Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

9b035bad2b...18.exe

windows7-x64

10

9b035bad2b...18.exe

windows10-1703-x64

10

9b035bad2b...18.exe

windows10-2004-x64

10

9b035bad2b...18.exe

windows11-21h2-x64

10

Resubmissions

11/04/2024, 11:14 UTC

240411-nb5z8sdd7y 10

11/04/2024, 11:14 UTC

240411-nb5dpsdd7w 10

11/04/2024, 11:14 UTC

240411-nb43yaac56 10

11/04/2024, 11:14 UTC

240411-nb3vwadd7t 10

11/04/2024, 11:14 UTC

240411-nb3j4sac55 10

09/04/2024, 03:54 UTC

240409-egc2zahd2z 10

09/04/2024, 03:53 UTC

240409-ef443adg89 10

09/04/2024, 03:53 UTC

240409-efxd8ahc9v 10

09/04/2024, 03:53 UTC

240409-efmvsahc8w 10

03/04/2024, 00:16 UTC

240403-akzypahh9t 10

Analysis

  • max time kernel
    1192s
  • max time network
    1203s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/04/2024, 03:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

  • Size

    7.6MB

  • MD5

    9b035bad2b8a21fb2c57fd784c89b8d5

  • SHA1

    ee15fad65f3f22df7f54e218176c45d369ebb70f

  • SHA256

    2d49873798ab5ee10992f377ebb27ee940b1f354b9ec4ebebe687177ea2b214c

  • SHA512

    96c0189aba67db2f1c38affa5ac44665566ea17e20e5f749aef771739c81beb96bbcac8ea35aad80cffc9d492e23fcbaefbf03f72011d9bd1ccac36182466dde

  • SSDEEP

    196608:imEljesxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQUDxtw3iFFrS6XOfTV73cP:balxwZ6v1CPwDv3uFteg2EeJUO9WLjD/

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.32

C2

7ix5nfolcp4ta4mk2dtihev73rw7d2edpbd5tp7sf7zgmpv66fpxnwqd.onion:80

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    dllhost

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • BitRAT payload 2 IoCs
  • ACProtect 1.3x - 1.4x DLL software 7 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 53 IoCs
  • Loads dropped DLL 64 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Looks up external IP address via web service 19 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 40 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2136
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1520
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2812
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2096
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:588
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2068
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2840
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2472
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1112
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1544
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2044
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2296
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2552
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2472
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1656
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3056
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1404
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2448
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2472
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1612
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1068
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1812
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:972
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2096
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1492
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1232
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1124
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2620
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2732
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1028
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2284
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2576
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2116
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:540
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3068
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2132
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:580
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2140
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2728
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1776
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2632
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1960
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3064
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2572
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2748
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1740
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2072
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1596
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1964
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2660
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1080
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1064
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2816

