Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    59s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/01/2025, 06:20 UTC

General

  • Target

    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe

  • Size

    295KB

  • MD5

    4f2ded81344b208850afebb3092622fe

  • SHA1

    eb8e3c039ac7f6facd483be98f578007d4d6a5b3

  • SHA256

    1ad4ff82cd60f22aabff678bfe7718aa86a43a284e4ab553c9357393d2f741b7

  • SHA512

    65d040e3744e1acf45097014e25e81ba9c51c165bc7f23b4cbbeb079d13d353243a1469e29ab2f087ff50e556cbb56ed3d1dc7d17c80432acacdfae705796c63

  • SSDEEP

    6144:16liWR03uny49Jw8+b8d+4dhxbzalDaMXkaMydzch4RmNkSrWoyCkeW+s:16jWJ49Jw9b8k4dhJax/kajyh44/2e

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

  • Cycbot family
  • Detects Cycbot payload 6 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Modifies security service 2 TTPs 1 IoCs
  • Pony family
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 9 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Disables taskbar notifications via registry modification
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2796
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe startC:\Users\Admin\AppData\Roaming\A9017\3CE00.exe%C:\Users\Admin\AppData\Roaming\A9017
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4800
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe startC:\Program Files (x86)\173BB\lvvm.exe%C:\Program Files (x86)\173BB
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3948
    • C:\Program Files (x86)\LP\00BA\3767.tmp
      "C:\Program Files (x86)\LP\00BA\3767.tmp"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:436
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4996
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1360
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4856
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3948
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:404
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4380
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2052
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:688
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1756
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1176
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:628
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3544
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2864
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2364
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:800
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3152
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4272
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1060
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4228
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4924
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1612
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2404
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5000
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:1008
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2864
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2260
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:8
    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
      1⤵
        PID:4356
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:3748
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:4992
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:3976
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:616
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:2356
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:800
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:4348
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:3436
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:400
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:444
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:1664
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:3116
                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                1⤵
                                  PID:4060
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:2828
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:1008
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:2372
                                      • C:\Windows\explorer.exe
                                        explorer.exe
                                        1⤵
                                          PID:744
                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                          1⤵
                                            PID:2548
                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                            1⤵
                                              PID:2696
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:1460
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:628
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:740
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:380
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:4960
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:1888
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:3276
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:1664
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:4176
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:1168
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:4804
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                    1⤵
                                                                      PID:1988
                                                                    • C:\Windows\explorer.exe
                                                                      explorer.exe
                                                                      1⤵
                                                                        PID:4144
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                          PID:4524
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                          1⤵
                                                                            PID:2632
                                                                          • C:\Windows\explorer.exe
                                                                            explorer.exe
                                                                            1⤵
                                                                              PID:4576
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                              1⤵
                                                                                PID:2832
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                1⤵
                                                                                  PID:5036
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:384
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:2984
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:2596
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:800
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:388
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:4028
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:4732
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:3640
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:3268
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:1548
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:5108
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:3976
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:2964
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:3932
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:4264
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:4992
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:4376

