Analysis

  • max time kernel
    57s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2025, 07:01 UTC

General

  • Target

    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe

  • Size

    276KB

  • MD5

    c095f0aa40c5fd9b02b9bea330bbda19

  • SHA1

    03239597e0f410db60b11c902923e7998531b1a7

  • SHA256

    4fa20cded385460c2406587c3c485b6d892f181a7bfa071370aaaabd01448523

  • SHA512

    c5e0431947968c632fd2b1090339c770515e8cad8d1214206979eef3a04653156f0f9fad4f8f8e6ba194b31fa8c054816d3a3f2e27fe95392b584c8ac6f4a719

  • SSDEEP

    6144:FJa1xHmE4OiqFJ4F9tAS947DJ1RUlyL7Ls0TaQ8eGs1jYJY4mUI:FJWBmE7HFqDmS67um3s0TaQ832Y6

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

  • Cycbot family
  • Detects Cycbot payload 7 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Modifies security service 2 TTPs 1 IoCs
  • Pony family
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 6 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Disables taskbar notifications via registry modification
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 12 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2232
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe startC:\Users\Admin\AppData\Roaming\DB993\9EED3.exe%C:\Users\Admin\AppData\Roaming\DB993
      2⤵
        PID:1608
      • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
        C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe startC:\Program Files (x86)\93243\lvvm.exe%C:\Program Files (x86)\93243
        2⤵
          PID:3556
        • C:\Program Files (x86)\LP\D3AD\F7AE.tmp
          "C:\Program Files (x86)\LP\D3AD\F7AE.tmp"
          2⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:4440
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3988
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2468
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4776
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3656
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1684
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1280
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Suspicious use of SendNotifyMessage
        PID:4672
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4896
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4420
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:4260
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1660
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2376
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:1512
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4740
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2272
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:4444
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4260
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:848
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2984
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:1144
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4416
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:2184
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:4884
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4356
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:468
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4896
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3672
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:1920
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3108
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4788
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:4276
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:932
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:2836
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4960
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:2824
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:2076
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:3116
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:4020
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:4564
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:5088
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:528
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:1196
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:4920
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:5012
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:652
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:876
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:2008
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:3516
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:4860
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:904
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:2348
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4948
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:1092
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:3028
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:4772
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:3032
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:3108
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:4120
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:4948
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:1132
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:4756
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:744
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:2288
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:976
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:2688
                                                                                                    • C:\Windows\explorer.exe
                                                                                                      explorer.exe
                                                                                                      1⤵
                                                                                                        PID:4104
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                        1⤵
                                                                                                          PID:4140
                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                          1⤵
                                                                                                            PID:4884
                                                                                                          • C:\Windows\explorer.exe
                                                                                                            explorer.exe
                                                                                                            1⤵
                                                                                                              PID:652
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                              1⤵
                                                                                                                PID:4868
                                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                1⤵
                                                                                                                  PID:3400
                                                                                                                • C:\Windows\explorer.exe
                                                                                                                  explorer.exe
                                                                                                                  1⤵
                                                                                                                    PID:4684