Network

  • flag-us
    DNS
    myexternalip.com
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    myexternalip.com
    IN A
    Response
    myexternalip.com
    IN A
    34.117.118.44
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: P28g0vG9QPxqbvXLmvNp9iAYHcBwzOL1
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:18:35 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: iCXMn32nyOz66cLPJzZljLWUL2v04kzq
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:19:20 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 5FZdx00EpDA5dgY7PEl5vg45xpKonu14
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:20:04 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 9csGySlQp07mHXi0HwJPvOaqvSBDVOer
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:20:44 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: M8OnpgnqfCccHy7nuEyo3DJJKAQim6Rd
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:22:41 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: ZdEmXnjKmxIShQIqDU8IH0CcIcUVXb10
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:24:01 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: whw5LNmAKDIPJTGodGLXMM4qLfZVJRHc
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:25:24 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 04jjLqYsq1F7xJuBUyurrYa7JIRu1vQt
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:26:03 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: TLBkM6UIVTzzibEvyaBwBmJcuYNLdpUo
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:27:28 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: QWkB9trRO4jHij23mxfvxdzcKxOKUFpI
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:28:04 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: a7nXNX1C12vPUp3ChVHbAhLfKnah2mGs
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:28:46 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    www.microsoft.com
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.microsoft.com
    IN A
    Response
    www.microsoft.com
    IN CNAME
    www.microsoft.com-c-3.edgekey.net
    www.microsoft.com-c-3.edgekey.net
    IN CNAME
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
    IN CNAME
    e13678.dscb.akamaiedge.net
    e13678.dscb.akamaiedge.net
    IN A
    72.246.173.187
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: nbcW57Tg9m4FuHEG1lQ4P0jyoFe0nIqm
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:30:06 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: xifspFeymFmNCMEPwJWk8551o5qNKJGM
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:30:46 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: AfLpti13hZaCXKBDQXeK0qcCrIjT386r
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:31:28 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: KGsB6qBKK2mKpPCNM5FTDRyEq8wM6gXy
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:32:10 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: o4ViHDhfBvrifBEMBjYyugYsOe30EHLF
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:34:12 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: bfhpyWywAVlsSCF3N5SDMyEyjT2H5LT1
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:34:47 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: YqFGGprZ27U9To3ABwxB7IuydM2jxkoU
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:35:24 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • 127.0.0.1:49244
    dllhost.exe
  • 172.98.193.43:443
    dllhost.exe
    152 B
     3
  • 163.172.157.213:443
    dllhost.exe
    152 B
     3
  • 178.33.183.251:443
    dllhost.exe
    152 B
     3
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 46.165.230.5:443
    www.yl76gngzzpmj.com
    tls
    dllhost.exe
    42.5kB
     774.1kB
     334
    574
  • 131.188.40.189:443
    www.zrqyejop2lbl4.com
    tls
    dllhost.exe
    1.9kB
     4.8kB
     9
    9
  • 82.67.11.128:443
    www.f3e6calvwfwwtsew6.com
    tls
    dllhost.exe
    518.2kB
     6.4MB
     2808
    4811
  • 178.17.170.168:443
    www.7cqmgugbd2mncvma.com
    tls
    dllhost.exe
    539.2kB
     6.8MB
     3090
    4981
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 51.81.93.39:443
    www.7ewmsrtqa3.com
    tls
    dllhost.exe
    3.0kB
     5.9kB
     11
    10
  • 135.148.150.99:443
    www.3m5bzaa3rfwnl.com
    tls
    dllhost.exe
    3.0kB
     6.4kB
     10
    10
  • 217.160.192.232:443
    www.wiwozqbae4vjlixv.com
    tls
    dllhost.exe
    3.0kB
     7.2kB
     11
    14
  • 82.67.11.128:443
    www.gqa57nqstdhinbs.com
    tls
    dllhost.exe
    9.5kB
     11.1kB
     25
    31
  • 51.81.93.39:443
    www.osjn7u4qosl.com
    tls
    dllhost.exe
    22.2kB
     25.3kB
     48
    66
  • 127.0.0.1:49345
    dllhost.exe
  • 127.0.0.1:49387
    dllhost.exe
  • 51.68.152.89:443
    www.zydds432dabqnqqx.com
    tls
    dllhost.exe
    17.2kB
     24.8kB
     43
    56
  • 38.154.239.250:443
    www.dmluxwvodqvgdafkncdn6.com
    tls
    dllhost.exe
    19.5kB
     26.5kB
     49
    68
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    890 B
     4.1kB
     9
    10

