Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f1a872932a...c9.exe

windows7-x64

8

f1a872932a...c9.exe

windows10-2004-x64

10

Sakset.ps1

windows7-x64

6

Sakset.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    55s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 02:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sakset.ps1

  • Size

    52KB

  • MD5

    87d2841aab88bd011520d4b98298992f

  • SHA1

    cbdf74d62edcca1c96f44929c396383a405252f8

  • SHA256

    158c5134e2910f62d058a85124b81070ba5953276b7a0354ecb5fcc20db58b95

  • SHA512

    98d6af4ebafdd61012e0e8daf6c73526e016783f710bda0a17be859d9e9bf7411e914ff531d93b276f206713d47612a252d5bf27329044f8c7fb1a096311a603

  • SSDEEP

    1536:aTWK9EAa2SsfqrQwGXkNJAHBJOYhFQTWfT:aP9EOk0kshJNayT

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 13 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates connected drives 3 TTPs 26 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Sakset.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2192
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2604
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1128
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1092
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2856
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4212
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:2640
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3620
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3584
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3176
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:428
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1020
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3472
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3436
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3664
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5072
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3380
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:452
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2124
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4280
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2796
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4716
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5032
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4408
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4580
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1964
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2220
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4796
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1972
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3480
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4448
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4824
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2632
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4456
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3012
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:4712
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4820
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:4316
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:60
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:3472
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:3744
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4364
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4228
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:2992
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:232
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:4516
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:400
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:2668
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:1972
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2908
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:2996
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:3068
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:3228
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:3888
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:2888
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:5000
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4404
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:3484
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:5096
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:1304
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:4556
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:672
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:2000
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:2160
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:64
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:3816
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:1124
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:2580
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:3988
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:3544
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:3896
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:4904
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:204
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:4568
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:672
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:524
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:3000
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:1444
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:2244
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:4052
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:2788
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:3560
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:4992
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:1608
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:740
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:4420
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:4112
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:1296
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:2304
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:3348
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:2320
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                    1⤵
                                                                                                                      PID:368
                                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                      1⤵
                                                                                                                        PID:3672