                                                                                                                  Network

                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    8.8.8.8.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    8.8.8.8.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                    8.8.8.8.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    dnsgoogle
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    97.17.167.52.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    97.17.167.52.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    172.214.232.199.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    172.214.232.199.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    134.32.126.40.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    134.32.126.40.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    7.98.22.2.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    7.98.22.2.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                    7.98.22.2.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    a2-22-98-7deploystaticakamaitechnologiescom
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    evcs-ocsp.ws.symantec.com
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    evcs-ocsp.ws.symantec.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                    evcs-ocsp.ws.symantec.com
                                                                                                                    IN CNAME
                                                                                                                    mpki-ocsp.digicert.com
                                                                                                                    mpki-ocsp.digicert.com
                                                                                                                    IN CNAME
                                                                                                                    mpki-ocsp.edge.digicert.com
                                                                                                                    mpki-ocsp.edge.digicert.com
                                                                                                                    IN CNAME
                                                                                                                    pki-ocsp.digicert.com.edgekey.net
                                                                                                                    pki-ocsp.digicert.com.edgekey.net
                                                                                                                    IN CNAME
                                                                                                                    e3782.cd.akamaiedge.net
                                                                                                                    e3782.cd.akamaiedge.net
                                                                                                                    IN A
                                                                                                                    2.22.142.222
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                                                    Remote address:
                                                                                                                    2.22.142.222:80
                                                                                                                    Request
                                                                                                                    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Microsoft-CryptoAPI/10.0
                                                                                                                    Host: evcs-ocsp.ws.symantec.com
                                                                                                                    Response
                                                                                                                    HTTP/1.1 200 OK
                                                                                                                    Content-Type: application/ocsp-response
                                                                                                                    Content-Length: 5
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Cache-Control: public, max-age=139
                                                                                                                    Date: Sun, 19 Jan 2025 07:01:55 GMT
                                                                                                                    Connection: keep-alive
                                                                                                                    Server-Timing: cdn-cache; desc=HIT
                                                                                                                    Server-Timing: edge; dur=1
                                                                                                                    Akamai-GRN: 0.05aace17.1737270115.81d7717
                                                                                                                    Server-Timing: ak_p; desc="1737270115470_399419909_136148759_15_919_0_0_-";dur=1
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                                                    Remote address:
                                                                                                                    2.22.142.222:80
                                                                                                                    Request
                                                                                                                    GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D HTTP/1.1
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Pragma: no-cache
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Microsoft-CryptoAPI/10.0
                                                                                                                    Host: evcs-ocsp.ws.symantec.com
                                                                                                                    Response
                                                                                                                    HTTP/1.1 200 OK
                                                                                                                    Content-Type: application/ocsp-response
                                                                                                                    Content-Length: 5
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Cache-Control: public, max-age=139
                                                                                                                    Date: Sun, 19 Jan 2025 07:01:55 GMT
                                                                                                                    Connection: keep-alive
                                                                                                                    Server-Timing: cdn-cache; desc=HIT
                                                                                                                    Server-Timing: edge; dur=1
                                                                                                                    Akamai-GRN: 0.05aace17.1737270115.81d7718
                                                                                                                    Server-Timing: ak_p; desc="1737270115523_399419909_136148760_10_704_52_0_-";dur=1
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    evcs-crl.ws.symantec.com
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    evcs-crl.ws.symantec.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                    evcs-crl.ws.symantec.com
                                                                                                                    IN CNAME
                                                                                                                    crl-symcprod.digicert.com
                                                                                                                    crl-symcprod.digicert.com
                                                                                                                    IN CNAME
                                                                                                                    mpki-crl.edge.digicert.com
                                                                                                                    mpki-crl.edge.digicert.com
                                                                                                                    IN CNAME
                                                                                                                    pki-ocsp.digicert.com.edgekey.net
                                                                                                                    pki-ocsp.digicert.com.edgekey.net
                                                                                                                    IN CNAME
                                                                                                                    e3782.cd.akamaiedge.net
                                                                                                                    e3782.cd.akamaiedge.net
                                                                                                                    IN A
