Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ZAMOWIEN.EXE.exe

windows7-x64

8

ZAMOWIEN.EXE.exe

windows10-2004-x64

10

Stenklver219.ps1

windows7-x64

3

Stenklver219.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/10/2024, 08:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stenklver219.ps1

  • Size

    52KB

  • MD5

    78082e39dd451e1d5043bcd0d5a72b8e

  • SHA1

    ae870a41f8b0585cacd05d5c6651e83460092325

  • SHA256

    2f554bddfe10ada0fc5106bced02c8fc45e910848688146287d3423ef094a58f

  • SHA512

    8780e10971c1179d341e7f4bfd0089e9586cb05048a75196fbf1a09ec8f48f80ecce8e10b5e5546b311e48bf0c2b2a9e9c481050bfae184f8dfbd7eb5ee984e8

  • SSDEEP

    1536:D+e7Lz+gJMhdGvU91sV6KlRDGzjWqK3f61:SECx+y1swKlcWqAfw

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Stenklver219.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3988
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4120
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4620
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4672
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1576
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4648
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1080
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3268
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4276
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:808
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5048
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3584
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3320
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2444
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2576
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3984
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4216
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4212
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4612
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2012
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2044
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1112
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3172
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1080
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Modifies registry class
    PID:3780
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:3076
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:368
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:3844
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:2024
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:3160
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:3024
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:2536
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:3016
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:2144
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:1904
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:1580
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:3948
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:5056
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:1380
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:2196
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:1636
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:3976
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:3076
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:1552
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:1700
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:1968
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:3300
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:5016
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:4248
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:4308
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:4956
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:4892
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:2864
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:3996
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:2044
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:4356
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:2628
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:3016
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:4232
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:3804
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4844
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:4600
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:952
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:1440
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:2536
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:3976
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:3788
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:2232
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:1952
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:3732
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:520
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:3460
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:3156
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:2020
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:4056
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:4184
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:2040
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:4720
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:900
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:1160
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:4444
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:4268
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:3712
                                                                                                                      • C:\Windows\explorer.exe
                                                                                                                        explorer.exe
                                                                                                                        1⤵
                                                                                                                          PID:400
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                          1⤵
                                                                                                                            PID:2912
                                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                            1⤵
                                                                                                                              PID:4568
                                                                                                                            • C:\Windows\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              1⤵
                                                                                                                                PID:772
                                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                                1⤵
                                                                                                                                  PID:472
                                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                                  1⤵
                                                                                                                                    PID:1452