                                                                                                                      Network

                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        8.8.8.8.in-addr.arpa
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        8.8.8.8.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        Response
                                                                                                                        8.8.8.8.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        dnsgoogle
                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        68.159.190.20.in-addr.arpa
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        68.159.190.20.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        Response
                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        240.221.184.93.in-addr.arpa
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        240.221.184.93.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        Response
                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        g.bing.com
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        g.bing.com
                                                                                                                        IN A
                                                                                                                        Response
                                                                                                                        g.bing.com
                                                                                                                        IN CNAME
                                                                                                                        g-bing-com.ax-0001.ax-msedge.net
                                                                                                                        g-bing-com.ax-0001.ax-msedge.net
                                                                                                                        IN CNAME
                                                                                                                        ax-0001.ax-msedge.net
                                                                                                                        ax-0001.ax-msedge.net
                                                                                                                        IN A
                                                                                                                        150.171.28.10
                                                                                                                        ax-0001.ax-msedge.net
                                                                                                                        IN A
                                                                                                                        150.171.27.10
                                                                                                                      • flag-us
                                                                                                                        GET
                                                                                                                        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d47609dd04904d668af39577f971a783&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
                                                                                                                        Remote address:
                                                                                                                        150.171.28.10:443
                                                                                                                        Request
                                                                                                                        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d47609dd04904d668af39577f971a783&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
                                                                                                                        host: g.bing.com
                                                                                                                        accept-encoding: gzip, deflate
                                                                                                                        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                        Response
                                                                                                                        HTTP/2.0 204
                                                                                                                        cache-control: no-cache, must-revalidate
                                                                                                                        pragma: no-cache
                                                                                                                        expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                        set-cookie: MUID=257676AF9B8969813F1863BC9A4B68C3; domain=.bing.com; expires=Mon, 03-Nov-2025 02:36:20 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                        access-control-allow-origin: *
                                                                                                                        x-cache: CONFIG_NOCACHE
                                                                                                                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                        x-msedge-ref: Ref A: 96A7E2D49F4E48AA854E3106A9CE6011 Ref B: LON601060105031 Ref C: 2024-10-09T02:36:20Z
                                                                                                                        date: Wed, 09 Oct 2024 02:36:19 GMT
                                                                                                                      • flag-us
                                                                                                                        GET
                                                                                                                        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d47609dd04904d668af39577f971a783&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
                                                                                                                        Remote address:
                                                                                                                        150.171.28.10:443
                                                                                                                        Request
                                                                                                                        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d47609dd04904d668af39577f971a783&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
                                                                                                                        host: g.bing.com
                                                                                                                        accept-encoding: gzip, deflate
                                                                                                                        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                        cookie: MUID=257676AF9B8969813F1863BC9A4B68C3
                                                                                                                        Response
                                                                                                                        HTTP/2.0 204
                                                                                                                        cache-control: no-cache, must-revalidate
                                                                                                                        pragma: no-cache
                                                                                                                        expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                        set-cookie: MSPTC=8ds0p9Qjhbys4bsHQL_jClMJCPSDJoblEqWXlzEwskg; domain=.bing.com; expires=Mon, 03-Nov-2025 02:36:20 GMT; path=/; Partitioned; secure; SameSite=None
                                                                                                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                        access-control-allow-origin: *
                                                                                                                        x-cache: CONFIG_NOCACHE
                                                                                                                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                        x-msedge-ref: Ref A: DFFAE5B7279D4363B1AC998216EBEAD2 Ref B: LON601060105031 Ref C: 2024-10-09T02:36:20Z
                                                                                                                        date: Wed, 09 Oct 2024 02:36:19 GMT
                                                                                                                      • flag-us
                                                                                                                        GET
                                                                                                                        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d47609dd04904d668af39577f971a783&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
                                                                                                                        Remote address:
                                                                                                                        150.171.28.10:443
                                                                                                                        Request
                                                                                                                        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d47609dd04904d668af39577f971a783&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
                                                                                                                        host: g.bing.com
                                                                                                                        accept-encoding: gzip, deflate
                                                                                                                        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                        cookie: MUID=257676AF9B8969813F1863BC9A4B68C3; MSPTC=8ds0p9Qjhbys4bsHQL_jClMJCPSDJoblEqWXlzEwskg
                                                                                                                        Response
                                                                                                                        HTTP/2.0 204
                                                                                                                        cache-control: no-cache, must-revalidate
                                                                                                                        pragma: no-cache
                                                                                                                        expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                        strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                        access-control-allow-origin: *
                                                                                                                        x-cache: CONFIG_NOCACHE
                                                                                                                        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                        x-msedge-ref: Ref A: 9D59861B29D24D2482D1117424C7104E Ref B: LON601060105031 Ref C: 2024-10-09T02:36:20Z
                                                                                                                        date: Wed, 09 Oct 2024 02:36:19 GMT
                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        205.47.74.20.in-addr.arpa
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        205.47.74.20.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        Response
                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        95.221.229.192.in-addr.arpa
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        95.221.229.192.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        Response
                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        56.163.245.4.in-addr.arpa
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        56.163.245.4.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        Response
                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        18.31.95.13.in-addr.arpa
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        18.31.95.13.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        Response
                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        172.214.232.199.in-addr.arpa
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        172.214.232.199.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        Response
                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        0.204.248.87.in-addr.arpa
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        0.204.248.87.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        Response
                                                                                                                        0.204.248.87.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        https-87-248-204-0lhrllnwnet
                                                                                                                      • flag-us
                                                                                                                        DNS
                                                                                                                        43.229.111.52.in-addr.arpa
                                                                                                                        Remote address:
                                                                                                                        8.8.8.8:53
                                                                                                                        Request
                                                                                                                        43.229.111.52.in-addr.arpa
                                                                                                                        IN PTR
                                                                                                                        Response
                                                                                                                      • 150.171.28.10:443
                                                                                                                        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d47609dd04904d668af39577f971a783&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
                                                                                                                        tls, http2
                                                                                                                        2.2kB
                                                                                                                         9.4kB
                                                                                                                         22
                                                                                                                        19

                                                                                                                        HTTP Request

                                                                                                                        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d47609dd04904d668af39577f971a783&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

                                                                                                                        HTTP Response

                                                                                                                        204

                                                                                                                        HTTP Request

                                                                                                                        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d47609dd04904d668af39577f971a783&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

                                                                                                                        HTTP Response

                                                                                                                        204

                                                                                                                        HTTP Request

                                                                                                                        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d47609dd04904d668af39577f971a783&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

                                                                                                                        HTTP Response

                                                                                                                        204
                                                                                                                      • 8.8.8.8:53
                                                                                                                        8.8.8.8.in-addr.arpa
                                                                                                                        dns
                                                                                                                        66 B
                                                                                                                         90 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        8.8.8.8.in-addr.arpa

                                                                                                                      • 8.8.8.8:53
                                                                                                                        68.159.190.20.in-addr.arpa
                                                                                                                        dns
                                                                                                                        72 B
                                                                                                                         158 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        68.159.190.20.in-addr.arpa

                                                                                                                      • 8.8.8.8:53
                                                                                                                        240.221.184.93.in-addr.arpa
                                                                                                                        dns
                                                                                                                        73 B
                                                                                                                         144 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        240.221.184.93.in-addr.arpa