                                                                                                                    2.22.142.222
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://evcs-crl.ws.symantec.com/evcs.crl
                                                                                                                    Remote address:
                                                                                                                    2.22.142.222:80
                                                                                                                    Request
                                                                                                                    GET /evcs.crl HTTP/1.1
                                                                                                                    Cache-Control: max-age = 3600
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    If-Modified-Since: Mon, 07 Oct 2024 08:46:45 GMT
                                                                                                                    User-Agent: Microsoft-CryptoAPI/10.0
                                                                                                                    Host: evcs-crl.ws.symantec.com
                                                                                                                    Response
                                                                                                                    HTTP/1.1 200 OK
                                                                                                                    Content-Type: application/pkix-crl
                                                                                                                    Content-Length: 1824
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Cache-Control: public, max-age=2755
                                                                                                                    Date: Sun, 19 Jan 2025 07:01:55 GMT
                                                                                                                    Connection: keep-alive
                                                                                                                    Server-Timing: cdn-cache; desc=HIT
                                                                                                                    Server-Timing: edge; dur=1
                                                                                                                    Akamai-GRN: 0.05aace17.1737270115.81d77a8
                                                                                                                    Server-Timing: ak_p; desc="1737270115674_399419909_136148904_10_728_0_0_-";dur=1
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    222.142.22.2.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    222.142.22.2.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                    222.142.22.2.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    a2-22-142-222deploystaticakamaitechnologiescom
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    armoredlegion.com
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    armoredlegion.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                    armoredlegion.com
                                                                                                                    IN A
                                                                                                                    172.67.141.248
                                                                                                                    armoredlegion.com
                                                                                                                    IN A
                                                                                                                    104.21.94.246
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    jumptomoon.com
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    jumptomoon.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    GET
                                                                                                                    http://armoredlegion.com/305986.png?pr=gA924CDTJpwU0idLPI76rCv%2F2KTe6bIBIRO9uMRXwVGH2E37DgbfmJqc0Tve10fbegpRAyOP%2BOz2EF1B248DnBTwMO3fwPtOpTZnKtNCadfqFs%2BkSYGtVxREmDRoR1bjPxGH1G14sKxqhD7s%2BIgmYjNfq6lCCuRh6EX6qCv5ccS%2FAQTihPy1YdvJA6czpC2QRS1HQsiOSdpwKdvNl2li9oeKQNdFw5z58kI2OL3%2B2TfFnw21xFh1vMCrC5R%2F%2BavjiC3QOmVSwHbGARRitEN3XREz%2BHgq6uTWtzqc3GlQoBG87KodB6Svb%2FMrs%2FxNO9GaEBKixzOCHJHuBiitVxXlkdBZ1otwhPx4Py%2Fqj15wzmHk7gobRvFib0MH%2FL7cbs733Pw93UOhVhunPNhud9EtmMU9zxEXkcNgigGiUX0dWCj%2Bnx2uhj7OvtCB6gwskmP55toiiIUscRPxpUOjGoTOcf%2Bd6hmgDToMk9%2FEKtVXRWZJ%2F9SWyWz0X
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    Remote address:
                                                                                                                    172.67.141.248:80
                                                                                                                    Request
                                                                                                                    GET /305986.png?pr=gA924CDTJpwU0idLPI76rCv%2F2KTe6bIBIRO9uMRXwVGH2E37DgbfmJqc0Tve10fbegpRAyOP%2BOz2EF1B248DnBTwMO3fwPtOpTZnKtNCadfqFs%2BkSYGtVxREmDRoR1bjPxGH1G14sKxqhD7s%2BIgmYjNfq6lCCuRh6EX6qCv5ccS%2FAQTihPy1YdvJA6czpC2QRS1HQsiOSdpwKdvNl2li9oeKQNdFw5z58kI2OL3%2B2TfFnw21xFh1vMCrC5R%2F%2BavjiC3QOmVSwHbGARRitEN3XREz%2BHgq6uTWtzqc3GlQoBG87KodB6Svb%2FMrs%2FxNO9GaEBKixzOCHJHuBiitVxXlkdBZ1otwhPx4Py%2Fqj15wzmHk7gobRvFib0MH%2FL7cbs733Pw93UOhVhunPNhud9EtmMU9zxEXkcNgigGiUX0dWCj%2Bnx2uhj7OvtCB6gwskmP55toiiIUscRPxpUOjGoTOcf%2Bd6hmgDToMk9%2FEKtVXRWZJ%2F9SWyWz0X HTTP/1.0
                                                                                                                    Connection: close
                                                                                                                    Host: armoredlegion.com
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: chrome/9.0
                                                                                                                    Response
                                                                                                                    HTTP/1.1 301 Moved Permanently
                                                                                                                    Date: Sun, 19 Jan 2025 07:01:56 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 167
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=3600
                                                                                                                    Expires: Sun, 19 Jan 2025 08:01:56 GMT
                                                                                                                    Location: https://armoredlegion.com/305986.png?pr=gA924CDTJpwU0idLPI76rCv%2F2KTe6bIBIRO9uMRXwVGH2E37DgbfmJqc0Tve10fbegpRAyOP%2BOz2EF1B248DnBTwMO3fwPtOpTZnKtNCadfqFs%2BkSYGtVxREmDRoR1bjPxGH1G14sKxqhD7s%2BIgmYjNfq6lCCuRh6EX6qCv5ccS%2FAQTihPy1YdvJA6czpC2QRS1HQsiOSdpwKdvNl2li9oeKQNdFw5z58kI2OL3%2B2TfFnw21xFh1vMCrC5R%2F%2BavjiC3QOmVSwHbGARRitEN3XREz%2BHgq6uTWtzqc3GlQoBG87KodB6Svb%2FMrs%2FxNO9GaEBKixzOCHJHuBiitVxXlkdBZ1otwhPx4Py%2Fqj15wzmHk7gobRvFib0MH%2FL7cbs733Pw93UOhVhunPNhud9EtmMU9zxEXkcNgigGiUX0dWCj%2Bnx2uhj7OvtCB6gwskmP55toiiIUscRPxpUOjGoTOcf%2Bd6hmgDToMk9%2FEKtVXRWZJ%2F9SWyWz0X
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6zwj2pwct8kPORxU0VY3n0JgdD8Rmx%2F2a0NCVcyjV31xXEjSmlwZ6%2FHNeAwCy0IogqHQ3EX%2Br4vQDJwlXbw0ioSFcP9FGfcpCn9n0RW9WWOAskhvSYThe8%2FbKr27nfT7L9%2Fs6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 9044f4d5191d63e7-LHR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=47107&min_rtt=47107&rtt_var=23553&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=648&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    248.141.67.172.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    248.141.67.172.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    logstoreonline.com
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    logstoreonline.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    217.106.137.52.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    217.106.137.52.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    pdasoftstoreonline.com
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    pdasoftstoreonline.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    53.210.109.20.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    53.210.109.20.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    ourdatatransfers.com
                                                                                                                    F7AE.tmp
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    ourdatatransfers.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    jumptomoon.com
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    jumptomoon.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    198.187.3.20.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    198.187.3.20.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    50.23.12.20.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    50.23.12.20.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    172.210.232.199.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    172.210.232.199.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    96.136.73.23.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    96.136.73.23.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                    96.136.73.23.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    a23-73-136-96deploystaticakamaitechnologiescom
