 6f 6d 70 6c 65 74 65 3d 65 2c 50 3d 21 30 2c 52 2e 72 75 6e 28 6f 2c 61 29 2c 66 5b 67 72 5d 28 29 2c 6f 5b 6c 72 5d 28 61 29 7d 2c 36 2c 6e 29 2c 69 7d 2c 66 5b 6f 72 5d 3d 73 2c 66 2e 61 64 64 50 6c 75 67 69 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 20 72 26 26 72 28 21 31 29 2c 76 6f 69 64 20 43 28 6f 75 29 3b 76 61 72 20 69 3d 73 28 65 5b 24 6e 5d 29 3b 69 66 28 69 26 26 21 74 29 72 65 74 75 72 6e 20 72 26 26 72 28 21 31 29 2c 76 6f 69 64 20 43 28 22 50 6c 75 67 69 6e 20 5b 22 2b 65 5b 24 6e 5d 2b 22 5d 20 69 73 20 61 6c 72 65 61 64 79 20 6c 6f 61 64 65 64 21 22 29 3b 76 61 72 20 61 2c 6f 3d 7b 72 65 61 73 6f 6e 3a 31 36 7d 3b 66 Data Ascii: (e,function(e){a.flushComplete=e,P=!0,R.run(o,a),f[gr](),o[lr](a)},6,n),i},f[or]=s,f.addPlugin=function(e,t,n,r){if(!e)return r&&r(!1),void C(ou);var i=s(e[$n]);if(i&&!t)return r&&r(!1),void C("Plugin ["+e[$n]+"] is already loaded!");var a,o={reason:16};f
2025-01-14 12:17:08 UTC	16384	IN	Data Raw: 6c 3a 31 2c 43 72 69 74 69 63 61 6c 3a 32 7d 29 2c 75 6e 64 65 66 69 6e 65 64 2c 75 6e 64 65 66 69 6e 65 64 29 2c 53 6c 3d 22 22 3b 66 75 6e 63 74 69 6f 6e 20 78 6c 28 65 29 7b 74 72 79 7b 69 66 28 6f 65 28 6f 74 28 29 29 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 76 61 72 20 74 3d 28 6e 65 77 20 44 61 74 65 29 5b 4f 73 5d 28 29 2c 6e 3d 66 65 28 65 3d 3d 3d 45 6c 2e 4c 6f 63 61 6c 53 74 6f 72 61 67 65 3f 22 6c 6f 63 61 6c 53 74 6f 72 61 67 65 22 3a 22 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 22 29 2c 72 3d 53 6c 2b 74 2c 69 3d 28 6e 2e 73 65 74 49 74 65 6d 28 72 2c 74 29 2c 6e 2e 67 65 74 49 74 65 6d 28 72 29 21 3d 3d 74 29 3b 69 66 28 6e 5b 52 73 5d 28 72 29 2c 21 69 29 72 65 74 75 72 6e 20 6e 7d 63 61 74 63 68 28 61 29 7b 7d 72 65 74 75 72 6e 20 6e 75 6c Data Ascii: l:1,Critical:2}),undefined,undefined),Sl="";function xl(e){try{if(oe(ot()))return null;var t=(new Date)[Os](),n=fe(e===El.LocalStorage?"localStorage":"sessionStorage"),r=Sl+t,i=(n.setItem(r,t),n.getItem(r)!==t);if(n[Rs](r),!i)return n}catch(a){}return nul
2025-01-14 12:17:08 UTC	16384	IN	Data Raw: 6f 20 74 72 61 63 6b 20 70 61 67 65 20 76 69 73 69 74 20 74 69 6d 65 20 66 61 69 6c 65 64 2c 20 6d 65 74 72 69 63 20 77 69 6c 6c 20 6e 6f 74 20 62 65 20 63 6f 6c 6c 65 63 74 65 64 3a 20 22 2b 63 65 28 72 29 29 7d 7d 2c 59 28 65 2c 22 5f 6c 6f 67 67 65 72 22 2c 7b 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7d 7d 29 2c 59 28 65 2c 22 70 61 67 65 56 69 73 69 74 54 69 6d 65 54 72 61 63 6b 69 6e 67 48 61 6e 64 6c 65 72 22 2c 7b 67 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 63 7d 7d 29 7d 29 7d 76 61 72 20 4e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 68 69 73 5b 67 64 5d 3d 50 74 28 29 2c 74 68 69 73 2e 70 61 67 65 4e 61 6d 65 3d 65 2c 74 68 69 73 2e 70 61 67 65 55 72 6c 3d 74 7d 2c 44 64 3d 66 75 6e 63 74 69 6f 6e 28 Data Ascii: o track page visit time failed, metric will not be collected: "+ce(r))}},Y(e,"_logger",{g:function(){return o}}),Y(e,"pageVisitTimeTrackingHandler",{g:function(){return c}})})}var Nd=function(e,t){this[gd]=Pt(),this.pageName=e,this.pageUrl=t},Dd=function(