                                                                                                                                  Network

                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    8.8.8.8.in-addr.arpa
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    8.8.8.8.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    Response
                                                                                                                                    8.8.8.8.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    dnsgoogle
                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    67.31.126.40.in-addr.arpa
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    67.31.126.40.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    Response
                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    g.bing.com
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    g.bing.com
                                                                                                                                    IN A
                                                                                                                                    Response
                                                                                                                                    g.bing.com
                                                                                                                                    IN CNAME
                                                                                                                                    g-bing-com.ax-0001.ax-msedge.net
                                                                                                                                    g-bing-com.ax-0001.ax-msedge.net
                                                                                                                                    IN CNAME
                                                                                                                                    ax-0001.ax-dc-msedge.net
                                                                                                                                    ax-0001.ax-dc-msedge.net
                                                                                                                                    IN A
                                                                                                                                    150.171.29.10
                                                                                                                                    ax-0001.ax-dc-msedge.net
                                                                                                                                    IN A
                                                                                                                                    150.171.30.10
                                                                                                                                  • flag-us
                                                                                                                                    GET
                                                                                                                                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1df0b22ba3624bbe8304845b2e6f7c34&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=
                                                                                                                                    Remote address:
                                                                                                                                    150.171.29.10:443
                                                                                                                                    Request
                                                                                                                                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1df0b22ba3624bbe8304845b2e6f7c34&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid= HTTP/2.0
                                                                                                                                    host: g.bing.com
                                                                                                                                    accept-encoding: gzip, deflate
                                                                                                                                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                                    Response
                                                                                                                                    HTTP/2.0 204
                                                                                                                                    cache-control: no-cache, must-revalidate
                                                                                                                                    pragma: no-cache
                                                                                                                                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                    set-cookie: MUID=21B9BC9D6A7962663638A98F6B7F63C3; domain=.bing.com; expires=Sun, 02-Nov-2025 09:01:27 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                    access-control-allow-origin: *
                                                                                                                                    x-cache: CONFIG_NOCACHE
                                                                                                                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                    x-msedge-ref: Ref A: 78E07C5FA0784B539793CAE998F11B6E Ref B: LON212050719017 Ref C: 2024-10-08T09:01:27Z
                                                                                                                                    date: Tue, 08 Oct 2024 09:01:26 GMT
                                                                                                                                  • flag-us
                                                                                                                                    GET
                                                                                                                                    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=1df0b22ba3624bbe8304845b2e6f7c34&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=
                                                                                                                                    Remote address:
                                                                                                                                    150.171.29.10:443
                                                                                                                                    Request
                                                                                                                                    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=1df0b22ba3624bbe8304845b2e6f7c34&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid= HTTP/2.0
                                                                                                                                    host: g.bing.com
                                                                                                                                    accept-encoding: gzip, deflate
                                                                                                                                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                                    cookie: MUID=21B9BC9D6A7962663638A98F6B7F63C3
                                                                                                                                    Response
                                                                                                                                    HTTP/2.0 204
                                                                                                                                    cache-control: no-cache, must-revalidate
                                                                                                                                    pragma: no-cache
                                                                                                                                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                    set-cookie: MSPTC=cDgcddjjC7CgnRT2L24cS4O9fyOl3Iz7s14eC-Zyfk4; domain=.bing.com; expires=Sun, 02-Nov-2025 09:01:27 GMT; path=/; Partitioned; secure; SameSite=None
                                                                                                                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                    access-control-allow-origin: *
                                                                                                                                    x-cache: CONFIG_NOCACHE
                                                                                                                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                    x-msedge-ref: Ref A: F958345E37974D2ABF436C57FA7E5570 Ref B: LON212050719017 Ref C: 2024-10-08T09:01:27Z
                                                                                                                                    date: Tue, 08 Oct 2024 09:01:26 GMT
                                                                                                                                  • flag-us
                                                                                                                                    GET
                                                                                                                                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1df0b22ba3624bbe8304845b2e6f7c34&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=
                                                                                                                                    Remote address:
                                                                                                                                    150.171.29.10:443
                                                                                                                                    Request
                                                                                                                                    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1df0b22ba3624bbe8304845b2e6f7c34&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid= HTTP/2.0
                                                                                                                                    host: g.bing.com
                                                                                                                                    accept-encoding: gzip, deflate
                                                                                                                                    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                                    cookie: MUID=21B9BC9D6A7962663638A98F6B7F63C3; MSPTC=cDgcddjjC7CgnRT2L24cS4O9fyOl3Iz7s14eC-Zyfk4
                                                                                                                                    Response
                                                                                                                                    HTTP/2.0 204
                                                                                                                                    cache-control: no-cache, must-revalidate
                                                                                                                                    pragma: no-cache
                                                                                                                                    expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                    strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                    access-control-allow-origin: *
                                                                                                                                    x-cache: CONFIG_NOCACHE
                                                                                                                                    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                    x-msedge-ref: Ref A: F654D9B281CD41A7967F80B7CA574D60 Ref B: LON212050719017 Ref C: 2024-10-08T09:01:27Z
                                                                                                                                    date: Tue, 08 Oct 2024 09:01:26 GMT
                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    10.29.171.150.in-addr.arpa
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    10.29.171.150.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    Response
                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    95.221.229.192.in-addr.arpa
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    95.221.229.192.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    Response
                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    56.163.245.4.in-addr.arpa
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    56.163.245.4.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    Response
                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    15.164.165.52.in-addr.arpa
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    15.164.165.52.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    Response
                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    75.117.19.2.in-addr.arpa
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    75.117.19.2.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    Response
                                                                                                                                    75.117.19.2.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    a2-19-117-75deploystaticakamaitechnologiescom
                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    83.210.23.2.in-addr.arpa
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    83.210.23.2.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    Response
                                                                                                                                    83.210.23.2.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    a2-23-210-83deploystaticakamaitechnologiescom
                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    88.210.23.2.in-addr.arpa
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    88.210.23.2.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    Response
                                                                                                                                    88.210.23.2.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    a2-23-210-88deploystaticakamaitechnologiescom
                                                                                                                                  • flag-us
                                                                                                                                    DNS
                                                                                                                                    43.229.111.52.in-addr.arpa
                                                                                                                                    Remote address:
                                                                                                                                    8.8.8.8:53
                                                                                                                                    Request
                                                                                                                                    43.229.111.52.in-addr.arpa
                                                                                                                                    IN PTR
                                                                                                                                    Response
                                                                                                                                  • 150.171.29.10:443
                                                                                                                                    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1df0b22ba3624bbe8304845b2e6f7c34&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=
                                                                                                                                    tls, http2
                                                                                                                                    2.0kB
                                                                                                                                     9.3kB
                                                                                                                                     21
                                                                                                                                    18

                                                                                                                                    HTTP Request

                                                                                                                                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1df0b22ba3624bbe8304845b2e6f7c34&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=