                                                                                                                  Network

                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    180.129.81.91.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    180.129.81.91.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    97.17.167.52.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    97.17.167.52.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    167.173.78.104.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    167.173.78.104.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                    167.173.78.104.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    a104-78-173-167deploystaticakamaitechnologiescom
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    evcs-ocsp.ws.symantec.com
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    evcs-ocsp.ws.symantec.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                    evcs-ocsp.ws.symantec.com
                                                                                                                    IN CNAME
                                                                                                                    mpki-ocsp.digicert.com
                                                                                                                    mpki-ocsp.digicert.com
                                                                                                                    IN CNAME
                                                                                                                    mpki-ocsp.edge.digicert.com
                                                                                                                    mpki-ocsp.edge.digicert.com
                                                                                                                    IN CNAME
                                                                                                                    pki-ocsp.digicert.com.edgekey.net
                                                                                                                    pki-ocsp.digicert.com.edgekey.net
                                                                                                                    IN CNAME
                                                                                                                    e3782.cd.akamaiedge.net
                                                                                                                    e3782.cd.akamaiedge.net
                                                                                                                    IN A
                                                                                                                    104.78.173.45
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                                                    Remote address:
                                                                                                                    104.78.173.45:80
                                                                                                                    Request
                                                                                                                    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Microsoft-CryptoAPI/10.0
                                                                                                                    Host: evcs-ocsp.ws.symantec.com
                                                                                                                    Response
                                                                                                                    HTTP/1.1 200 OK
                                                                                                                    Content-Type: application/ocsp-response
                                                                                                                    Content-Length: 5
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Cache-Control: public, max-age=210
                                                                                                                    Date: Wed, 15 Jan 2025 06:20:55 GMT
                                                                                                                    Connection: keep-alive
                                                                                                                    Server-Timing: cdn-cache; desc=HIT
                                                                                                                    Server-Timing: edge; dur=1
                                                                                                                    Akamai-GRN: 0.ce3e1202.1736922055.137aac70
                                                                                                                    Server-Timing: ak_p; desc="1736922055236_34750158_326806640_7_482_27_0_-";dur=1
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                                                    Remote address:
                                                                                                                    104.78.173.45:80
                                                                                                                    Request
                                                                                                                    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D HTTP/1.1
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Pragma: no-cache
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Microsoft-CryptoAPI/10.0
                                                                                                                    Host: evcs-ocsp.ws.symantec.com
                                                                                                                    Response
                                                                                                                    HTTP/1.1 200 OK
                                                                                                                    Content-Type: application/ocsp-response
                                                                                                                    Content-Length: 5
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Cache-Control: public, max-age=210
                                                                                                                    Date: Wed, 15 Jan 2025 06:20:55 GMT
                                                                                                                    Connection: keep-alive
                                                                                                                    Server-Timing: cdn-cache; desc=HIT
                                                                                                                    Server-Timing: edge; dur=1
                                                                                                                    Akamai-GRN: 0.ce3e1202.1736922055.137aac71
                                                                                                                    Server-Timing: ak_p; desc="1736922055267_34750158_326806641_36_341_27_0_-";dur=1
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    evcs-crl.ws.symantec.com
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    evcs-crl.ws.symantec.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                    evcs-crl.ws.symantec.com
                                                                                                                    IN CNAME
                                                                                                                    crl-symcprod.digicert.com
                                                                                                                    crl-symcprod.digicert.com
                                                                                                                    IN CNAME
                                                                                                                    mpki-crl.edge.digicert.com
                                                                                                                    mpki-crl.edge.digicert.com
                                                                                                                    IN CNAME
                                                                                                                    pki-ocsp.digicert.com.edgekey.net
                                                                                                                    pki-ocsp.digicert.com.edgekey.net
                                                                                                                    IN CNAME
                                                                                                                    e3782.cd.akamaiedge.net
                                                                                                                    e3782.cd.akamaiedge.net
                                                                                                                    IN A
                                                                                                                    104.78.173.45
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://evcs-crl.ws.symantec.com/evcs.crl
                                                                                                                    Remote address:
                                                                                                                    104.78.173.45:80
                                                                                                                    Request
                                                                                                                    GET /evcs.crl HTTP/1.1
                                                                                                                    Cache-Control: max-age = 3600
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    If-Modified-Since: Mon, 07 Oct 2024 08:46:45 GMT
                                                                                                                    User-Agent: Microsoft-CryptoAPI/10.0
                                                                                                                    Host: evcs-crl.ws.symantec.com
                                                                                                                    Response
                                                                                                                    HTTP/1.1 200 OK
                                                                                                                    Content-Type: application/pkix-crl
                                                                                                                    Content-Length: 1859
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Cache-Control: public, max-age=3079
                                                                                                                    Date: Wed, 15 Jan 2025 06:20:55 GMT
                                                                                                                    Connection: keep-alive
                                                                                                                    Server-Timing: cdn-cache; desc=HIT
                                                                                                                    Server-Timing: edge; dur=1
                                                                                                                    Akamai-GRN: 0.ce3e1202.1736922055.137aad5d
                                                                                                                    Server-Timing: ak_p; desc="1736922055359_34750158_326806877_11_610_27_0_-";dur=1
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    45.173.78.104.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    45.173.78.104.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                    45.173.78.104.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    a104-78-173-45deploystaticakamaitechnologiescom