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:49479
    dllhost.exe
  • 212.129.62.232:443
    www.k7amhpzse6mxp3ind.com
    tls
    dllhost.exe
    3.1kB
     9.2kB
     12
    13
  • 51.68.152.89:443
    www.pj756vpl4s.com
    tls
    dllhost.exe
    20.6kB
     26.4kB
     49
    70
  • 38.154.239.250:443
    www.azmlz3z.com
    tls
    dllhost.exe
    15.9kB
     21.0kB
     39
    55
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:49567
    dllhost.exe
  • 193.70.112.165:443
    www.z44vq7ex4i4bqly7mpq.com
    tls
    dllhost.exe
    3.1kB
     9.1kB
     12
    13
  • 51.68.152.89:443
    www.6b2tx.com
    tls
    dllhost.exe
    22.5kB
     31.9kB
     56
    76
  • 38.154.239.250:443
    www.cux3mfhuujcrcc244tdk.com
    tls
    dllhost.exe
    18.9kB
     24.2kB
     46
    67
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:49635
    dllhost.exe
  • 127.0.0.1:49669
    dllhost.exe
  • 81.7.14.253:443
    www.ovj4d2lcjgpqmy.com
    tls
    dllhost.exe
    3.1kB
     9.2kB
     13
    17
  • 51.68.152.89:443
    www.ey5lvou.com
    tls
    dllhost.exe
    11.3kB
     16.3kB
     30
    42
  • 38.154.239.250:443
    www.rhz2hycvgn5.com
    tls
    dllhost.exe
    22.9kB
     28.2kB
     52
    75
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:49727
    dllhost.exe
  • 127.0.0.1:49760
    dllhost.exe
  • 81.7.13.84:443
    dllhost.exe
    152 B
     3
  • 38.154.239.250:443
    www.2tugvke4jgq634pagvt24u.com
    tls
    dllhost.exe
    17.1kB
     19.5kB
     40
    56
  • 51.68.152.89:443
    www.2yoelr43.com
    tls
    dllhost.exe
    11.1kB
     11.7kB
     26
    35
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:49817
    dllhost.exe
  • 127.0.0.1:49850
    dllhost.exe
  • 199.249.230.64:443
    dllhost.exe
    152 B
     120 B
     3
    3
  • 38.154.239.250:443
    www.a7yqxc4swwpf6hchoa3kd.com
    tls
    dllhost.exe
    16.4kB
     19.8kB
     38
    51
  • 51.68.152.89:443
    www.suzlybpqlvsbfsljuau.com
    tls
    dllhost.exe
    17.6kB
     21.7kB
     41
    58
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:49907
    dllhost.exe
  • 127.0.0.1:49938
    dllhost.exe
  • 96.253.78.108:443
    dllhost.exe
    152 B
     3
  • 38.154.239.250:443
    www.ctt5u4kqg653mf.com
    tls
    dllhost.exe
    22.1kB
     27.5kB
     48
    72
  • 51.68.152.89:443
    www.fkdeii5a.com
    tls
    dllhost.exe
    10.6kB
     14.5kB
     27
    37
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:49998
    dllhost.exe
  • 127.0.0.1:50030
    dllhost.exe
  • 93.118.34.246:443
    www.ib5bqowlk4mtee6ghbh2hu.com
    tls
    dllhost.exe
    3.0kB
     5.9kB
     10
    10
  • 38.154.239.250:443
    www.chb4kcgm7k3dguuxui55.com
    tls
    dllhost.exe
    16.1kB
     20.0kB
     41
    56
  • 51.68.152.89:443
    www.pu4y25z6uwyv34yvjkxo2.com
    tls
    dllhost.exe
    8.3kB
     11.6kB
     23
    30
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:50094
    dllhost.exe
  • 185.13.39.197:443
    dllhost.exe
    152 B
     3
  • 51.68.152.89:443
    www.k2fmbvtpmoa6.com
    tls
    dllhost.exe
    18.4kB
     24.1kB
     47
    64
  • 38.154.239.250:443
    www.7ao63.com
    tls
    dllhost.exe
    16.4kB
     21.0kB
     38
    56
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50152
    dllhost.exe
  • 127.0.0.1:50185
    dllhost.exe
  • 192.42.116.16:443
    dllhost.exe
    152 B
     3
  • 51.68.152.89:443
    www.q2m7ancqnacvi32i3t3pett.com
    tls
    dllhost.exe
    23.0kB
     29.5kB
     55
    79
  • 38.154.239.250:443
    www.7vjrdt7l242ity.com
    tls
    dllhost.exe
    6.7kB
     12.0kB
     22
    29
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:50243
    dllhost.exe
  • 127.0.0.1:50278
    dllhost.exe
  • 46.182.21.248:443
    www.iszaf6.com