2025-01-14 12:17:08 UTC	16384	IN	Data Raw: 63 6f 72 65 44 61 74 61 2c 22 62 65 68 61 76 69 6f 72 22 29 2c 75 65 28 6e 2e 70 61 67 65 54 79 70 65 29 26 26 28 65 2e 70 61 67 65 54 79 70 65 3d 6e 2e 70 61 67 65 54 79 70 65 29 2c 75 65 28 72 2e 5f 70 61 67 65 54 79 70 65 4d 65 74 61 54 61 67 29 26 26 21 75 65 28 65 2e 70 61 67 65 54 79 70 65 29 26 26 28 65 2e 70 61 67 65 54 79 70 65 3d 72 2e 5f 70 61 67 65 54 79 70 65 4d 65 74 61 54 61 67 29 2c 75 65 28 72 2e 5f 6d 61 72 6b 65 74 4d 65 74 61 54 61 67 29 26 26 28 65 2e 6d 61 72 6b 65 74 3d 72 2e 5f 6d 61 72 6b 65 74 4d 65 74 61 54 61 67 29 2c 65 2e 69 73 4c 6f 67 67 65 64 49 6e 3d 47 64 28 72 2e 5f 63 6f 6e 66 69 67 29 2c 74 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 3d 6f 63 28 29 7d 2c 69 70 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 73 65 74 50 61 67 65 54 Data Ascii: coreData,"behavior"),ue(n.pageType)&&(e.pageType=n.pageType),ue(r._pageTypeMetaTag)&&!ue(e.pageType)&&(e.pageType=r._pageTypeMetaTag),ue(r._marketMetaTag)&&(e.market=r._marketMetaTag),e.isLoggedIn=Gd(r._config),t.cookieEnabled=oc()},ip.prototype._setPageT
2025-01-14 12:17:08 UTC	16384	IN	Data Raw: 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 41 70 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 69 73 54 72 61 63 6b 65 64 57 69 74 68 44 61 74 61 42 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 7e 74 5b 6e 5d 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 64 61 74 61 2d 62 69 2d 22 29 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 41 70 2e 70 72 6f 74 6f 74 79 70 65 2e 5f 69 73 54 72 61 63 6b 65 64 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 22 64 61 74 61 2d 6d 22 3d 3d 3d 74 5b 6e 5d 2e 6e 61 6d Data Ascii: n!0;return!1},Ap.prototype._isTrackedWithDataBi=function(e){for(var t=e.attributes,n=0;n<t.length;n++)if(~t[n].name.indexOf("data-bi-"))return!0;return!1},Ap.prototype._isTracked=function(e){for(var t=e.attributes,n=0;n<t.length;n++)if("data-m"===t[n].nam
2025-01-14 12:17:08 UTC	16384	IN	Data Raw: 75 74 68 54 6f 6b 65 6e 22 2c 61 3d 22 41 75 74 68 58 54 6f 6b 65 6e 22 2c 67 67 3d 22 6d 73 66 70 63 22 2c 76 67 3d 22 75 73 65 72 22 2c 68 67 3d 22 61 6c 6c 6f 77 52 65 71 75 65 73 74 53 65 6e 64 69 6e 67 22 2c 6d 67 3d 22 66 69 72 73 74 52 65 71 75 65 73 74 53 65 6e 74 22 2c 79 67 3d 22 73 68 6f 75 6c 64 41 64 64 43 6c 6f 63 6b 53 6b 65 77 48 65 61 64 65 72 73 22 2c 43 67 3d 22 67 65 74 43 6c 6f 63 6b 53 6b 65 77 48 65 61 64 65 72 56 61 6c 75 65 22 2c 62 67 3d 22 73 65 74 43 6c 6f 63 6b 53 6b 65 77 22 2c 79 65 3d 22 6c 65 6e 67 74 68 22 2c 54 67 3d 22 63 6f 6e 