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    patentgenius.com
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    patentgenius.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                    patentgenius.com
                                                                                                                    IN A
                                                                                                                    208.91.197.27
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    dx9c-l.wwwmediahosts.com
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    dx9c-l.wwwmediahosts.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    GET
                                                                                                                    http://patentgenius.com/132.gif?sv=519&tq=gHZutDyMv5rJeCG1J8K%2B1MWCJbP4lltXIA%3D%3D
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    Remote address:
                                                                                                                    208.91.197.27:80
                                                                                                                    Request
                                                                                                                    GET /132.gif?sv=519&tq=gHZutDyMv5rJeCG1J8K%2B1MWCJbP4lltXIA%3D%3D HTTP/1.0
                                                                                                                    Connection: close
                                                                                                                    Host: patentgenius.com
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: chrome/9.0
                                                                                                                    Response
                                                                                                                    HTTP/1.1 403 Forbidden
                                                                                                                    Date: Wed, 15 Jan 2025 06:20:55 GMT
                                                                                                                    Server: Apache
                                                                                                                    Referrer-Policy: no-referrer-when-downgrade
                                                                                                                    Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                    Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                    Content-Length: 302
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Connection: close
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    27.197.91.208.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    27.197.91.208.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    27.197.91.208.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    27.197.91.208.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    27.197.91.208.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    27.197.91.208.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    232.168.11.51.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    232.168.11.51.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    6p-6.wwwmediahosts.com
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    6p-6.wwwmediahosts.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    8597zd9d7v.firoli-sys.com
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    8597zd9d7v.firoli-sys.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    x8unv.wwwmediahosts.com
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    x8unv.wwwmediahosts.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    50.23.12.20.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    50.23.12.20.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    171.39.242.20.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    171.39.242.20.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    134.130.81.91.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    134.130.81.91.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    TRANSERSDATAFORME.COM
                                                                                                                    3767.tmp
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    TRANSERSDATAFORME.COM
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    www.google.com
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    www.google.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                    www.google.com
                                                                                                                    IN A
                                                                                                                    142.250.187.196
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://www.google.com/
                                                                                                                    Remote address:
                                                                                                                    142.250.187.196:80
                                                                                                                    Request
                                                                                                                    GET / HTTP/1.0
                                                                                                                    Connection: close
                                                                                                                    Host: www.google.com
                                                                                                                    Accept: */*
                                                                                                                    Response
                                                                                                                    HTTP/1.0 302 Found
                                                                                                                    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGISonbwGIjB6t5EG1fG4GueYxAyS1F3Tznt3lwp4BiNv46S2BV360VEVO2B9Swr9XpYRWP62xWwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                    x-hallmonitor-challenge: CgwIhKidvAYQ7rCvlwISBLXXsFM
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-ASwAZ1mwthzG2rdtdEYtNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                    Date: Wed, 15 Jan 2025 06:21:56 GMT
                                                                                                                    Server: gws
                                                                                                                    Content-Length: 396
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Set-Cookie: AEC=AZ6Zc-UZdVZZgUYh-pwIhWDblAPU4Q7SNUyoIDrZvL1yqQkH9Ng8tBryUiQ; expires=Mon, 14-Jul-2025 06:21:56 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    196.187.250.142.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    196.187.250.142.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                    196.187.250.142.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    lhr25s33-in-f41e100net
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://www.google.com/
                                                                                                                    Remote address:
                                                                                                                    142.250.187.196:80
                                                                                                                    Request
                                                                                                                    GET / HTTP/1.1
                                                                                                                    Connection: close
                                                                                                                    Pragma: no-cache
                                                                                                                    Host: www.google.com
                                                                                                                    Response
                                                                                                                    HTTP/1.1 302 Found
                                                                                                                    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGISonbwGIjB6t5EG1fG4GueYxAyS1F3Tznt3lwp4BiNv46S2BV360VEVO2B9Swr9XpYRWP62xWwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                    x-hallmonitor-challenge: CgwIhaidvAYQp7PwyAESBLXXsFM
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-PEVU1YxFYBFdvbEU-tp0Dg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                    Date: Wed, 15 Jan 2025 06:21:57 GMT
                                                                                                                    Server: gws
                                                                                                                    Content-Length: 396
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Set-Cookie: AEC=AZ6Zc-UcXSS_8ZGHBF_nVPJ-NopDIdKi76DteR6iEKINn83LggtqM5DLlw; expires=Mon, 14-Jul-2025 06:21:57 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                    Connection: close
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGISonbwGIjB6t5EG1fG4GueYxAyS1F3Tznt3lwp4BiNv46S2BV360VEVO2B9Swr9XpYRWP62xWwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                    Remote address:
                                                                                                                    142.250.187.196:80
                                                                                                                    Request
                                                                                                                    GET /sorry/index?continue=http://www.google.com/&q=EgS117BTGISonbwGIjB6t5EG1fG4GueYxAyS1F3Tznt3lwp4BiNv46S2BV360VEVO2B9Swr9XpYRWP62xWwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                    Connection: close
                                                                                                                    Pragma: no-cache
                                                                                                                    Host: www.google.com
                                                                                                                    Response
                                                                                                                    HTTP/1.1 429 Too Many Requests
                                                                                                                    Date: Wed, 15 Jan 2025 06:21:57 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                    Content-Type: text/html
                                                                                                                    Server: HTTP server (unknown)
                                                                                                                    Content-Length: 3075
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Connection: close
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    29.243.111.52.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    29.243.111.52.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • 104.78.173.45:80
                                                                                                                    http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                                                    http
                                                                                                                    843 B
                                                                                                                    1.2kB
                                                                                                                    7
                                                                                                                    6