                                                                                                                                    HTTP Response

                                                                                                                                    204

                                                                                                                                    HTTP Request

                                                                                                                                    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=1df0b22ba3624bbe8304845b2e6f7c34&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=

                                                                                                                                    HTTP Response

                                                                                                                                    204

                                                                                                                                    HTTP Request

                                                                                                                                    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=1df0b22ba3624bbe8304845b2e6f7c34&localId=w:0C449796-1E55-FEFD-C5A5-A0B044A63D2B&deviceId=6896208601980624&anid=

                                                                                                                                    HTTP Response

                                                                                                                                    204
                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    8.8.8.8.in-addr.arpa
                                                                                                                                    dns
                                                                                                                                    66 B
                                                                                                                                     90 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    8.8.8.8.in-addr.arpa

                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    67.31.126.40.in-addr.arpa
                                                                                                                                    dns
                                                                                                                                    71 B
                                                                                                                                     157 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    67.31.126.40.in-addr.arpa

                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    g.bing.com
                                                                                                                                    dns
                                                                                                                                    56 B
                                                                                                                                     169 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    g.bing.com

                                                                                                                                    DNS Response

                                                                                                                                    150.171.29.10
                                                                                                                                    150.171.30.10

                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    10.29.171.150.in-addr.arpa
                                                                                                                                    dns
                                                                                                                                    72 B
                                                                                                                                     158 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    10.29.171.150.in-addr.arpa

                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    95.221.229.192.in-addr.arpa
                                                                                                                                    dns
                                                                                                                                    73 B
                                                                                                                                     144 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    95.221.229.192.in-addr.arpa

                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    56.163.245.4.in-addr.arpa
                                                                                                                                    dns
                                                                                                                                    71 B
                                                                                                                                     157 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    56.163.245.4.in-addr.arpa

                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    15.164.165.52.in-addr.arpa
                                                                                                                                    dns
                                                                                                                                    72 B
                                                                                                                                     146 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    15.164.165.52.in-addr.arpa

                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    75.117.19.2.in-addr.arpa
                                                                                                                                    dns
                                                                                                                                    70 B
                                                                                                                                     133 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    75.117.19.2.in-addr.arpa

                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    83.210.23.2.in-addr.arpa
                                                                                                                                    dns
                                                                                                                                    70 B
                                                                                                                                     133 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    83.210.23.2.in-addr.arpa

                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    88.210.23.2.in-addr.arpa
                                                                                                                                    dns
                                                                                                                                    70 B
                                                                                                                                     133 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    88.210.23.2.in-addr.arpa

                                                                                                                                  • 8.8.8.8:53
                                                                                                                                    43.229.111.52.in-addr.arpa
                                                                                                                                    dns
                                                                                                                                    72 B
                                                                                                                                     158 B
                                                                                                                                     1
                                                                                                                                    1

                                                                                                                                    DNS Request

                                                                                                                                    43.229.111.52.in-addr.arpa

                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    a618493197cc52edc1c08d6c9e1824e0

                                                                                                                                    SHA1

                                                                                                                                    e51d50561441815c616e50ee6911f510d3f88cd1

                                                                                                                                    SHA256

                                                                                                                                    35b608c234c9b7b13aec1c5384c6323373eb19eee3f8b3252e2c041e16826563

                                                                                                                                    SHA512

                                                                                                                                    87911a27196bb7b2c30620be4630c6a8f07de6153b4f0384eb763718d4cdb6f386ae82d44d147491b4f7a130de19cdecc6e9df7f0e82fcb343df4d3c5f1ab417

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133728516938843997.txt
                                                                                                                                    Filesize

                                                                                                                                    75KB

                                                                                                                                    MD5

                                                                                                                                    365f545712de2d39de46479997c0934e

                                                                                                                                    SHA1

                                                                                                                                    f5b80930d3fd23a22d396c37edf1fc4788d3224b

                                                                                                                                    SHA256

                                                                                                                                    0e42a8646a54fa06f027a2f0d147e654d8e6d06d0ab6ece4902ed40f64a6929f

                                                                                                                                    SHA512

                                                                                                                                    6b2f3ee9133864513e2a1df1b5c46c39dd48140c1a0b4d129b4c7e08e3e1b320787c1e64536201b7ad066dab3720a7b4c36fdfd728602cf90bc1fea7978ec72d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\YOZOSN6K\microsoft.windows[1].xml
                                                                                                                                    Filesize

