Analysis

  • max time kernel
    67s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-09-2024 17:14

General

  • Target

    d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe

  • Size

    283KB

  • MD5

    d8ac1a2a9fb227f8576173998c051b92

  • SHA1

    e3b503faae20493f94ef5f1db20bd4a3aa15e935

  • SHA256

    acb61dc0c48b61805bda7444ddadb249f1178fb8bb79f32f83629f8b01de1a97

  • SHA512

    4ede761bddbf34634b755d22562ca467c414c9c1890e73d0a28ed52e2409e477ee17b641655791f0ce0167032965b3a528ee1584ca4f518033469fbd51f41386

  • SSDEEP

    6144:VDplscscrEZGUT1eIbLNPSkLpwDDMfZbwVts92qo1bY:1bBEZTeWsJDMdwV292qo1b

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Disables taskbar notifications via registry modification
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2952
    • C:\Users\Admin\AppData\Local\Temp\d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\29784\3F4D5.exe%C:\Users\Admin\AppData\Roaming\29784
      2⤵
      • System Location Discovery: System Language Discovery
      PID:640
    • C:\Users\Admin\AppData\Local\Temp\d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe startC:\Program Files (x86)\84F9A\lvvm.exe%C:\Program Files (x86)\84F9A
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1372
    • C:\Program Files (x86)\LP\D5D2\1DA5.tmp
      "C:\Program Files (x86)\LP\D5D2\1DA5.tmp"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:1244
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3360
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4636
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1352
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3472
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1316
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4060
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3676
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:464
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4184
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1156
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4232
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3740
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    PID:4952
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3052
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3616
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3652
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3424
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4776
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1600
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2552
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4596
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2256
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2148
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2792
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1104
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3668
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    PID:1936
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:2052
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:1532
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:5060
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:1488
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3964
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:3632
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:2088
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:2080
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2272
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3640
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3064
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4348
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:1584
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4636
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:3476
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:4168
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:1488
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4128
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3968
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4204
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:4536
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:2000
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:4596
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:3612
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:3516
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:4440
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2524
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:4480
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:5056
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4184
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:464
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:1888
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:1264
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:4112
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:3396
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:1844
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:4584
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:1900
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:1628
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:1488
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:2816
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:4792
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                        1⤵
                                                                                          PID:4680
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                          1⤵
                                                                                            PID:4116
                                                                                          • C:\Windows\explorer.exe
                                                                                            explorer.exe
                                                                                            1⤵
                                                                                              PID:1464
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                              1⤵
                                                                                                PID:3216
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                  PID:4184
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:3704
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                    1⤵
                                                                                                      PID:4408