                                                                                                                    HTTP Request

                                                                                                                    GET http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D

                                                                                                                    HTTP Response

                                                                                                                    200

                                                                                                                    HTTP Request

                                                                                                                    GET http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D

                                                                                                                    HTTP Response

                                                                                                                    200
                                                                                                                  • 104.78.173.45:80
                                                                                                                    http://evcs-crl.ws.symantec.com/evcs.crl
                                                                                                                    http
                                                                                                                    490 B
                                                                                                                    2.5kB
                                                                                                                    6
                                                                                                                    5

                                                                                                                    HTTP Request

                                                                                                                    GET http://evcs-crl.ws.symantec.com/evcs.crl

                                                                                                                    HTTP Response

                                                                                                                    200
                                                                                                                  • 208.91.197.27:80
                                                                                                                    http://patentgenius.com/132.gif?sv=519&tq=gHZutDyMv5rJeCG1J8K%2B1MWCJbP4lltXIA%3D%3D
                                                                                                                    http
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    388 B
                                                                                                                    1.1kB
                                                                                                                    5
                                                                                                                    4

                                                                                                                    HTTP Request

                                                                                                                    GET http://patentgenius.com/132.gif?sv=519&tq=gHZutDyMv5rJeCG1J8K%2B1MWCJbP4lltXIA%3D%3D

                                                                                                                    HTTP Response

                                                                                                                    403
                                                                                                                  • 127.0.0.1:65111
                                                                                                                    explorer.exe
                                                                                                                  • 127.0.0.1:65111
                                                                                                                  • 142.250.187.196:80
                                                                                                                    http://www.google.com/
                                                                                                                    http
                                                                                                                    302 B
                                                                                                                    1.5kB
                                                                                                                    5
                                                                                                                    5

                                                                                                                    HTTP Request

                                                                                                                    GET http://www.google.com/

                                                                                                                    HTTP Response

                                                                                                                    302
                                                                                                                  • 142.250.187.196:80
                                                                                                                    http://www.google.com/
                                                                                                                    http
                                                                                                                    307 B
                                                                                                                    1.5kB
                                                                                                                    5
                                                                                                                    5

