Analysis Overview
SHA256
a59fbc4f9903ed18c989e87bc83073b463310ffe6c90a43c53400739719d0aae
Threat Level: Known bad
The file FLP_1037850047.pdf was found to be: Known bad.
Malicious Activity Summary
Oski
Suspicious use of SetThreadContext
Program crash
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-04-04 03:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-04 03:25
Reported
2022-04-04 04:00
Platform
win7-20220331-en
Max time kernel
56s
Max time network
47s
Command Line
Signatures
Oski
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1648 set thread context of 1736 | N/A | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe
"C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe"
C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe
C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe
C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe
C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 112
Network
Files
memory/1648-54-0x00000000000D0000-0x0000000000132000-memory.dmp
memory/1648-55-0x0000000000210000-0x000000000021A000-memory.dmp
memory/1648-56-0x0000000000240000-0x0000000000262000-memory.dmp
memory/1736-57-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1736-58-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1736-62-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1736-64-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1736-60-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1736-66-0x0000000000400000-0x0000000000438000-memory.dmp
memory/1736-67-0x000000000040717B-mapping.dmp
memory/1736-69-0x0000000000400000-0x0000000000438000-memory.dmp
memory/944-70-0x0000000000000000-mapping.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-04-04 03:25
Reported
2022-04-04 04:05
Platform
win10v2004-20220310-en
Max time kernel
123s
Max time network
150s
Command Line
Signatures
Oski
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3796 set thread context of 4248 | N/A | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e0000000002000000000010660000000100002000000023c9eec1059e5631c68ef4d5cf425d2c2b1a43bdd6078d321fda048def5e956f000000000e800000000200002000000012e72da4e702cf044c79795c5cb6c204e0de31cd5ac72b20cac19d10fa403932100d0000cb7b79fac359a840b70e0cb66503af72c65c74cedbd60f8355ada1571d1350505e44e5f98fdd4794042c76a338faae939f398e1e89503f7ff2e31309d2be026e6dd23b6c422bf294b5511cf9a044be03eb50bb020800a238ef3a66d555e11b13a357027d9b95cca418db457406fc9d386fc8d5d8620365b336b5f2f066fa96dbb4bfb1ce2a5d160f23beed39c0741b1d6e58696b22f661ccd930924ee55699b45872b1c02073507c1b596c4cf41d8f9e7d1a4559d1b1429c34ad437cd8b91c418baaa524661bf951ffc4263c3345b370c8a33ed35bbe725b74d8b67b5f2581d1fd0fa504715ec6eb98c10c45aca969538a1ec18bf7350571b77eb8c0f042165ebb5465a058636b0260e8b86e0d3eb600f9be47b2456ec8338a2e50d33198943cd459e899e66e8c3f429fcfbb660b196313ec8d02b2a0b59e9188b5780b710bbae6cbad0d1d1459bca65764c167f3f6ed7249fc15447b32b4c24574cab69b9f3917ae2ea273cba00755f675956dbb38bfeffd960fa30d01c80955e4750c8ed2f48abc40c0d673deca0260396c05d0cac7da703f5612d09fb9215313effb2790f8ac74cd0914850ae027732c93559d9cba33282ee8bcaf2f297718df74e55c922261a8ae9009f202f742604a0316247973516c905467659d45f70d55cbffecaf3ab763cb2652dfdc709f90d97171a4bb2272cd27b48997fa0bcf4c99d029f37d523f8411d324336c572ada