    tls
    dllhost.exe
    3.1kB
     9.1kB
     12
    13
  • 38.154.239.250:443
    www.csqt64cseotlm2l5n.com
    tls
    dllhost.exe
    21.2kB
     28.1kB
     50
    73
  • 51.68.152.89:443
    www.ty324or77hunkjrj.com
    tls
    dllhost.exe
    12.0kB
     17.0kB
     34
    45
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50331
    dllhost.exe
  • 127.0.0.1:50365
    dllhost.exe
  • 37.187.20.59:443
    www.rsmwme7nsyqqa4k33.com
    tls
    dllhost.exe
    843 B
     4.4kB
     9
    11
  • 38.154.239.250:443
    www.mxtgg6q7yebaully.com
    tls
    dllhost.exe
    11.8kB
     13.5kB
     29
    39
  • 51.68.152.89:443
    www.ab3ltrbuatkc467lsafjlv2yo.com
    tls
    dllhost.exe
    25.2kB
     30.6kB
     57
    82
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50428
    dllhost.exe
  • 77.247.181.164:443
    dllhost.exe
    152 B
     3
  • 38.154.239.250:443
    www.po2l3wjeppre.com
    tls
    dllhost.exe
    25.7kB
     29.5kB
     55
    81
  • 51.68.152.89:443
    www.gh4noefrzmvk.com
    tls
    dllhost.exe
    10.8kB
     14.6kB
     30
    38
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:50481
    dllhost.exe
  • 127.0.0.1:50523
    dllhost.exe
  • 92.222.38.67:443
    dllhost.exe
    152 B
     3
  • 38.154.239.250:443
    www.fheeah233okl4yr5gtnrlg.com
    tls
    dllhost.exe
    26.3kB
     27.9kB
     56
    80
  • 51.68.152.89:443
    www.g5v6vtv5kuwp4d.com
    tls
    dllhost.exe
    25.2kB
     28.6kB
     56
    83
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50591
    dllhost.exe
  • 127.0.0.1:50623
    dllhost.exe
  • 163.172.139.104:443
    dllhost.exe
    152 B
     3
  • 38.154.239.250:443
    www.4u35iw22hnwgq.com
    tls
    dllhost.exe
    25.8kB
     30.8kB
     59
    85
  • 51.68.152.89:443
    www.ibcvpj2dd6t7qty6kqkcqqs.com
    tls
    dllhost.exe
    16.3kB
     19.5kB
     35
    56
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50685
    dllhost.exe
  • 127.0.0.1:50716
    dllhost.exe
  • 85.230.178.139:443
    dllhost.exe
    152 B
     3
  • 51.68.152.89:443
    www.bipidgvli4y67zq.com
    tls
    dllhost.exe
    10.7kB
     15.1kB
     29
    39
  • 38.154.239.250:443
    www.umzq7p.com
    tls
    dllhost.exe
    26.9kB
     32.4kB
     58
    86
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50788
    dllhost.exe
  • 127.0.0.1:50821
    dllhost.exe
  • 128.31.0.13:443
    www.h4pej2ejtt7ketsdbw.com
    tls
    dllhost.exe
    3.1kB
     9.2kB
     12
    14
  • 51.68.152.89:443
    www.zoqbwd5kpkw7j6rf6.com
    tls
    dllhost.exe
    17.1kB
     19.1kB
     41
    58
  • 38.154.239.250:443
    www.j7yg4pqg4tbekrgr6ng.com
    tls
    dllhost.exe
    19.4kB
     24.1kB
     46
    64
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:50883
    dllhost.exe
  • 127.0.0.1:50920
    dllhost.exe
  • 185.4.132.148:443
    www.ckchwxp5dwfp62yg5r.com
    tls
    dllhost.exe
    3.1kB
     9.1kB
     12
    12
  • 38.154.239.250:443
    www.7ihm7ebiabuiacnxea.com
    tls
    dllhost.exe
    19.4kB
     24.7kB
     44
    67
  • 51.68.152.89:443
    www.yzspbntfbfvy22p7yj7e.com
    tls
    dllhost.exe
    26.3kB
     29.3kB
     57
    86
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50973
    dllhost.exe
  • 81.7.16.182:443
    dllhost.exe
    152 B
     3
  • 127.0.0.1:51007
    dllhost.exe
  • 51.68.152.89:443
    www.g6hzdwotz.com
    tls
    dllhost.exe
    26.4kB
     30.8kB
     60
    84
  • 38.154.239.250:443
    www.koroyz2gry4qpskt4.com
    tls
    dllhost.exe
    13.6kB
     18.1kB
     34
    49
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51067
    dllhost.exe
  • 127.0.0.1:51097
    dllhost.exe
  • 193.23.244.244:443
    www.s3zegamvr.com
    tls
    dllhost.exe
    3.1kB
     5.8kB
     12
    9