                                                                                                    Network

                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      72.32.126.40.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      72.32.126.40.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      knowledgesutra.com
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      knowledgesutra.com
                                                                                                      IN A
                                                                                                      Response
                                                                                                      knowledgesutra.com
                                                                                                      IN A
                                                                                                      15.197.148.33
                                                                                                      knowledgesutra.com
                                                                                                      IN A
                                                                                                      3.33.130.190
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      renamesys5.com
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      renamesys5.com
                                                                                                      IN A
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      GET
                                                                                                      http://knowledgesutra.com/img/temp/head.png?pr=gHZutDyMv5rJejHia9nrmsl6giWz%2BJZbVyA%3D
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      Remote address:
                                                                                                      15.197.148.33:80
                                                                                                      Request
                                                                                                      GET /img/temp/head.png?pr=gHZutDyMv5rJejHia9nrmsl6giWz%2BJZbVyA%3D HTTP/1.0
                                                                                                      Connection: close
                                                                                                      Host: knowledgesutra.com
                                                                                                      Accept: */*
                                                                                                      User-Agent: chrome/9.0
                                                                                                      Response
                                                                                                      HTTP/1.1 200 OK
                                                                                                      Server: openresty
                                                                                                      Date: Tue, 10 Sep 2024 17:14:38 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 158
                                                                                                      Connection: close
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      33.148.197.15.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      33.148.197.15.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                      33.148.197.15.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      a2aa9ff50de748dbeawsglobalacceleratorcom
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      renamesys5.com
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      renamesys5.com
                                                                                                      IN A
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      limfoklubs.com
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      limfoklubs.com
                                                                                                      IN A
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      ourdatatransfers.com
                                                                                                      1DA5.tmp
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      ourdatatransfers.com
                                                                                                      IN A
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      givishoolstome.com
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      givishoolstome.com
                                                                                                      IN A
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      233.143.123.92.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      233.143.123.92.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                      233.143.123.92.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      a92-123-143-233deploystaticakamaitechnologiescom
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      www.google.com
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      www.google.com
                                                                                                      IN A
                                                                                                      Response
                                                                                                      www.google.com
                                                                                                      IN A
                                                                                                      142.250.178.4
                                                                                                    • flag-gb
                                                                                                      GET
                                                                                                      http://www.google.com/
                                                                                                      Remote address:
                                                                                                      142.250.178.4:80
                                                                                                      Request
                                                                                                      GET / HTTP/1.0
                                                                                                      Connection: close
                                                                                                      Host: www.google.com
                                                                                                      Accept: */*
                                                                                                      Response
                                                                                                      HTTP/1.0 302 Found
                                                                                                      Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGLn9gbcGIjDG8DXyjPeY11p1TbWJrO_l0eylYkADpR7Khx8AnBkVt6V_4OR4ZQi2vmTit8M9GloyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                      x-hallmonitor-challenge: CgwIuv2BtwYQ-sjxugESBMJuDUY
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-4VNKacnm099q2C7hdfC3IA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                      Date: Tue, 10 Sep 2024 17:15:38 GMT
                                                                                                      Server: gws
                                                                                                      Content-Length: 396
                                                                                                      X-XSS-Protection: 0
                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                      Set-Cookie: AEC=AVYB7coPfbiFn-sY9_8h23pedal5igF9M0Hdl9B5oSKVP4HX8s1tnFCUog; expires=Sun, 09-Mar-2025 17:15:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                    • flag-gb
                                                                                                      GET
                                                                                                      http://www.google.com/
                                                                                                      Remote address:
                                                                                                      142.250.178.4:80
                                                                                                      Request
                                                                                                      GET / HTTP/1.1
                                                                                                      Connection: close
                                                                                                      Pragma: no-cache
                                                                                                      Host: www.google.com
                                                                                                      Response
                                                                                                      HTTP/1.1 302 Found
                                                                                                      Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGLv9gbcGIjDjwpTeqtTUnkTdrouWak7UiJ-GgZLx--0qn_lEuemkUKniC87j-e4ixbb3vgFVj_0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                      x-hallmonitor-challenge: CgsIvP2BtwYQybKZexIEwm4NRg
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-2DoYu-MqGzGIS9h-hr7q2w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                      Date: Tue, 10 Sep 2024 17:15:40 GMT
                                                                                                      Server: gws
                                                                                                      Content-Length: 396
                                                                                                      X-XSS-Protection: 0
                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                      Set-Cookie: AEC=AVYB7coL9pyErjYNa_TkU0n6oIEuRiSxHvOZ9IuLVJb_HDlTHWBkgVcYLQc; expires=Sun, 09-Mar-2025 17:15:40 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                      Connection: close
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      4.178.250.142.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      4.178.250.142.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                      4.178.250.142.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      lhr48s27-in-f41e100net
                                                                                                    • flag-gb
                                                                                                      GET
                                                                                                      http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGLv9gbcGIjDjwpTeqtTUnkTdrouWak7UiJ-GgZLx--0qn_lEuemkUKniC87j-e4ixbb3vgFVj_0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                      Remote address:
                                                                                                      142.250.178.4:80
                                                                                                      Request
                                                                                                      GET /sorry/index?continue=http://www.google.com/&q=EgTCbg1GGLv9gbcGIjDjwpTeqtTUnkTdrouWak7UiJ-GgZLx--0qn_lEuemkUKniC87j-e4ixbb3vgFVj_0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                      Connection: close
                                                                                                      Pragma: no-cache
                                                                                                      Host: www.google.com
                                                                                                      Response
                                                                                                      HTTP/1.1 429 Too Many Requests
                                                                                                      Date: Tue, 10 Sep 2024 17:15:40 GMT
                                                                                                      Pragma: no-cache
                                                                                                      Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                      Content-Type: text/html
                                                                                                      Server: HTTP server (unknown)
                                                                                                      Content-Length: 3052
                                                                                                      X-XSS-Protection: 0
                                                                                                      Connection: close
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      14.227.111.52.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      14.227.111.52.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • 15.197.148.33:80
                                                                                                      http://knowledgesutra.com/img/temp/head.png?pr=gHZutDyMv5rJejHia9nrmsl6giWz%2BJZbVyA%3D
                                                                                                      http
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      391 B
                                                                                                      470 B
                                                                                                      5
                                                                                                      4