                                                                                                                                    97B

                                                                                                                                    MD5

                                                                                                                                    e6ba99d8293b4c7951bad0a2c6761b8e

                                                                                                                                    SHA1

                                                                                                                                    87aaf2d975cdef4db219e4f9f2b1469dd05a6b0b

                                                                                                                                    SHA256

                                                                                                                                    773b2b8b752a5bfd3d93b7475dbb7f659bad014ffd06292ee0450c216892ac29

                                                                                                                                    SHA512

                                                                                                                                    e6861e87688861f4c43d80f9e98996fc476a11d4e147eb3c55f66d6f1abc065690e2662dd34dca32c0284b64056b95142d932697aa1fa6d6b755ef0f57031ee0

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0cdguf1a.x15.ps1
                                                                                                                                    Filesize

                                                                                                                                    60B

                                                                                                                                    MD5

                                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                    SHA1

                                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                    SHA256

                                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                    SHA512

                                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                    Download Submit

                                                                                                                                  • memory/368-1056-0x0000000004EB0000-0x0000000004EB1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/808-315-0x0000000004D70000-0x0000000004D71000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-904-0x0000024060760000-0x0000024060860000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-172-0x0000000004C00000-0x0000000004C01000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-905-0x0000024060760000-0x0000024060860000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-909-0x00000240616C0000-0x00000240616E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-931-0x0000024061CA0000-0x0000024061CC0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1080-918-0x0000024061680000-0x00000240616A0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/1112-902-0x0000000004E40000-0x0000000004E41000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/2024-1058-0x00000166B8940000-0x00000166B8A40000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2024-1057-0x00000166B8940000-0x00000166B8A40000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2024-1071-0x00000166B9850000-0x00000166B9870000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2024-1062-0x00000166B9890000-0x00000166B98B0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2024-1094-0x00000166B9E60000-0x00000166B9E80000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2044-773-0x0000027E65FB0000-0x0000027E65FD0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2044-756-0x0000027E64F00000-0x0000027E65000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2044-784-0x0000027E665C0000-0x0000027E665E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2044-757-0x0000027E64F00000-0x0000027E65000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2044-761-0x0000027E66200000-0x0000027E66220000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2536-1207-0x0000020E2E600000-0x0000020E2E700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2536-1211-0x0000020E2F4E0000-0x0000020E2F500000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2536-1206-0x0000020E2E600000-0x0000020E2E700000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/2536-1243-0x0000020E2FAC0000-0x0000020E2FAE0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2536-1223-0x0000020E2F4A0000-0x0000020E2F4C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2576-493-0x0000016A184C0000-0x0000016A184E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2576-467-0x0000016A17CE0000-0x0000016A17D00000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2576-479-0x0000016A17CA0000-0x0000016A17CC0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/2576-462-0x0000016A17000000-0x0000016A17100000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3016-1342-0x00000000043E0000-0x00000000043E1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3160-1204-0x00000000042F0000-0x00000000042F1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3320-460-0x0000000003F60000-0x0000000003F61000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3584-322-0x0000026A85100000-0x0000026A85120000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3584-334-0x0000026A84DB0000-0x0000026A84DD0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3584-318-0x0000026A84300000-0x0000026A84400000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/3584-345-0x0000026A856C0000-0x0000026A856E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/3984-606-0x0000000004C50000-0x0000000004C51000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-11-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-13-0x0000021BF1BB0000-0x0000021BF1BDA000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    168KB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-14-0x0000021BF1BB0000-0x0000021BF1BD4000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    144KB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-12-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-20-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-1-0x0000021BF16B0000-0x0000021BF16D2000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-0-0x00007FFB99D13000-0x00007FFB99D15000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    8KB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-15-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-17-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-18-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/3988-19-0x00007FFB99D10000-0x00007FFB9A7D1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    10.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-609-0x000002C1D4F00000-0x000002C1D5000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-645-0x000002C1D6410000-0x000002C1D6430000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-610-0x000002C1D4F00000-0x000002C1D5000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-613-0x000002C1D6040000-0x000002C1D6060000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-608-0x000002C1D4F00000-0x000002C1D5000000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4212-626-0x000002C1D6000000-0x000002C1D6020000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4276-173-0x000001CD3D100000-0x000001CD3D200000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4276-178-0x000001CD3E260000-0x000001CD3E280000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4276-196-0x000001CD3E630000-0x000001CD3E650000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4276-186-0x000001CD3E220000-0x000001CD3E240000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4612-754-0x00000000042E0000-0x00000000042E1000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-26-0x0000020B3C400000-0x0000020B3C500000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-40-0x0000020B3D2A0000-0x0000020B3D2C0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-52-0x0000020B3D8C0000-0x0000020B3D8E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4648-30-0x0000020B3D2E0000-0x0000020B3D300000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    128KB

                                                                                                                                    Download

                                                                                                                                  • memory/4672-24-0x0000000004840000-0x0000000004841000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    Download

                                                                                                                                  We care about your privacy.

                                                                                                                                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.