0dd13207ca7f83481a21fa3905e9b146a81d120be5f75c57c81b76733252a6a109d75d81edf6e7e117f53adad35fdbd8a06d4a66198bf05d368079a668e8af3712b3a5af3702b3fe092a50784f0e454a9f5e6683f75d398429c6fae17ba04c35b7fb7284452974c78ebecc5feaefee25121eb44a154ebdcb5a01a96ff268945d9dfcd273cb37f97b1fa3f67180d456b4cfe73708c797d5d03ecaa9e6f74e01518248ddfa81bf809e80f49704eca129202daa8a71d3192d2ad04c21b85cb644b65220db180c73c83226a99dd5b35138a31a6612b226b14b7f0c03d5d3df0e71b322fb82be15499cd6419896351a4d56c461757ad217db771846c1a0e7ffe9e195a332d3e044065cae7fdbc3bc8f81726d761f9d4c6f7e4e810de5d25757a9238d95c037fdb839eff650f3203ddcc7f3e7575d7060027fb579ac363192c7e8cf1c65cae937c5c97350c7c61daacea856f5d42ddc29ff01f479c31eb27623cf8b6f1acd01f85f0f8ab024ea0b3ea472e7f690b9ff3d699ff9906ce8edda66ded2098c1b894881df443a8f9d967a66a1b863dafe92b9661096f1805b60e74c351c33e970a5f0b75210eb7075fa892213966d7857dedf5a6ce1b768e0846417f42cd0eaa06d3c58e7ed5676aba222da8c16bc798ce54f27e24625d519a640ea5281d4da09774746ba9d1bd4fc6cb4963b1508efdd3485fe5d5148d1f4ca943bd7819d3b880f1c5e521b83448933a63bb73cdd5cd78a8df38935b01888ed8ddaede818411b854483fa7e77909595c4914bc55cceb06d296930fe54d017e20ae069227a2c9697bc9cd4e1e19582a75a059f00ee7a6c81be6d694800b89ba469b2f80f791453909d3a3e5d7d6c7b3195af9a6d17733cb8c0907cc3e77ea34bbcd62240805913df88d31b573bafe8376b468b00c1f5d3db7557f069db2460ae3de54b35494e3643628a378f5fa07327996dd22aa209594a47447653e80f9f151ebcccd5005dc10ce6a2ec8533a4bf099dcd440195a31977c2450c613afb969b314d700cf556e9dc23016ec388520dc94b269515bd67443c48c68b836791638d9019ae60cdbc1bc36702b7bc1b712ba4c1b2f8556ec277de87e6c311548a1c1b14986aafa9f74ea007137f5c17e7da1704eba9c55de7defe6d1860930156371cadf060bc8671374ac11d47800f7830b31088022e5d5a7efa318635a2dc9f38fbb79cdc780cf0fa00e602c71aac8e8611dd2e2a2c53e5729208b39b7ec391a5d50cfb3ce58c54446cdd0cdeb6fb957fb74f52095f2d650b4aeab6d4a4bd4fb897bb15923969c173509bcd5fa7a916cda38d146a9d5f502b0747173cb5c30e06222caad82fe0c53dec47208e5c79004a6d3555c8cbf8be9f33aa4a84aede994b724c7c731d152f185041b81dee3a2c72951e4b94834ff8c3127506afe5b3f5b0e24d0136141d7782ec26fe05f618224265ff8e87a4f5b1a47da08fb5c540d23e4b9d0fc46a71df60c59601d72868a09a2df794fb1d13008f4a29aabaf74ad67495ae9c3a4c6ca45a58715931bb8a3be1b45a1308ef5032b9771c175d9f0cbc231e57f10ead0f95343f7c5702f0d7ad539951efab682458294dba605370d4f6e6d41ff1215cd4d3e5b53fd95ca2752208ccf1b1074ffefc707eb72a592d6cf94a27344346c3b2208f8b4e3ac095665dc87e3175a0c1959a8d8803cb4329c5372f65324a5f09a8ecfc41f973406f273aba2bf0343697d334774f21efe4a25c21b50f76388e0352910b1e6b41f48e0791eb2ed9f97fc0fead7d243fc1418e5e5358194a94fa577869f0c1a3841621f87b94d4b8abf5859c7b5fed4985d34b080334ce5eb3c08d10876f96c112b2c05ce69bf1c61c839bd5fe6f53086da943c571f547e4da1d6c3c68c798a64f40d6cf4144e5f62c4ba54f7866c0136ca06603cb96e47404dba6227ce411fd834a18d0983698d7f0c07798e0558088ea0ab2f90a241615c0c36ee056cd95e90a1ab2d33d49d97fc73351ab91ba8f212798cd0f7f699db45848e6e46b6f5566be963e584f1bb1c4687d6220febfed9611a990c997a9f53175a22591961aa70ea83d593b29e080b0a1a0e93499d39dc3c7ce48b7e6dccc8aae8b0de8b90c79cf1cc3fa4274a60158af9172d6c6566e2ca7af0c46c08a8e809fa047d6f255923d9c3b36ecf7b7ecf68fc53b8998de44f3d5aedbab51053445079b101dd644f38949f99f1b92571792a1d7372801b96a65889c7ab5315d6700cf07cc4a9cbca9484924cc01449b02f194cbbd110426fb109ecfef7331dc2357