                                                                                                                      • 8.8.8.8:53
                                                                                                                        g.bing.com
                                                                                                                        dns
                                                                                                                        56 B
                                                                                                                         148 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        g.bing.com

                                                                                                                        DNS Response

                                                                                                                        150.171.28.10
                                                                                                                        150.171.27.10

                                                                                                                      • 8.8.8.8:53
                                                                                                                        205.47.74.20.in-addr.arpa
                                                                                                                        dns
                                                                                                                        71 B
                                                                                                                         157 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        205.47.74.20.in-addr.arpa

                                                                                                                      • 8.8.8.8:53
                                                                                                                        95.221.229.192.in-addr.arpa
                                                                                                                        dns
                                                                                                                        73 B
                                                                                                                         144 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        95.221.229.192.in-addr.arpa

                                                                                                                      • 8.8.8.8:53
                                                                                                                        56.163.245.4.in-addr.arpa
                                                                                                                        dns
                                                                                                                        71 B
                                                                                                                         157 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        56.163.245.4.in-addr.arpa

                                                                                                                      • 8.8.8.8:53
                                                                                                                        18.31.95.13.in-addr.arpa
                                                                                                                        dns
                                                                                                                        70 B
                                                                                                                         144 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        18.31.95.13.in-addr.arpa

                                                                                                                      • 8.8.8.8:53
                                                                                                                        172.214.232.199.in-addr.arpa
                                                                                                                        dns
                                                                                                                        74 B
                                                                                                                         128 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        172.214.232.199.in-addr.arpa

                                                                                                                      • 8.8.8.8:53
                                                                                                                        0.204.248.87.in-addr.arpa
                                                                                                                        dns
                                                                                                                        71 B
                                                                                                                         116 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        0.204.248.87.in-addr.arpa

                                                                                                                      • 8.8.8.8:53
                                                                                                                        43.229.111.52.in-addr.arpa
                                                                                                                        dns
                                                                                                                        72 B
                                                                                                                         158 B
                                                                                                                         1
                                                                                                                        1

                                                                                                                        DNS Request

                                                                                                                        43.229.111.52.in-addr.arpa

                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                      Replay Monitor

                                                                                                                      Loading Replay Monitor...

                                                                                                                      Downloads

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                        Filesize

                                                                                                                        2KB

                                                                                                                        MD5

                                                                                                                        079a86a5e49485c10736236752adb193

                                                                                                                        SHA1

                                                                                                                        86e14fe34bfcc50f767845a6b33cabd18f137fb6

                                                                                                                        SHA256

                                                                                                                        bfbb3df42775f78870dd26ba1cbe2aaba4aa3ad7018ebe1370cb9046c9a9cf5a

                                                                                                                        SHA512

                                                                                                                        937e5a4306287b5f2b3120de7d7ba5648dcce4cff9a0c8a712971940c39b097614349de15637a8a55e47a4cce40667f77994dba9353cf5820b0e4efa8bcadce7

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133729149862945357.txt
                                                                                                                        Filesize

                                                                                                                        74KB

                                                                                                                        MD5

                                                                                                                        96dbd897cbc31cb6fe58392335a3edfc

                                                                                                                        SHA1

                                                                                                                        3f25319247f52b541bb88da48ae5a2900589be6d

                                                                                                                        SHA256

                                                                                                                        faebddad2b0c7381edd2640d100869c600687e2cbbbe0afd13f4ed67a6ed2ea6

                                                                                                                        SHA512

                                                                                                                        68f0983f9d394c3dd13dc468842f6be2509a139684e61c2ac04ff51a9bf3eaf41e6e2159b26084a803f2787c46787a6ce52094fe90d8517e9351a72d7db3faf9

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2CFNWDLC\microsoft.windows[1].xml
                                                                                                                        Filesize

                                                                                                                        97B

                                                                                                                        MD5

                                                                                                                        539db492f33fccee9be530dd0bf34a46

                                                                                                                        SHA1

                                                                                                                        650b2a3583d6c9499b4ed73e9a5dca37f342a50e

                                                                                                                        SHA256

                                                                                                                        f6d425aad05b46e77b53e5737c85f4ceab6531e773ea87eb985754be5ec19999

                                                                                                                        SHA512

                                                                                                                        9328f2fa286b4a9ca6ae57ddd9fca0b1140e5f68a5e143fd8ae6ea212a1af5d7b6b2289c324fa9480ca8d2e6d3b0cf7115611a56a3a161c5ad2f988f6ae62a0a

                                                                                                                        Download Submit

                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_azl2eb3a.bbo.ps1
                                                                                                                        Filesize

                                                                                                                        60B

                                                                                                                        MD5

                                                                                                                        d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                        SHA1

                                                                                                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                        SHA256

                                                                                                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                        SHA512

                                                                                                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                        Download Submit