                                                                                                                    HTTP Request

                                                                                                                    GET http://www.google.com/

                                                                                                                    HTTP Response

                                                                                                                    302
                                                                                                                  • 142.250.187.196:80
                                                                                                                    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGISonbwGIjB6t5EG1fG4GueYxAyS1F3Tznt3lwp4BiNv46S2BV360VEVO2B9Swr9XpYRWP62xWwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                    http
                                                                                                                    526 B
                                                                                                                    3.7kB
                                                                                                                    6
                                                                                                                    7

                                                                                                                    HTTP Request

                                                                                                                    GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGISonbwGIjB6t5EG1fG4GueYxAyS1F3Tznt3lwp4BiNv46S2BV360VEVO2B9Swr9XpYRWP62xWwyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

                                                                                                                    HTTP Response

                                                                                                                    429
                                                                                                                  • 8.8.8.8:53
                                                                                                                    180.129.81.91.in-addr.arpa
                                                                                                                    dns
                                                                                                                    72 B
                                                                                                                    147 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    180.129.81.91.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    97.17.167.52.in-addr.arpa
                                                                                                                    dns
                                                                                                                    71 B
                                                                                                                    145 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    97.17.167.52.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    167.173.78.104.in-addr.arpa
                                                                                                                    dns
                                                                                                                    73 B
                                                                                                                    139 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    167.173.78.104.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    evcs-ocsp.ws.symantec.com
                                                                                                                    dns
                                                                                                                    71 B
                                                                                                                    230 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    evcs-ocsp.ws.symantec.com

                                                                                                                    DNS Response

                                                                                                                    104.78.173.45

                                                                                                                  • 8.8.8.8:53
                                                                                                                    evcs-crl.ws.symantec.com
                                                                                                                    dns
                                                                                                                    70 B
                                                                                                                    231 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    evcs-crl.ws.symantec.com

                                                                                                                    DNS Response

                                                                                                                    104.78.173.45

                                                                                                                  • 8.8.8.8:53
                                                                                                                    45.173.78.104.in-addr.arpa
                                                                                                                    dns
                                                                                                                    72 B
                                                                                                                    137 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    45.173.78.104.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    patentgenius.com
                                                                                                                    dns
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    62 B
                                                                                                                    78 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    patentgenius.com

                                                                                                                    DNS Response

                                                                                                                    208.91.197.27

                                                                                                                  • 8.8.8.8:53
                                                                                                                    dx9c-l.wwwmediahosts.com
                                                                                                                    dns
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    70 B
                                                                                                                    143 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    dx9c-l.wwwmediahosts.com

                                                                                                                  • 224.0.0.251:5353
                                                                                                                    168 B
                                                                                                                    3
                                                                                                                  • 8.8.8.8:53
                                                                                                                    27.197.91.208.in-addr.arpa
                                                                                                                    dns
                                                                                                                    216 B
                                                                                                                    216 B
                                                                                                                    3
                                                                                                                    3

                                                                                                                    DNS Request

                                                                                                                    27.197.91.208.in-addr.arpa

                                                                                                                    DNS Request

                                                                                                                    27.197.91.208.in-addr.arpa

                                                                                                                    DNS Request

                                                                                                                    27.197.91.208.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    232.168.11.51.in-addr.arpa
                                                                                                                    dns
                                                                                                                    72 B
                                                                                                                    158 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    232.168.11.51.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    6p-6.wwwmediahosts.com
                                                                                                                    dns
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    68 B
                                                                                                                    141 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    6p-6.wwwmediahosts.com

                                                                                                                  • 8.8.8.8:53
                                                                                                                    8597zd9d7v.firoli-sys.com
                                                                                                                    dns
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    71 B
                                                                                                                    144 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    8597zd9d7v.firoli-sys.com

                                                                                                                  • 8.8.8.8:53
                                                                                                                    x8unv.wwwmediahosts.com
                                                                                                                    dns
                                                                                                                    JaffaCakes118_4f2ded81344b208850afebb3092622fe.exe
                                                                                                                    69 B
                                                                                                                    142 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    x8unv.wwwmediahosts.com