                                                                                                      HTTP Request

                                                                                                      GET http://knowledgesutra.com/img/temp/head.png?pr=gHZutDyMv5rJejHia9nrmsl6giWz%2BJZbVyA%3D

                                                                                                      HTTP Response

                                                                                                      200
                                                                                                    • 142.250.178.4:80
                                                                                                      http://www.google.com/
                                                                                                      http
                                                                                                      302 B
                                                                                                      1.4kB
                                                                                                      5
                                                                                                      4

                                                                                                      HTTP Request

                                                                                                      GET http://www.google.com/

                                                                                                      HTTP Response

                                                                                                      302
                                                                                                    • 142.250.178.4:80
                                                                                                      http://www.google.com/
                                                                                                      http
                                                                                                      307 B
                                                                                                      1.5kB
                                                                                                      5
                                                                                                      5

                                                                                                      HTTP Request

                                                                                                      GET http://www.google.com/

                                                                                                      HTTP Response

                                                                                                      302
                                                                                                    • 142.250.178.4:80
                                                                                                      http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGLv9gbcGIjDjwpTeqtTUnkTdrouWak7UiJ-GgZLx--0qn_lEuemkUKniC87j-e4ixbb3vgFVj_0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                      http
                                                                                                      578 B
                                                                                                      3.7kB
                                                                                                      7
                                                                                                      8

                                                                                                      HTTP Request

                                                                                                      GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGLv9gbcGIjDjwpTeqtTUnkTdrouWak7UiJ-GgZLx--0qn_lEuemkUKniC87j-e4ixbb3vgFVj_0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

                                                                                                      HTTP Response

                                                                                                      429
                                                                                                    • 127.0.0.1:56586
                                                                                                    • 127.0.0.1:56586
                                                                                                    • 8.8.8.8:53
                                                                                                      72.32.126.40.in-addr.arpa
                                                                                                      dns
                                                                                                      71 B
                                                                                                      157 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      72.32.126.40.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      knowledgesutra.com
                                                                                                      dns
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      64 B
                                                                                                      96 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      knowledgesutra.com

                                                                                                      DNS Response

                                                                                                      15.197.148.33
                                                                                                      3.33.130.190

                                                                                                    • 8.8.8.8:53
                                                                                                      renamesys5.com
                                                                                                      dns
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      60 B
                                                                                                      133 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      renamesys5.com

                                                                                                    • 8.8.8.8:53
                                                                                                      33.148.197.15.in-addr.arpa
                                                                                                      dns
                                                                                                      72 B
                                                                                                      128 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      33.148.197.15.in-addr.arpa

                                                                                                    • 224.0.0.251:5353
                                                                                                      168 B
                                                                                                      3
                                                                                                    • 8.8.8.8:53
                                                                                                      renamesys5.com
                                                                                                      dns
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      60 B
                                                                                                      133 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      renamesys5.com