  • 51.68.152.89:443
    www.moqk2ucex3gzh6232gpm7.com
    tls
    dllhost.exe
    20.7kB
     24.9kB
     50
    70
  • 38.154.239.250:443
    www.ixc6b.com
    tls
    dllhost.exe
    26.2kB
     29.2kB
     56
    85
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51154
    dllhost.exe
  • 127.0.0.1:51190
    dllhost.exe
  • 163.172.149.155:443
    dllhost.exe
    152 B
     3
  • 51.68.152.89:443
    www.vwz5.com
    tls
    dllhost.exe
    13.6kB
     17.0kB
     34
    46
  • 38.154.239.250:443
    www.v25fpmv7cc4w32i67xx.com
    tls
    dllhost.exe
    29.0kB
     32.6kB
     60
    91
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51251
    dllhost.exe
  • 127.0.0.1:51288
    dllhost.exe
  • 46.28.110.244:443
    dllhost.exe
    152 B
     3
  • 51.68.152.89:443
    www.22w4vvopivv36.com
    tls
    dllhost.exe
    13.5kB
     14.3kB
     31
    45
  • 38.154.239.250:443
    www.nfuj24per.com
    tls
    dllhost.exe
    26.2kB
     29.5kB
     56
    82
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:51340
    dllhost.exe
  • 127.0.0.1:51376
    dllhost.exe
  • 185.13.39.197:443
    dllhost.exe
    152 B
     3
  • 51.68.152.89:443
    www.ox7xjffyuwc.com
    tls
    dllhost.exe
    23.9kB
     26.8kB
     52
    77
  • 38.154.239.250:443
    www.bqv5ngkt4gdlss5k4qqf63gsz.com
    tls
    dllhost.exe
    21.5kB
     23.6kB
     46
    67
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:51429
    dllhost.exe
  • 127.0.0.1:51465
    dllhost.exe
  • 192.42.116.16:443
    dllhost.exe
    152 B
     3
  • 38.154.239.250:443
    www.3wwq.com
    tls
    dllhost.exe
    22.7kB
     25.9kB
     49
    71
  • 51.68.152.89:443
    www.eoud47ef.com
    tls
    dllhost.exe
    26.2kB
     29.7kB
     56
    83
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51517
    dllhost.exe
  • 127.0.0.1:51552
    dllhost.exe
  • 62.210.254.132:443
    dllhost.exe
    152 B
     3
  • 51.68.152.89:443
    www.uj65adayskmaawbctv.com
    tls
    dllhost.exe
    22.8kB
     28.3kB
     51
    76
  • 38.154.239.250:443
    www.2uugay.com
    tls
    dllhost.exe
    20.9kB
     22.6kB
     44
    68
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51607
    dllhost.exe
  • 199.184.246.250:443
    dllhost.exe
    152 B
     3
  • 51.68.152.89:443
    www.owcl.com
    tls
    dllhost.exe
    23.5kB
     28.3kB
     54
    76
  • 38.154.239.250:443
    www.mebe6b2grib7qt.com
    tls
    dllhost.exe
    16.4kB
     19.3kB
     38
    53
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    870 B
     4.0kB
     8
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51667
    dllhost.exe
  • 62.210.254.132:443
    dllhost.exe
    152 B
     3
  • 38.154.239.250:443
    www.3gq22.com
    tls
    dllhost.exe
    22.9kB
     25.6kB
     51
    75
  • 51.68.152.89:443
    www.mjmljfdg.com
    tls
    dllhost.exe
    21.2kB
     25.0kB
     49
    71
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:51727
    dllhost.exe
  • 127.0.0.1:51763
    dllhost.exe
  • 46.182.21.248:443
    www.bz7d7a3nys7ka.com
    tls
    dllhost.exe
    3.1kB
     9.1kB
     12
    13
  • 51.68.152.89:443
    www.jb6yxczmxc.com
    tls
    dllhost.exe
    25.9kB
     29.6kB
     59
    81
  • 38.154.239.250:443
    www.3pxr7rs.com
    tls
    dllhost.exe
    17.3kB
     20.6kB
     45
    57
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:51817
    dllhost.exe
  • 127.0.0.1:51848
    dllhost.exe
  • 171.25.193.25:443
    www.asekhvmyfaqbx.com
    tls
    dllhost.exe
    839 B
     3.8kB
     9
    9
  • 38.154.239.250:443
    www.lhtkfcj3cuwy.com
    tls
    dllhost.exe
    11.7kB
     14.2kB
     27
    42
  • 8.8.8.8:53
    myexternalip.com
    dns
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    62 B
     78 B
     1
    1