                                                                                                                      • memory/452-633-0x000002259E3B0000-0x000002259E3D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/452-628-0x000002259D250000-0x000002259D350000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/452-641-0x000002259E370000-0x000002259E390000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/452-652-0x000002259E780000-0x000002259E7A0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1020-343-0x000001FEC03F0000-0x000001FEC0410000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1020-340-0x000001FEBF300000-0x000001FEBF400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/1020-339-0x000001FEBF300000-0x000001FEBF400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/1020-338-0x000001FEBF300000-0x000001FEBF400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/1020-365-0x000001FEC07C0000-0x000001FEC07E0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1020-353-0x000001FEC03B0000-0x000001FEC03D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/1092-23-0x00000000046C0000-0x00000000046C1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/1964-918-0x00000000048C0000-0x00000000048C1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/1972-1070-0x0000000004A40000-0x0000000004A41000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2192-19-0x00007FF9E2A90000-0x00007FF9E3551000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/2192-20-0x00007FF9E2A90000-0x00007FF9E3551000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/2192-13-0x000001E36BA60000-0x000001E36BA8A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/2192-10-0x000001E36B670000-0x000001E36B692000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        136KB

                                                                                                                        Download

                                                                                                                      • memory/2192-0-0x00007FF9E2A93000-0x00007FF9E2A95000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        8KB

                                                                                                                        Download

                                                                                                                      • memory/2192-11-0x00007FF9E2A90000-0x00007FF9E3551000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/2192-12-0x00007FF9E2A90000-0x00007FF9E3551000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/2192-14-0x000001E36BA60000-0x000001E36BA84000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        144KB

                                                                                                                        Download

                                                                                                                      • memory/2192-15-0x00007FF9E2A90000-0x00007FF9E3551000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/2192-17-0x00007FF9E2A90000-0x00007FF9E3551000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/2192-18-0x00007FF9E2A90000-0x00007FF9E3551000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/2640-192-0x0000000003FA0000-0x0000000003FA1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/2796-780-0x0000000004670000-0x0000000004671000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/3012-1364-0x00000000041D0000-0x00000000041D1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/3176-336-0x00000000032D0000-0x00000000032D1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/3472-481-0x0000000004690000-0x0000000004691000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/3584-231-0x0000023094F80000-0x0000023094FA0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3584-200-0x0000023094BB0000-0x0000023094BD0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3584-210-0x0000023094B70000-0x0000023094B90000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3584-194-0x0000023093A50000-0x0000023093B50000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/3664-484-0x0000021BDC300000-0x0000021BDC400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/3664-488-0x0000021BDD3E0000-0x0000021BDD400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3664-485-0x0000021BDC300000-0x0000021BDC400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/3664-483-0x0000021BDC300000-0x0000021BDC400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/3664-511-0x0000021BDD7B0000-0x0000021BDD7D0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/3664-500-0x0000021BDD3A0000-0x0000021BDD3C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4212-36-0x00000247BDD30000-0x00000247BDD50000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4212-26-0x00000247BCC00000-0x00000247BCD00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4212-25-0x00000247BCC00000-0x00000247BCD00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4212-30-0x00000247BDD70000-0x00000247BDD90000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4212-61-0x00000247BE140000-0x00000247BE160000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4448-1077-0x0000027A95B60000-0x0000027A95B80000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4448-1089-0x0000027A95B20000-0x0000027A95B40000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4448-1100-0x0000027A95F20000-0x0000027A95F40000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4448-1072-0x0000027293A00000-0x0000027293B00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4448-1074-0x0000027293A00000-0x0000027293B00000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4456-1220-0x0000027E02300000-0x0000027E02400000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4456-1225-0x0000027E034D0000-0x0000027E034F0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4456-1237-0x0000027E03490000-0x0000027E034B0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4456-1248-0x0000027E038A0000-0x0000027E038C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4796-957-0x000001BEE4280000-0x000001BEE42A0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4796-926-0x000001BEE3CA0000-0x000001BEE3CC0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4796-939-0x000001BEE3C60000-0x000001BEE3C80000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/4820-1367-0x000002129AE20000-0x000002129AF20000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/4824-1219-0x00000000043D0000-0x00000000043D1000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/5032-786-0x00000205A2320000-0x00000205A2340000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/5032-781-0x00000205A1200000-0x00000205A1300000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/5032-794-0x00000205A1FD0000-0x00000205A1FF0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/5032-782-0x00000205A1200000-0x00000205A1300000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1024KB

                                                                                                                        Download

                                                                                                                      • memory/5032-806-0x00000205A26E0000-0x00000205A2700000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        128KB

                                                                                                                        Download

                                                                                                                      • memory/5072-626-0x0000000004550000-0x0000000004551000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      We care about your privacy.

                                                                                                                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.