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    www.google.com
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    www.google.com
                                                                                                                    IN A
                                                                                                                    Response
                                                                                                                    www.google.com
                                                                                                                    IN A
                                                                                                                    142.250.187.196
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://www.google.com/
                                                                                                                    Remote address:
                                                                                                                    142.250.187.196:80
                                                                                                                    Request
                                                                                                                    GET / HTTP/1.0
                                                                                                                    Connection: close
                                                                                                                    Host: www.google.com
                                                                                                                    Accept: */*
                                                                                                                    Response
                                                                                                                    HTTP/1.0 302 Found
                                                                                                                    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGKDHsrwGIjA_PZk7MYfW_BOU7Mlm982UF6KKlaH_E4Fydib74eTr7l8V0Jo-DLuBU71r7si88lcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                    x-hallmonitor-challenge: CgsIoceyvAYQs_yYUxIEtdewUw
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-rARo4GjMYhhAibc8HHUufQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                    Date: Sun, 19 Jan 2025 07:02:57 GMT
                                                                                                                    Server: gws
                                                                                                                    Content-Length: 396
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Set-Cookie: AEC=AZ6Zc-XQ4ISvjf1pxhQ53CIzohKiAX2LcxPEBYzcVciMO-VF_dePPsxHo9k; expires=Fri, 18-Jul-2025 07:02:57 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://www.google.com/
                                                                                                                    Remote address:
                                                                                                                    142.250.187.196:80
                                                                                                                    Request
                                                                                                                    GET / HTTP/1.1
                                                                                                                    Connection: close
                                                                                                                    Pragma: no-cache
                                                                                                                    Host: www.google.com
                                                                                                                    Response
                                                                                                                    HTTP/1.1 302 Found
                                                                                                                    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGKHHsrwGIjAu3Mq-14_q67Zexyd7lEf2Gq8TQPeQqOVyNifPlYTYtAS8qUxR7WcB1E2JLYWkYpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                    x-hallmonitor-challenge: CgwIoceyvAYQgJnsrQISBLXXsFM
                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-ogHHv9_a_xuvUEjq3duUow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                    Date: Sun, 19 Jan 2025 07:02:57 GMT
                                                                                                                    Server: gws
                                                                                                                    Content-Length: 396
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Set-Cookie: AEC=AZ6Zc-VTWrvnV-hfaQ5cYNupzXSExv1M88yfYHgj6vXVVF5ZsFPLsc-jGA; expires=Fri, 18-Jul-2025 07:02:57 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                    Connection: close
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    196.187.250.142.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    196.187.250.142.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                    196.187.250.142.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    lhr25s33-in-f41e100net
                                                                                                                  • flag-gb
                                                                                                                    GET
                                                                                                                    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGKHHsrwGIjAu3Mq-14_q67Zexyd7lEf2Gq8TQPeQqOVyNifPlYTYtAS8qUxR7WcB1E2JLYWkYpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                    Remote address:
                                                                                                                    142.250.187.196:80
                                                                                                                    Request
                                                                                                                    GET /sorry/index?continue=http://www.google.com/&q=EgS117BTGKHHsrwGIjAu3Mq-14_q67Zexyd7lEf2Gq8TQPeQqOVyNifPlYTYtAS8qUxR7WcB1E2JLYWkYpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                    Connection: close
                                                                                                                    Pragma: no-cache
                                                                                                                    Host: www.google.com
                                                                                                                    Response
                                                                                                                    HTTP/1.1 429 Too Many Requests
                                                                                                                    Date: Sun, 19 Jan 2025 07:02:57 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                    Content-Type: text/html
                                                                                                                    Server: HTTP server (unknown)
                                                                                                                    Content-Length: 3086
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    Connection: close
                                                                                                                  • flag-us
                                                                                                                    DNS
                                                                                                                    11.227.111.52.in-addr.arpa
                                                                                                                    Remote address:
                                                                                                                    8.8.8.8:53
                                                                                                                    Request
                                                                                                                    11.227.111.52.in-addr.arpa
                                                                                                                    IN PTR
                                                                                                                    Response
                                                                                                                  • 2.22.142.222:80
                                                                                                                    http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                                                    http
                                                                                                                    895 B
                                                                                                                    1.2kB
                                                                                                                    8
                                                                                                                    7