63 61 74 22 2c 49 67 3d 22 69 4b 65 79 22 2c 45 67 3d 22 63 6f 75 6e 74 22 2c 5f 67 3d 22 65 76 65 6e 74 73 22 2c 53 67 3d 22 70 75 73 68 22 2c 78 67 3d 22 73 70 6c 69 74 22 2c 4e 67 3d 22 73 70 Data Ascii: uthToken",a="AuthXToken",gg="msfpc",vg="user",hg="allowRequestSending",mg="firstRequestSent",yg="shouldAddClockSkewHeaders",Cg="getClockSkewHeaderValue",bg="setClockSkew",ye="length",Tg="concat",Ig="iKey",Eg="count",_g="events",Sg="push",xg="split",Ng="sp
2025-01-14 12:17:08 UTC	16384	IN	Data Raw: 29 29 2c 65 5b 6c 76 5d 26 26 28 65 5b 6c 76 5d 3d 65 61 28 65 5b 6c 76 5d 29 29 29 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 2c 74 29 7b 69 66 28 65 5b 79 76 5d 7c 7c 28 65 5b 79 76 5d 3d 30 29 2c 65 5b 43 76 5d 7c 7c 28 65 5b 43 76 5d 3d 31 29 2c 6c 28 65 29 2c 65 5b 62 76 5d 29 69 66 28 55 7c 7c 61 65 29 65 5b 43 76 5d 3d 33 2c 65 5b 62 76 5d 3d 21 31 3b 65 6c 73 65 20 69 66 28 48 29 72 65 74 75 72 6e 20 57 26 26 28 65 3d 65 61 28 65 29 29 2c 48 5b 72 76 5d 28 45 76 2e 63 72 65 61 74 65 28 65 5b 49 67 5d 2c 5b 65 5d 29 2c 21 30 3d 3d 3d 65 5b 62 76 5d 3f 31 3a 65 5b 62 76 5d 2c 33 29 3b 76 61 72 20 6e 3d 65 5b 43 76 5d 2c 72 3d 63 65 2c 69 3d 52 2c 61 3d 28 34 3d 3d 3d 6e 26 26 28 72 3d 6f 65 2c 69 3d 4f 29 2c 21 31 29 3b 72 3c 69 3f 61 3d 21 43 28 65 2c Data Ascii: )),e[lv]&&(e[lv]=ea(e[lv])))}function a(e,t){if(e[yv]\|\|(e[yv]=0),e[Cv]\|\|(e[Cv]=1),l(e),e[bv])if(U\|\|ae)e[Cv]=3,e[bv]=!1;else if(H)return W&&(e=ea(e)),H[rv](Ev.create(e[Ig],[e]),!0===e[bv]?1:e[bv],3);var n=e[Cv],r=ce,i=R,a=(4===n&&(r=oe,i=O),!1);r<i?a=!C(e,

Analysis Process: 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exePID: 7112, Parent PID: 1028

General

Target ID:	0
Start time:	07:16:55
Start date:	14/01/2025
Path:	C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe"
Imagebase:	0xda0000
File size:	75'410 bytes
MD5 hash:	3E766051D054EFC1054BA59F63730B54
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.2008133839.0000000000DA2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000000.2008133839.0000000000DA2000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	07:17:00
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	07:17:01
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1892,i,3598139274571404283,11396411126130775261,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	07:17:03
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	07:17:03
Start date:	14/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1916,i,9919558999657325056,13372659723111852601,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Xworm

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

HIPS / PFW / Operating System Protection Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Windows Analysis Report
1736856908fb16676aec3e4c808c4bd5cde8e123cc70360266f85ec0ed17050bca6456c9dd274.dat-decoded.exe