                                                                                                                  • 8.8.8.8:53
                                                                                                                    50.23.12.20.in-addr.arpa
                                                                                                                    dns
                                                                                                                    70 B
                                                                                                                    156 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    50.23.12.20.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    171.39.242.20.in-addr.arpa
                                                                                                                    dns
                                                                                                                    72 B
                                                                                                                    158 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    171.39.242.20.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    134.130.81.91.in-addr.arpa
                                                                                                                    dns
                                                                                                                    72 B
                                                                                                                    147 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    134.130.81.91.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    TRANSERSDATAFORME.COM
                                                                                                                    dns
                                                                                                                    3767.tmp
                                                                                                                    67 B
                                                                                                                    140 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    TRANSERSDATAFORME.COM

                                                                                                                  • 8.8.8.8:53
                                                                                                                    www.google.com
                                                                                                                    dns
                                                                                                                    60 B
                                                                                                                    76 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    www.google.com

                                                                                                                    DNS Response

                                                                                                                    142.250.187.196

                                                                                                                  • 8.8.8.8:53
                                                                                                                    196.187.250.142.in-addr.arpa
                                                                                                                    dns
                                                                                                                    74 B
                                                                                                                    112 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    196.187.250.142.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    29.243.111.52.in-addr.arpa
                                                                                                                    dns
                                                                                                                    72 B
                                                                                                                    158 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    29.243.111.52.in-addr.arpa

                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                  Replay Monitor

                                                                                                                  Loading Replay Monitor...

                                                                                                                  Downloads

                                                                                                                  • C:\Program Files (x86)\LP\00BA\3767.tmp

                                                                                                                    Filesize

                                                                                                                    104KB

                                                                                                                    MD5

                                                                                                                    b8ae4687d11bf9c1cb3b5950d665d8d6

                                                                                                                    SHA1

                                                                                                                    20d438cf648a53e9db25483d5d9350a9ac91f43e

                                                                                                                    SHA256

                                                                                                                    5cec021da894b89fb5d6203683c8596b4d28e3bf1efbd8e1f5793cbe445c32b6

                                                                                                                    SHA512

                                                                                                                    ea47e2dc5aff41443a02424cb0c60bf51320665d82b79ca31876e5f4368878786979fb3e2f7f940145312c38565fc62bcfc223d4536e0555835bfc3e4895146f

                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                    Filesize

                                                                                                                    471B

                                                                                                                    MD5

                                                                                                                    e71669bd6a9e74a156ac933b670362c4

                                                                                                                    SHA1

                                                                                                                    e9de4d9084739759348ab9da8f7d415f437571a2

                                                                                                                    SHA256

                                                                                                                    1688ce51440d686498eb53bdd725952c998ad20ed53b646434a835224381708a

                                                                                                                    SHA512

                                                                                                                    003dc287c29c988a7d75aca7e822d6067992da25391687e6caf08c259e0bd3025055dd0713e810c425775435ba92a5dd6dc44e4cd13c51e975432ca010356673

                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                    Filesize

                                                                                                                    412B

                                                                                                                    MD5

                                                                                                                    ba360a27a08039d1c0d5b55d64d62a0e

                                                                                                                    SHA1

                                                                                                                    032810161c03df604546c8c867aa5e23c8c9537f

                                                                                                                    SHA256

                                                                                                                    b16f65dbe4050dcdf05d9034185c5bed759ba5eaafbea6712f28c6f11962d7e5

                                                                                                                    SHA512

                                                                                                                    ad0c90eded6224007cc406bf88e0b9f4b6f6cbaeb0a54f5746cd7056ca6f6286c801cf087110e5865ea018a77c17f32abf4e172c14a3bd9e8152684c64ece70f

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                    Filesize