                                                                                                                    HTTP Request

                                                                                                                    GET http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D

                                                                                                                    HTTP Response

                                                                                                                    200

                                                                                                                    HTTP Request

                                                                                                                    GET http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D

                                                                                                                    HTTP Response

                                                                                                                    200
                                                                                                                  • 2.22.142.222:80
                                                                                                                    http://evcs-crl.ws.symantec.com/evcs.crl
                                                                                                                    http
                                                                                                                    542 B
                                                                                                                    2.5kB
                                                                                                                    7
                                                                                                                    6

                                                                                                                    HTTP Request

                                                                                                                    GET http://evcs-crl.ws.symantec.com/evcs.crl

                                                                                                                    HTTP Response

                                                                                                                    200
                                                                                                                  • 172.67.141.248:80
                                                                                                                    http://armoredlegion.com/305986.png?pr=gA924CDTJpwU0idLPI76rCv%2F2KTe6bIBIRO9uMRXwVGH2E37DgbfmJqc0Tve10fbegpRAyOP%2BOz2EF1B248DnBTwMO3fwPtOpTZnKtNCadfqFs%2BkSYGtVxREmDRoR1bjPxGH1G14sKxqhD7s%2BIgmYjNfq6lCCuRh6EX6qCv5ccS%2FAQTihPy1YdvJA6czpC2QRS1HQsiOSdpwKdvNl2li9oeKQNdFw5z58kI2OL3%2B2TfFnw21xFh1vMCrC5R%2F%2BavjiC3QOmVSwHbGARRitEN3XREz%2BHgq6uTWtzqc3GlQoBG87KodB6Svb%2FMrs%2FxNO9GaEBKixzOCHJHuBiitVxXlkdBZ1otwhPx4Py%2Fqj15wzmHk7gobRvFib0MH%2FL7cbs733Pw93UOhVhunPNhud9EtmMU9zxEXkcNgigGiUX0dWCj%2Bnx2uhj7OvtCB6gwskmP55toiiIUscRPxpUOjGoTOcf%2Bd6hmgDToMk9%2FEKtVXRWZJ%2F9SWyWz0X
                                                                                                                    http
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    970 B
                                                                                                                    1.8kB
                                                                                                                    7
                                                                                                                    6

                                                                                                                    HTTP Request

                                                                                                                    GET http://armoredlegion.com/305986.png?pr=gA924CDTJpwU0idLPI76rCv%2F2KTe6bIBIRO9uMRXwVGH2E37DgbfmJqc0Tve10fbegpRAyOP%2BOz2EF1B248DnBTwMO3fwPtOpTZnKtNCadfqFs%2BkSYGtVxREmDRoR1bjPxGH1G14sKxqhD7s%2BIgmYjNfq6lCCuRh6EX6qCv5ccS%2FAQTihPy1YdvJA6czpC2QRS1HQsiOSdpwKdvNl2li9oeKQNdFw5z58kI2OL3%2B2TfFnw21xFh1vMCrC5R%2F%2BavjiC3QOmVSwHbGARRitEN3XREz%2BHgq6uTWtzqc3GlQoBG87KodB6Svb%2FMrs%2FxNO9GaEBKixzOCHJHuBiitVxXlkdBZ1otwhPx4Py%2Fqj15wzmHk7gobRvFib0MH%2FL7cbs733Pw93UOhVhunPNhud9EtmMU9zxEXkcNgigGiUX0dWCj%2Bnx2uhj7OvtCB6gwskmP55toiiIUscRPxpUOjGoTOcf%2Bd6hmgDToMk9%2FEKtVXRWZJ%2F9SWyWz0X

                                                                                                                    HTTP Response

                                                                                                                    301
                                                                                                                  • 127.0.0.1:60020
                                                                                                                    explorer.exe
                                                                                                                  • 127.0.0.1:60020
                                                                                                                  • 142.250.187.196:80
                                                                                                                    http://www.google.com/
                                                                                                                    http
                                                                                                                    302 B
                                                                                                                    1.5kB
                                                                                                                    5
                                                                                                                    5

                                                                                                                    HTTP Request

                                                                                                                    GET http://www.google.com/

                                                                                                                    HTTP Response

                                                                                                                    302
                                                                                                                  • 142.250.187.196:80
                                                                                                                    http://www.google.com/
                                                                                                                    http
                                                                                                                    307 B
                                                                                                                    1.5kB
                                                                                                                    5
                                                                                                                    5

                                                                                                                    HTTP Request

                                                                                                                    GET http://www.google.com/

                                                                                                                    HTTP Response

                                                                                                                    302
                                                                                                                  • 142.250.187.196:80
                                                                                                                    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGKHHsrwGIjAu3Mq-14_q67Zexyd7lEf2Gq8TQPeQqOVyNifPlYTYtAS8qUxR7WcB1E2JLYWkYpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                    http
                                                                                                                    526 B
                                                                                                                    3.7kB
                                                                                                                    6
                                                                                                                    7

                                                                                                                    HTTP Request

                                                                                                                    GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGKHHsrwGIjAu3Mq-14_q67Zexyd7lEf2Gq8TQPeQqOVyNifPlYTYtAS8qUxR7WcB1E2JLYWkYpgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

                                                                                                                    HTTP Response

                                                                                                                    429
                                                                                                                  • 8.8.8.8:53
                                                                                                                    8.8.8.8.in-addr.arpa
                                                                                                                    dns
                                                                                                                    66 B
                                                                                                                    90 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    8.8.8.8.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    97.17.167.52.in-addr.arpa
                                                                                                                    dns
                                                                                                                    71 B
                                                                                                                    145 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    97.17.167.52.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    172.214.232.199.in-addr.arpa
                                                                                                                    dns
                                                                                                                    74 B
                                                                                                                    128 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    172.214.232.199.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    134.32.126.40.in-addr.arpa
                                                                                                                    dns
                                                                                                                    72 B
                                                                                                                    158 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    134.32.126.40.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    7.98.22.2.in-addr.arpa
                                                                                                                    dns
                                                                                                                    68 B
                                                                                                                    129 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    7.98.22.2.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    evcs-ocsp.ws.symantec.com
                                                                                                                    dns
                                                                                                                    71 B
                                                                                                                    230 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    evcs-ocsp.ws.symantec.com