                                                                                                    • 8.8.8.8:53
                                                                                                      limfoklubs.com
                                                                                                      dns
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      60 B
                                                                                                      133 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      limfoklubs.com

                                                                                                    • 8.8.8.8:53
                                                                                                      ourdatatransfers.com
                                                                                                      dns
                                                                                                      1DA5.tmp
                                                                                                      66 B
                                                                                                      139 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      ourdatatransfers.com

                                                                                                    • 8.8.8.8:53
                                                                                                      givishoolstome.com
                                                                                                      dns
                                                                                                      d8ac1a2a9fb227f8576173998c051b92_JaffaCakes118.exe
                                                                                                      64 B
                                                                                                      137 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      givishoolstome.com

                                                                                                    • 8.8.8.8:53
                                                                                                      233.143.123.92.in-addr.arpa
                                                                                                      dns
                                                                                                      73 B
                                                                                                      139 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      233.143.123.92.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      www.google.com
                                                                                                      dns
                                                                                                      60 B
                                                                                                      76 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      www.google.com

                                                                                                      DNS Response

                                                                                                      142.250.178.4

                                                                                                    • 8.8.8.8:53
                                                                                                      4.178.250.142.in-addr.arpa
                                                                                                      dns
                                                                                                      72 B
                                                                                                      110 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      4.178.250.142.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      14.227.111.52.in-addr.arpa
                                                                                                      dns
                                                                                                      72 B
                                                                                                      158 B
                                                                                                      1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      14.227.111.52.in-addr.arpa

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Program Files (x86)\LP\D5D2\1DA5.tmp

                                                                                                      Filesize

                                                                                                      99KB

                                                                                                      MD5

                                                                                                      8512e7236d6f175a95604ed7d843b20a

                                                                                                      SHA1

                                                                                                      7f35c53dce0af6129bca3d199a84235df9bd6ef4

                                                                                                      SHA256

                                                                                                      1cd98423b66062336bd5d06de36b0747482abeb4e526a9719d3d659bc3fc0edd

                                                                                                      SHA512

                                                                                                      2031122102d22b834d33eecfb123f422bab250222774f2d2ce1f2d3e9df87a27202979f0cbf42592d92c5c164a133b56272202da1a61d3a84549ddb32fd70542

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\9V1S48VT\microsoft.windows[1].xml

                                                                                                      Filesize

                                                                                                      97B

                                                                                                      MD5

                                                                                                      98b1dad1a67b6bf36917dfd796c7bb21

                                                                                                      SHA1

                                                                                                      1d2531a422067e26edfb597d5867a460825fb6ca

                                                                                                      SHA256

                                                                                                      1cbca2471a6fa64edf22436b5bdc8ff42dec923742f453dd7a43e2b0a7903060

                                                                                                      SHA512

                                                                                                      dced526f0253d39eaae237ead391cd3e27d4fc13b052d1d8db8d3d34540e829e46c36c97e78136965672c3050ff6761bd079b6c76fe00efae2f2fb0480c4f719

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      176442afa3b8d29daac557e30c348290

                                                                                                      SHA1

                                                                                                      847c5b132b01770890354b27987a1f2bc0a00400

                                                                                                      SHA256

                                                                                                      bab5d71e128fd6a6e519e4c45bc7f8e85c98024339b4dd9120894fd71d39e0e6

                                                                                                      SHA512

                                                                                                      842b9e3f4dbf75030aa68d5a00f60b78b223d174ba795595794abad9a3e08571354ea6d2ba50c8abfffed6765a3ca76ac2b38971a8fc86b850961c1946099731