cfff047db7f5bda3fba7ed8011499a1da0a5e5865cea444651e8df51482501221952f3565ec9525266e48b8a1c13c76c8420c342cefba002721b26519b939fd608c537cd5b1a3af778fa4c4c79ace3027ac5c8d400c65b5295b0546bfb04c41eee51ddcbe47b1609d36ae7e8232b35f9920e5c75cb91cc9bd3e72a6cef717748722f71887ac52796cdb4d9fe529d41e2448006d403766963f2df109561c8c5d8615c7a145c8a136373968504689e58a2d655086b0df5f9f353d54ffc5234087feb17e5defb86c8be86bdd53b0852d0abff6417a2a6dd42f06ee581c37b9b4912ea6a59456c5713a0044ac7919a1b4aa6e41706c10899bf16ed3724a3ef8e9f8db83d0986b4194c6d0f76b7b460bfc6063230fb604be076e0db43eb32840c51cec478af944be360ac623d0c10f5dfe0ed75daba91adb9c14fabe25ee7eec87caa50665482ac1ccdb13b54ae8d26e19c82d891607855f36248a59c703a6839df9e56807dae997fdb6ad0fd38f473a53b77e7747ee20297cb359b2bf303b167bd186f95fbee42dd4810aa513939efab605dd56f808f4cc5a6d910b50a83ba1613e16aac36dcd4a11a719022e3cd4ee364175467a6624acca4654d8ec6b0ae9e72341b73c6a59bb655022fc882eeb6bec16f4e1785a717343c4998748db07335a5bcddbc99acab9fd663ddc10e742350f91b43e62f1d18d86e99aa05f05dacc1e3d69698eaecc1018be9bd8dd308420982c06601f342d3942c13b6b39144e9ad0f3b3302093eef2de16562f614834cc83334d1d642f7af9d7b3daaacfed6600fcc60e9846889e64aeaccb1ca1f6be3be4350c1f57244426fc123226b05a0bf379c131711a29e8db4800c76ad4bd3ddd4f4c64af1d8c01d8f6aee43fbbcd00d41f85eba2f435032a4a0fdbb27c2609b955d761c45a08d4655c1f3b78a9a55d9cc682767407959f7827899e4d6134d69927cfdb9a6218a5300c362ec5fcdccd7346a43203f533e11cfe72620355f2a704751aa47aa4a6c05c1cb78f5a2aa46d0bd97e36c1b6e819aaba8ca700ad735bed176fdfed4493f644429464a016de432b1a2725cdaeb937e8ee77f914b3ea4b1a4ce81bc41a81c5d89b4bf4026892edd025d15602dce5a591bb97c86b9bec54328930f5f619710c7e2e4d08cabd8d080f30b07b9511792a4b1443b7c8f9694eb66bce7dab4b78c14bdb8b95be37d8bfad546da4f61b46192c9bbf41b24aa7738b3e449d6f867f7566bf2de52c247b331c4fb52d4b286c9305f8c9a23c4022f3ff9b3e934bfbf55677e89d30c3b03c349a859ace6ace5af719b005319941e03d93150c8ef81fca00e8e00abd3125221ec607b32cef69f0b9924b1f63962e9c6fc44e15cb537667364fb8b288b28e56f91f40d308e8857365e773775b035dc16bca95bdbe87f3d12cfb53edf0d8d08391d051755dfcea023f66ab2e4258be23f328bc67ccb9287ae5320bb9430b55e85e1ca84d5ea1e164a1a6c6cdd7c9091744b003ed4cdf63d81ec4412106d0fbfc1a5f0df9e231c9f81a431ef785880216f65fa08608181571539c15279d13c6d99202e8773bca3447fcf8c29812fe78a7a2267894d185cfd7c6616b6ae996f7f9187d0d3d31eddde83740dbb2ad0e07aefc60e4b0bc40c6d550c09b260268a7382f63fc2c8a1553b132f8abfbd7089400000008e2b5e3696e46392f94343740bf802e0da5d313bcb7ac7c726f2b98767163c526039bceefffb0fdfe92d489d831a6a4b60ea811da6c6fee93996ddb8cb4b69c8 | C:\Windows\System32\svchost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceId = "001840067B664538" | C:\Windows\System32\svchost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\ApplicationFlags = "1" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Property | C:\Windows\System32\svchost.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property\001840067B664538 = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e00000000020000000000106600000001000020000000e30f17dc8a3c5fc02bd0769a568cf00c0613a1748d531da0a25b46ed593d796a000000000e8000000002000020000000a32556f099a3aef099f3e88ffb3ec9bbc324d192ea789865d3cde12d6b5fafad80000000a604cfc461bdbc536cfc26102135e5ab8e89188163103ec8ab019a7011b06e72f7537ca1168149de04a78c1393b257977ba09324902bfe7d566ab73efdeb2edd882a5f2519ef92677ce9d25f43f548de4742fd25251d7911b28012053390d3fac11ed7e1aeeca2be149075edbce5ad566aad43b83c90a39254a81ce7903b1ed240000000eba822c9bb13defec552d0aad6ba0e63540238918faf4ad51260b5d05e970d7cf9a6d95d916387f83aabc4c24d9fc5adc6818cf8b50de1dcb1b51f3c0c3db14d | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5} | C:\Windows\System32\svchost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe
"C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe
C:\Users\Admin\AppData\Local\Temp\FLP_1037850047.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4248 -ip 4248
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 232
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.203:443 | tcp | |
| US | 8.8.8.8:53 | licensing.mp.microsoft.com | udp |
| US | 20.223.25.224:443 | licensing.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | storesdk.dsx.mp.microsoft.com | udp |
| FR | 2.18.109.224:443 | storesdk.dsx.mp.microsoft.com | tcp |
| US | 20.223.25.224:443 | licensing.mp.microsoft.com | tcp |
| US | 20.223.25.224:443 | licensing.mp.microsoft.com | tcp |
| US | 20.223.25.224:443 | licensing.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | store-images.s-microsoft.com | udp |
| NL | 104.123.41.133:80 | store-images.s-microsoft.com | tcp |
| NL | 104.123.41.133:80 | store-images.s-microsoft.com | tcp |
| NL | 104.123.41.133:80 | store-images.s-microsoft.com | tcp |
| US | 20.223.25.224:443 | licensing.mp.microsoft.com | tcp |
| NL | 104.123.41.133:80 | store-images.s-microsoft.com | tcp |
| NL | 104.123.41.133:80 | store-images.s-microsoft.com | tcp |
| NL | 104.123.41.133:80 | store-images.s-microsoft.com | tcp |
| US | 20.223.25.224:443 | licensing.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | tsfe.trafficshaping.dsp.mp.microsoft.com | udp |
| IE | 20.54.110.119:443 | tsfe.trafficshaping.dsp.mp.microsoft.com | tcp |
| IE | 20.54.110.119:443 | tsfe.trafficshaping.dsp.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | dl.delivery.mp.microsoft.com | udp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.21.200:443 | tcp | |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| NL | 104.110.191.148:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | tlu.dl.delivery.mp.microsoft.com | udp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 4.tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 178.79.208.1:80 | 4.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 2.tlu.dl.delivery.mp.microsoft.com | udp |
| FR | 2.22.147.17:80 | 2.tlu.dl.delivery.mp.microsoft.com | tcp |
| FR | 2.22.147.17:80 | 2.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 8.253.208.113:80 | dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 13.107.4.50:80 | tlu.dl.delivery.mp.microsoft.com | tcp |
Files
memory/3796-134-0x00000000004A0000-0x0000000000502000-memory.dmp
memory/3796-135-0x0000000004EC0000-0x0000000004F36000-memory.dmp
memory/3796-136-0x0000000004EA0000-0x0000000004EBE000-memory.dmp
memory/4248-137-0x0000000000000000-mapping.dmp
memory/4248-138-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4248-139-0x0000000000400000-0x0000000000438000-memory.dmp
memory/4248-140-0x0000000000400000-0x0000000000438000-memory.dmp