                                                                                                                    DNS Response

                                                                                                                    2.22.142.222

                                                                                                                  • 8.8.8.8:53
                                                                                                                    evcs-crl.ws.symantec.com
                                                                                                                    dns
                                                                                                                    70 B
                                                                                                                    231 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    evcs-crl.ws.symantec.com

                                                                                                                    DNS Response

                                                                                                                    2.22.142.222

                                                                                                                  • 8.8.8.8:53
                                                                                                                    222.142.22.2.in-addr.arpa
                                                                                                                    dns
                                                                                                                    71 B
                                                                                                                    135 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    222.142.22.2.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    armoredlegion.com
                                                                                                                    dns
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    63 B
                                                                                                                    95 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    armoredlegion.com

                                                                                                                    DNS Response

                                                                                                                    172.67.141.248
                                                                                                                    104.21.94.246

                                                                                                                  • 8.8.8.8:53
                                                                                                                    jumptomoon.com
                                                                                                                    dns
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    60 B
                                                                                                                    133 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    jumptomoon.com

                                                                                                                  • 8.8.8.8:53
                                                                                                                    248.141.67.172.in-addr.arpa
                                                                                                                    dns
                                                                                                                    73 B
                                                                                                                    135 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    248.141.67.172.in-addr.arpa

                                                                                                                  • 224.0.0.251:5353
                                                                                                                    168 B
                                                                                                                    3
                                                                                                                  • 8.8.8.8:53
                                                                                                                    logstoreonline.com
                                                                                                                    dns
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    64 B
                                                                                                                    137 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    logstoreonline.com

                                                                                                                  • 8.8.8.8:53
                                                                                                                    217.106.137.52.in-addr.arpa
                                                                                                                    dns
                                                                                                                    73 B
                                                                                                                    147 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    217.106.137.52.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    pdasoftstoreonline.com
                                                                                                                    dns
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    68 B
                                                                                                                    141 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    pdasoftstoreonline.com

                                                                                                                  • 8.8.8.8:53
                                                                                                                    53.210.109.20.in-addr.arpa
                                                                                                                    dns
                                                                                                                    72 B
                                                                                                                    158 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    53.210.109.20.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    ourdatatransfers.com
                                                                                                                    dns
                                                                                                                    F7AE.tmp
                                                                                                                    66 B
                                                                                                                    139 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    ourdatatransfers.com

                                                                                                                  • 8.8.8.8:53
                                                                                                                    jumptomoon.com
                                                                                                                    dns
                                                                                                                    JaffaCakes118_c095f0aa40c5fd9b02b9bea330bbda19.exe
                                                                                                                    60 B
                                                                                                                    133 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    jumptomoon.com

                                                                                                                  • 8.8.8.8:53
                                                                                                                    198.187.3.20.in-addr.arpa
                                                                                                                    dns
                                                                                                                    71 B
                                                                                                                    157 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    198.187.3.20.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    50.23.12.20.in-addr.arpa
                                                                                                                    dns
                                                                                                                    70 B
                                                                                                                    156 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    50.23.12.20.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    172.210.232.199.in-addr.arpa
                                                                                                                    dns
                                                                                                                    74 B
                                                                                                                    128 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    172.210.232.199.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    96.136.73.23.in-addr.arpa
                                                                                                                    dns
                                                                                                                    71 B
                                                                                                                    135 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    96.136.73.23.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    www.google.com
                                                                                                                    dns
                                                                                                                    60 B
                                                                                                                    76 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    www.google.com

                                                                                                                    DNS Response

                                                                                                                    142.250.187.196

                                                                                                                  • 8.8.8.8:53
                                                                                                                    196.187.250.142.in-addr.arpa
                                                                                                                    dns
                                                                                                                    74 B
                                                                                                                    112 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    196.187.250.142.in-addr.arpa

                                                                                                                  • 8.8.8.8:53
                                                                                                                    11.227.111.52.in-addr.arpa
                                                                                                                    dns
                                                                                                                    72 B
                                                                                                                    158 B
                                                                                                                    1
                                                                                                                    1

                                                                                                                    DNS Request

                                                                                                                    11.227.111.52.in-addr.arpa

                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                  Replay Monitor

                                                                                                                  Loading Replay Monitor...