                                                                                                                    2KB

                                                                                                                    MD5

                                                                                                                    ec80c72648a95c99c3b2814a41e7c523

                                                                                                                    SHA1

                                                                                                                    2ecd856a50ad61f9295c5169013cd890986b42de

                                                                                                                    SHA256

                                                                                                                    713c67752bdd8051b3b912db305993b38f48125271455dcc2025c886795052d3

                                                                                                                    SHA512

                                                                                                                    810e06f172a86c76e38658baef03c0cb5404a29f74b6da733df9e7b716d183403c248c6b2283535a7fa529af08c41444ad4a9599ea457d795d31afadd4f4e075

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15

                                                                                                                    Filesize

                                                                                                                    36KB

                                                                                                                    MD5

                                                                                                                    0e2a09c8b94747fa78ec836b5711c0c0

                                                                                                                    SHA1

                                                                                                                    92495421ad887f27f53784c470884802797025ad

                                                                                                                    SHA256

                                                                                                                    0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                                                                                                                    SHA512

                                                                                                                    61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer

                                                                                                                    Filesize

                                                                                                                    36KB

                                                                                                                    MD5

                                                                                                                    ab0262f72142aab53d5402e6d0cb5d24

                                                                                                                    SHA1

                                                                                                                    eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                                                                                                                    SHA256

                                                                                                                    20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                                                                                                                    SHA512

                                                                                                                    bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1QK7O5FT\microsoft.windows[1].xml

                                                                                                                    Filesize

                                                                                                                    97B

                                                                                                                    MD5

                                                                                                                    d999f65105ba511b9a85c92595366aa5

                                                                                                                    SHA1

                                                                                                                    acd1800ccb77d1ed5bf43fd29c05fbcdd9d14adb

                                                                                                                    SHA256

                                                                                                                    626774fae7cf7de253841c4d2244fa2a50cc4a5abf5cb2d2006afd836412ba5a

                                                                                                                    SHA512

                                                                                                                    c793a44c17918e30348fe2b836bfbcf0edacb4f76b99f6dc6a67d8047cfbd2079645a853500e9520b202883f8cce2433690406edf47b08cf334272df6c4c60f9

                                                                                                                  • C:\Users\Admin\AppData\Roaming\A9017\73BB.901

                                                                                                                    Filesize

                                                                                                                    996B

                                                                                                                    MD5

                                                                                                                    d95623fd2f348f330b7529adbe07cc3f

                                                                                                                    SHA1

                                                                                                                    bdf8be680c1f8b351860b02f600064aba584c456

                                                                                                                    SHA256

                                                                                                                    e5f317765fdbc80767a5f33655d5768cad6b7f2b8f7c96842f26a6c0e09f1fab

                                                                                                                    SHA512

                                                                                                                    bfe728cf5d611671a7c3afc7747bd22c2f16e958cb99baef0719b15a85b8ac5c97e4e2e0d9c9b699a818fa8bc9247efdb35799ed0fe347db6cd2096c21e02126

                                                                                                                  • C:\Users\Admin\AppData\Roaming\A9017\73BB.901

                                                                                                                    Filesize

                                                                                                                    600B

                                                                                                                    MD5

                                                                                                                    f12dd909f3538511cdfe2d9f6386972c

                                                                                                                    SHA1

                                                                                                                    0d1ae96153e7789608e4f567101f7a1885ae786e

                                                                                                                    SHA256

                                                                                                                    38d5c0d653e07355a3b6a5ebafad02dc776bd1ab99fba47fb8207316f3f6eb7f

                                                                                                                    SHA512

                                                                                                                    679dae987d4b32016123593f66aaa89d3e51a16fc9d946090fb11b99f3bc9b159075b305645db4b8a67ba08fccd9cd8fc94bbfc0372f02bbae72a17373748148

                                                                                                                  • C:\Users\Admin\AppData\Roaming\A9017\73BB.901

                                                                                                                    Filesize

                                                                                                                    1KB

                                                                                                                    MD5

                                                                                                                    259ae00551d5a93660473307744b1676

                                                                                                                    SHA1

                                                                                                                    ad2a021c85d1235e4a2382a8cc7fe278d6a3790d

                                                                                                                    SHA256

                                                                                                                    738fd840953c3614c39f52a9af4561341ae0a71509bac2d6dada578aea7aae11

                                                                                                                    SHA512

                                                                                                                    87ff2151a0bf1ce7c4c4ba75624938889e30ce9357cd6ccfd110cfb7fb716fbfde04e185d80f7ffd467b871949690bcfaded4d71fb37f5aa7e6ca13ef50f3a44