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133704621025473991.txt

                                                                                                      Filesize

                                                                                                      74KB

                                                                                                      MD5

                                                                                                      7dbe54f061368a377febb408cc760ecf

                                                                                                      SHA1

                                                                                                      7607444d07eb7b36a22be31fe6125b6f0d63dd2f

                                                                                                      SHA256

                                                                                                      3ca5c83582db67db4bd770481a8a8e2338eed34890cadc0ba2e2fa3c72fc1302

                                                                                                      SHA512

                                                                                                      e5620c9423bbc923ccc8e510e75f8c7309ce21bdc5a139385c546650d9e15c2b679e5cd2ad4d4a37b94d177562bccb4b117f1242f257503a959ae2f584524cdb

                                                                                                    • C:\Users\Admin\AppData\Roaming\29784\4F9A.978

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      0b67687bf411a8e9559218ecba275ee3

                                                                                                      SHA1

                                                                                                      18f6ddd54d824bd650176b26d95693e491a81680

                                                                                                      SHA256

                                                                                                      253aef5c4b094cbf44e0aaa9720b2345a44082c777fcc331dcbb6029375bdae2

                                                                                                      SHA512

                                                                                                      1f920ef0e7b90bbe6d80c629fb06e6b65381d24bc20c5a6777ec2dc2c3fd3d172991196bcc797ecda6a4779b8cec1c226a890fb41770d63d15d82d95da73fff5

                                                                                                    • C:\Users\Admin\AppData\Roaming\29784\4F9A.978

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      2dbab937ebeccac1a0dddd2bef02f598

                                                                                                      SHA1

                                                                                                      adcc29e9612bbd140b51a96e56291178e4185628

                                                                                                      SHA256

                                                                                                      552464d054bc5fedc306423bc0422d62a0cea4846809a5f21eb0bbc3d4428c40

                                                                                                      SHA512

                                                                                                      5e412037f3e6323a58fd061f1261b37c7445a8c8d840877b2b09f4c97739adafe24006da5f163a25b7e97644c12e4d5f80f5e62c7c2258cd91f4bc5fb7afba40

                                                                                                    • C:\Users\Admin\AppData\Roaming\29784\4F9A.978

                                                                                                      Filesize

                                                                                                      600B

                                                                                                      MD5

                                                                                                      aded4167cbfcdf208b6460e913f41e73

                                                                                                      SHA1

                                                                                                      5dfb23c0bcdc26c73775c761ddb2d5576eef5d61

                                                                                                      SHA256

                                                                                                      7d3aac18aa72328bf4a1f9bfe4d4f87994666795a57aab26210aa017eabd3661

                                                                                                      SHA512

                                                                                                      9ec9755657b4ea4d0a21886bbb233ffd70dc305a33fdafad2b097b3377c5339d81ec1bb41b8557e42e7a1527a25f0786b68f0c07330ff4410d47e75b0b06e8b4

                                                                                                    • C:\Users\Admin\AppData\Roaming\29784\4F9A.978

                                                                                                      Filesize

                                                                                                      996B

                                                                                                      MD5

                                                                                                      873db6c263189c0c1d386763ac852b42

                                                                                                      SHA1

                                                                                                      6571a4e74c4444b373529e646a1235e17b2eaaf4

                                                                                                      SHA256

                                                                                                      ae225ef53a6a8899790c11bfa8c562116b83f1d38a85c0f94ffc11bdbef437bb

                                                                                                      SHA512

                                                                                                      225a287859dc05a4e66aab708a6df8014398393fc8ee099808c353f5ea596350608012967d9308896b417570f2498c4f698361c6476f95b7d3732cf1305c986d

                                                                                                    • memory/464-152-0x000001901B620000-0x000001901B640000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/464-146-0x000001901B660000-0x000001901B680000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/464-141-0x000001901A500000-0x000001901A600000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/464-177-0x000001901BA60000-0x000001901BA80000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/640-15-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                      Filesize

                                                                                                      428KB

                                                                                                    • memory/640-16-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                      Filesize

                                                                                                      428KB

                                                                                                    • memory/640-13-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                      Filesize

                                                                                                      428KB

                                                                                                    • memory/1244-313-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                                      Filesize