                                                                                                                  Downloads

                                                                                                                  • C:\Program Files (x86)\LP\D3AD\F7AE.tmp

                                                                                                                    Filesize

                                                                                                                    103KB

                                                                                                                    MD5

                                                                                                                    86d203aa2caa9884b7b360153e9ea8c1

                                                                                                                    SHA1

                                                                                                                    a10e4e44dfc2a2ace55bf60eb769da2dcc79ca73

                                                                                                                    SHA256

                                                                                                                    0e8be7424ef08580c27c82cdc0226abeef27ce7664a16491c4d5c7eecbe6272d

                                                                                                                    SHA512

                                                                                                                    491afdef0e57cd084ac76493755c3dff971f1aef06bd4bc3d13447e159f3a32e8b9cc39e30af4f934badaeb2d922a18cf40dfc933b32b9afcb9b64d3a9349567

                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                    Filesize

                                                                                                                    471B

                                                                                                                    MD5

                                                                                                                    959d2a9c777132fe5498a165d5bbaaf7

                                                                                                                    SHA1

                                                                                                                    5cd8dd5a857fd362647a22ec0732207888f29bb9

                                                                                                                    SHA256

                                                                                                                    8bf88caa748bd496eb1290b073a40bc4d595a64ee5be59bd001826c5ec9befba

                                                                                                                    SHA512

                                                                                                                    66b2f65cb3ca7bf905aea846fc34ed6b818174438f4277114784162ed0b2e8bd18b54f195847ee765889750e8ddb903615367d71dbe0a12cc28cf1f07bcca923

                                                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                                                    Filesize

                                                                                                                    412B

                                                                                                                    MD5

                                                                                                                    b0f2d09a5add1012c344683b6cc09097

                                                                                                                    SHA1

                                                                                                                    5c54f76b790872e48dd3852b96b11e6615736bbb

                                                                                                                    SHA256

                                                                                                                    156c87ffefbd716914b8e1bdf4a033d4f905eb67e441bd01b290b9a42c85fead

                                                                                                                    SHA512

                                                                                                                    fdbe000468f58312a5ffce2f5bd88a51f0f23991d34a7f2d34dda0ccdd6944f5f3e39780d667220901bfc7bc5836efd40e1a3c8922566723a2eebc0d64fdfb0d

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                                                    Filesize

                                                                                                                    2KB

                                                                                                                    MD5

                                                                                                                    dec711bb8f11ad2ec660af152bc8706f

                                                                                                                    SHA1

                                                                                                                    a12bc314b2b816d99222ae4cf6d8e2ef3f47d3b3

                                                                                                                    SHA256

                                                                                                                    a717a3e0772ed98da34ce1c4fe512604c59bc74c80aac4332c4644a5499591f4

                                                                                                                    SHA512

                                                                                                                    111040fb161a5f206acf9ebab53399135ad91415dd90856c59fd0fac0d595b8c49f5d92cdf82f543345da6376584f8b99f0e121fa1616342612769b7f18208b3

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2C1DWAXK\microsoft.windows[1].xml

                                                                                                                    Filesize

                                                                                                                    96B

                                                                                                                    MD5

                                                                                                                    e348d00fe7b19d8e8f6efc5cd8f3be59

                                                                                                                    SHA1

                                                                                                                    de85b87da07da2e4b4215ef312d318f1b329ca6e

                                                                                                                    SHA256

                                                                                                                    4ee26da36e3b7d5c9f14f2ed8d6c75c10434acec949dc6e550f176b9acb84dd7

                                                                                                                    SHA512

                                                                                                                    a0a9a671e08cb35904098426cf1b50a11d6a0c7be57f684f9808f5c953ac2732dd1f090c3d12260870056a1ee5f9097ad9872715c798fba196d7212a536afcbe

                                                                                                                  • C:\Users\Admin\AppData\Roaming\DB993\3243.B99

                                                                                                                    Filesize

                                                                                                                    1KB

                                                                                                                    MD5

                                                                                                                    180767d64e7e6ced2d9778297c7fa0e1

                                                                                                                    SHA1

                                                                                                                    d25a8fbd982fb9a9b1d8a9ae41e0d11a03c98daa

                                                                                                                    SHA256

                                                                                                                    2d793a18af580cea5f24c36cb574de3c53db610e902e969edc7ce5935ddac938

                                                                                                                    SHA512

                                                                                                                    dce68a21c3313ba5babe24fc5a59794c648bfe9d6d5586b9900ea1af9c38c8cce249d1f456b44e21ad30509db505aadba6213983eccda6a9deeb42bd9ea26627

                                                                                                                  • C:\Users\Admin\AppData\Roaming\DB993\3243.B99

                                                                                                                    Filesize

                                                                                                                    600B

                                                                                                                    MD5

                                                                                                                    b0cbe8eb3c34275579d1002c55c958f4

                                                                                                                    SHA1

                                                                                                                    0d4a1b3bbface947e84fff1921d10ed10c1f1416

                                                                                                                    SHA256

                                                                                                                    baa5e6b8f9f4bbabbaa48595451ac6d33e7ead647b3ce91191e4db26cb0db4e3

                                                                                                                    SHA512

                                                                                                                    719c9f3536b15e76254af05b0ffdf6c4c4a0e14fa53f76ff2f01fb930a53efb243594d67849bdc9093827a61828d437a3af7426a5481029bf49e07b0f356b826