                                                                                                                  • memory/8-1340-0x00000000029E0000-0x00000000029E1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/436-600-0x0000000000400000-0x000000000041D000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    116KB

                                                                                                                  • memory/628-472-0x00000117864F0000-0x0000011786510000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/628-460-0x0000011786530000-0x0000011786550000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/628-455-0x0000011785700000-0x0000011785800000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/628-456-0x0000011785700000-0x0000011785800000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/628-483-0x0000011786B00000-0x0000011786B20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/688-292-0x000002AD95540000-0x000002AD95640000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/688-329-0x000002AD96930000-0x000002AD96950000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/688-328-0x000002AD96520000-0x000002AD96540000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/688-297-0x000002AD96560000-0x000002AD96580000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/800-755-0x0000000004F40000-0x0000000004F41000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/1008-1188-0x0000000004030000-0x0000000004031000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/1060-902-0x00000000048A0000-0x00000000048A1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/1612-1043-0x0000000004080000-0x0000000004081000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/1756-454-0x0000000004090000-0x0000000004091000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/2260-1205-0x00000230BEF20000-0x00000230BEF40000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2260-1190-0x00000230BE000000-0x00000230BE100000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2260-1191-0x00000230BE000000-0x00000230BE100000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2260-1195-0x00000230BEF60000-0x00000230BEF80000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2260-1218-0x00000230BF520000-0x00000230BF540000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2364-604-0x0000011282500000-0x0000011282600000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2364-641-0x00000112838A0000-0x00000112838C0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2364-622-0x0000011283290000-0x00000112832B0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2364-610-0x00000112832D0000-0x00000112832F0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2796-2-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    432KB

                                                                                                                  • memory/2796-11-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    432KB

                                                                                                                  • memory/2796-13-0x0000000000400000-0x0000000000469000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    420KB

                                                                                                                  • memory/2796-601-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    432KB

                                                                                                                  • memory/2796-129-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    432KB

                                                                                                                  • memory/2796-1-0x0000000000400000-0x0000000000469000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    420KB

                                                                                                                  • memory/3544-602-0x0000000002A50000-0x0000000002A51000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/3748-1370-0x000002418B710000-0x000002418B730000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/3748-1342-0x000002418A200000-0x000002418A300000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/3748-1358-0x000002418B300000-0x000002418B320000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/3748-1347-0x000002418B340000-0x000002418B360000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/3948-131-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    432KB

                                                                                                                  • memory/4272-756-0x0000028492C20000-0x0000028492D20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4272-757-0x0000028492C20000-0x0000028492D20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4272-761-0x0000028493980000-0x00000284939A0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4272-787-0x0000028494150000-0x0000028494170000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4272-773-0x0000028493940000-0x0000028493960000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4380-290-0x0000000004270000-0x0000000004271000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/4800-17-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    432KB

                                                                                                                  • memory/4800-15-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    432KB

                                                                                                                  • memory/4800-14-0x0000000000400000-0x000000000046C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    432KB

                                                                                                                  • memory/4924-906-0x00000235C9000000-0x00000235C9100000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4924-909-0x00000235C9F10000-0x00000235C9F30000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4924-938-0x00000235CA4E0000-0x00000235CA500000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4924-923-0x00000235C9ED0000-0x00000235C9EF0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4992-1492-0x00000000049C0000-0x00000000049C1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/5000-1045-0x000001DCA6920000-0x000001DCA6A20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/5000-1044-0x000001DCA6920000-0x000001DCA6A20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/5000-1081-0x000001DCA7E40000-0x000001DCA7E60000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/5000-1049-0x000001DCA7A70000-0x000001DCA7A90000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/5000-1061-0x000001DCA7A30000-0x000001DCA7A50000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  We care about your privacy.

                                                                                                                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.