                                                                                                      112KB

                                                                                                    • memory/1372-70-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                      Filesize

                                                                                                      428KB

                                                                                                    • memory/1532-1203-0x0000015AE5E00000-0x0000015AE5F00000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/1532-1208-0x0000015AE6F40000-0x0000015AE6F60000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/1532-1204-0x0000015AE5E00000-0x0000015AE5F00000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/1532-1230-0x0000015AE7310000-0x0000015AE7330000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/1532-1220-0x0000015AE6F00000-0x0000015AE6F20000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/1936-1201-0x0000000002300000-0x0000000002301000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/2148-913-0x0000015A95E00000-0x0000015A95F00000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/2148-915-0x0000015A95E00000-0x0000015A95F00000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/2148-918-0x0000015A96D30000-0x0000015A96D50000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2148-942-0x0000015A97300000-0x0000015A97320000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2148-931-0x0000015A96CF0000-0x0000015A96D10000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2552-766-0x000002AF07120000-0x000002AF07140000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2552-761-0x000002AF06300000-0x000002AF06400000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/2552-792-0x000002AF07700000-0x000002AF07720000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2552-779-0x000002AF070E0000-0x000002AF07100000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/2552-763-0x000002AF06300000-0x000002AF06400000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/2792-1087-0x0000000004A20000-0x0000000004A21000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/2952-1-0x0000000000400000-0x0000000000468000-memory.dmp

                                                                                                      Filesize

                                                                                                      416KB

                                                                                                    • memory/2952-1318-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                      Filesize

                                                                                                      428KB

                                                                                                    • memory/2952-2-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                      Filesize

                                                                                                      428KB

                                                                                                    • memory/2952-11-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                      Filesize

                                                                                                      428KB

                                                                                                    • memory/2952-453-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                      Filesize

                                                                                                      428KB

                                                                                                    • memory/2952-68-0x0000000000400000-0x000000000046B000-memory.dmp

                                                                                                      Filesize

                                                                                                      428KB

                                                                                                    • memory/2952-14-0x0000000000400000-0x0000000000468000-memory.dmp

                                                                                                      Filesize

                                                                                                      416KB

                                                                                                    • memory/3052-467-0x0000022338F10000-0x0000022338F30000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3052-490-0x00000223394E0000-0x0000022339500000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3052-464-0x0000022338000000-0x0000022338100000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/3052-462-0x0000022338000000-0x0000022338100000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/3052-476-0x0000022338ED0000-0x0000022338EF0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3424-624-0x000001FBF6EE0000-0x000001FBF6F00000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3424-636-0x000001FBF7500000-0x000001FBF7520000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3424-613-0x000001FBF6F20000-0x000001FBF6F40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3616-606-0x00000000040B0000-0x00000000040B1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/3668-1090-0x0000026FD9600000-0x0000026FD9700000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/3668-1089-0x0000026FD9600000-0x0000026FD9700000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/3668-1094-0x00000277DBBE0000-0x00000277DBC00000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3668-1104-0x00000277DBBA0000-0x00000277DBBC0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3668-1126-0x00000277DC2B0000-0x00000277DC2D0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/3740-460-0x0000000004070000-0x0000000004071000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4060-139-0x0000000004320000-0x0000000004321000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4184-317-0x0000000004B50000-0x0000000004B51000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4232-323-0x000001FAA40C0000-0x000001FAA40E0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4232-349-0x000001FAA4490000-0x000001FAA44B0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4232-336-0x000001FAA4080000-0x000001FAA40A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                    • memory/4232-320-0x000001FAA3000000-0x000001FAA3100000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/4232-318-0x000001FAA3000000-0x000001FAA3100000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                    • memory/4596-911-0x0000000004E50000-0x0000000004E51000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/4776-759-0x0000000004140000-0x0000000004141000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    • memory/5060-1344-0x0000000004BA0000-0x0000000004BA1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                    We care about your privacy.

                                                                                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.