                                                                                                                  • C:\Users\Admin\AppData\Roaming\DB993\3243.B99

                                                                                                                    Filesize

                                                                                                                    996B

                                                                                                                    MD5

                                                                                                                    7136df51dd78e9b3c789c98439f928b6

                                                                                                                    SHA1

                                                                                                                    69a49767b3c8f49378768e1e71a4f800507ddd14

                                                                                                                    SHA256

                                                                                                                    2bf3f80ed9622c681b3ff48ed0b99886be76d60b0cfd8f088538139b2fbc154a

                                                                                                                    SHA512

                                                                                                                    35d54c8b600d15e96155259636b495170f0d2daed111bb023a9a0c8e5250c37f97212d0edf803b42f602c3ec6351062bfe09beb24874643ec4483772d957f09c

                                                                                                                  • memory/468-1251-0x0000000004190000-0x0000000004191000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/848-795-0x0000021EC2300000-0x0000021EC2400000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/848-811-0x0000021EC3620000-0x0000021EC3640000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/848-799-0x0000021EC3660000-0x0000021EC3680000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/848-794-0x0000021EC2300000-0x0000021EC2400000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/848-822-0x0000021EC3A20000-0x0000021EC3A40000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/848-796-0x0000021EC2300000-0x0000021EC2400000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/1280-199-0x0000020C1CAA0000-0x0000020C1CAC0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/1280-196-0x0000020C1BB00000-0x0000020C1BC00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/1280-195-0x0000020C1BB00000-0x0000020C1BC00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/1280-194-0x0000020C1BB00000-0x0000020C1BC00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/1280-212-0x0000020C1CA60000-0x0000020C1CA80000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/1280-230-0x0000020C1CE70000-0x0000020C1CE90000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/1512-644-0x0000000004D20000-0x0000000004D21000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/1608-14-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    424KB

                                                                                                                  • memory/1608-13-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    424KB

                                                                                                                  • memory/1608-12-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    424KB

                                                                                                                  • memory/1920-1399-0x0000000004530000-0x0000000004531000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/2184-1097-0x0000000004180000-0x0000000004181000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/2232-1248-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    424KB

                                                                                                                  • memory/2232-153-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    424KB

                                                                                                                  • memory/2232-69-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    424KB

                                                                                                                  • memory/2232-16-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    424KB

                                                                                                                  • memory/2232-15-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    412KB

                                                                                                                  • memory/2232-2-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    424KB

                                                                                                                  • memory/2232-1-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    412KB

                                                                                                                  • memory/2272-650-0x0000026972370000-0x0000026972390000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2272-659-0x0000026972330000-0x0000026972350000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2272-672-0x0000026972740000-0x0000026972760000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2272-645-0x0000026971220000-0x0000026971320000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2376-527-0x000001F0154A0000-0x000001F0154C0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2376-516-0x000001F014E90000-0x000001F014EB0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2376-505-0x000001F014ED0000-0x000001F014EF0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/2376-500-0x000001F013F70000-0x000001F014070000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2376-502-0x000001F013F70000-0x000001F014070000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/2984-946-0x0000000002D40000-0x0000000002D41000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/3556-67-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    424KB

                                                                                                                  • memory/3556-68-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    424KB

                                                                                                                  • memory/3656-193-0x0000000002550000-0x0000000002551000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/3672-1289-0x000002F3C70E0000-0x000002F3C7100000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/3672-1257-0x000002F3C6B00000-0x000002F3C6B20000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/3672-1268-0x000002F3C6AC0000-0x000002F3C6AE0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/3672-1254-0x000002F3C5C00000-0x000002F3C5D00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/3672-1252-0x000002F3C5C00000-0x000002F3C5D00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/3672-1253-0x000002F3C5C00000-0x000002F3C5D00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4260-498-0x00000000044A0000-0x00000000044A1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/4356-1101-0x000001D476B00000-0x000001D476C00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4356-1116-0x000001D477BA0000-0x000001D477BC0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4356-1104-0x000001D477BE0000-0x000001D477C00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4356-1100-0x000001D476B00000-0x000001D476C00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4356-1099-0x000001D476B00000-0x000001D476C00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4356-1127-0x000001D477FB0000-0x000001D477FD0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4416-969-0x000001D505A80000-0x000001D505AA0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4416-984-0x000001D5060A0000-0x000001D5060C0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4416-952-0x000001D505AC0000-0x000001D505AE0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4416-948-0x000001D504D00000-0x000001D504E00000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  • memory/4420-356-0x00000247032F0000-0x0000024703310000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4420-367-0x00000247032B0000-0x00000247032D0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4420-378-0x00000247038C0000-0x00000247038E0000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                  • memory/4440-155-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    112KB

                                                                                                                  • memory/4444-792-0x0000000004C80000-0x0000000004C81000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/4672-348-0x0000000003650000-0x0000000003651000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                  • memory/4788-1401-0x0000018B1A040000-0x0000018B1A140000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1024KB

                                                                                                                  We care about your privacy.

                                                                                                                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.