    DNS Request

    myexternalip.com

    DNS Response

    34.117.118.44

  • 8.8.8.8:53
    www.microsoft.com
    dns
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    63 B
     230 B
     1
    1

    DNS Request

    www.microsoft.com

    DNS Response

    72.246.173.187

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-certs
    Filesize

    20KB

    MD5

    7ed58abcd9d3d913e0f91c69fd4c5170

    SHA1

    b527336e3d03c3ecbf6c8dfcc6acab74c23fd6f6

    SHA256

    802878173b16588781702bf77dee15424f6919a03a01ba713ede4581fd523b98

    SHA512

    5c7cb4154ade5e6b69cc2e9801888bec0e06f0e545530c18f18799753879d1d00143f6a0925ac0dc192b98f75d05ddfb4477c14d2d031faf5da8cdd579101fea

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdesc-consensus.tmp
    Filesize

    2.6MB

    MD5

    fc3cdf12d74519dbccc3ae86a7606462

    SHA1

    d7d97bfa3973e176ef10b2390c4e199d1f654f54

    SHA256

    d8f554fcc8c53f1040c8ca606fd59b0b00ecdc7b4f448be0890723b93c3cd5fa

    SHA512

    89c78c310f2aa3626381e01bf4c865efc83aec3831faee42e8c8c0cd8d4c19c2eacf7cdf0fc10e18f4ebf92aae5f59f00ba6b1e6774bcda3dceb4c552368f3af

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs
    Filesize

    20.4MB

    MD5

    95a422bc679ef3ca62aea334c259eef2

    SHA1

    e3d1d21aa550cb41ec902107025db9e2e15c0788

    SHA256

    b70b65a2cfe804b5580382d833be38c5930a5c22f2fd463c5337c5bef3a65a7c

    SHA512

    dfebcb2dc2f3d284684b76a1faea469f36a6e56d0df10ec433dffe56b8312635c570139477d2f8953c9dc0dcc2f2846d735f91407d0c9059b18717215573f8b8

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new
    Filesize

    541B

    MD5

    e2238c4ea6285408329b68b018f91ab5

    SHA1

    437d1e46a90cdd2313bfed9d3e4b47b1abaac615

    SHA256

    99a2051448d30d5f2cfd979320f540cb97d554456ded5f878496d4ac7acaa426

    SHA512

    7bc052c058748934a5cbea4c77262f63fdf928220c1faf44bb2dc4e2f1621bf529f77add8636bc4a6126ac9d36f24009ea5f2341e46d5cf151c7755ce6b0e3c6

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new
    Filesize

    20.4MB

    MD5

    fa15563738d44a0e2c505c81fd5b62e9

    SHA1

    d86853e0a75746503fce43d3adbf66c91196d3db

    SHA256

    8ddf7cc65d7001e8c0a964de705eb723ecb9f33f3c7b0bf9c8098d882f89338c

    SHA512

    41a0b4991af278a1cd6d4ca1b67e4f258806bb4079500251587c91c67e241b8b2eb9d7917e2a8cea2fb60fa5d992b7b36a2ba145b4388df2182f2992de469c5f

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new
    Filesize

    9.9MB

    MD5

    2bc7f4b5128b2d87f58c6cd047f217ed

    SHA1

    82bef2e2ba118e7c4e88fcb9892389afbc536a1d

    SHA256

    223c5afdabeedc3d3642da639d2c31dd73fb1c5b0e04cd61762cddee73f59366

    SHA512

    edc3be170d07142defac41dd4071b948e7ce5612516b9961c5467906f3b15b5f3aa21c900959685dfc864b5876944973fe61057f2f0965af3293f5965b8de170

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\state
    Filesize

    232B

    MD5

    b906fbf04d1bdf6f56bb58e2fab3096c

    SHA1

    42047e76e657d6f56bbf8829890893d8a0f2442d

    SHA256

    e8614346bc394ba5be417cc4ccfbdb09d48636c0c1b88fb3d6323617b1bce112

    SHA512

    c79d7a05efb02df0c93c5f7900d9d7164541f6283f5230b1dcf705fcfc5ef5fda4d009de6a432af874141af34f27c3d994a392ecaed0b59a83edd14f26c5a2e0

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\state
    Filesize

    9KB

    MD5

    af2d20fa014b6e7f255a1dc0d8f2e52a

    SHA1

    c0346fafb64aec51af0142cb48db501cbd912f3a

    SHA256

    0473c58bf9ff597b4f35e6498dee27fb9ba710ec14f11f97ff55b41737d7fc44

    SHA512

    976e6f2f140c6e6e56b12904974d2cac9b5cd579c7b9ed6e3848debd4a7adb52a1676307207ca8272aec0dca5c14c87e11bf26cf6bdadbb788a7873125ad241d

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libcrypto-1_1.dll
    Filesize

    1.7MB

    MD5

    2384a02c4a1f7ec481adde3a020607d3

    SHA1

    7e848d35a10bf9296c8fa41956a3daa777f86365

    SHA256

    c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

    SHA512

    1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libevent-2-1-6.dll
    Filesize

    366KB

    MD5

    099983c13bade9554a3c17484e5481f1

    SHA1

    a84e69ad9722f999252d59d0ed9a99901a60e564

    SHA256

    b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

    SHA512

    89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libssp-0.dll
    Filesize

    88KB

    MD5

    2c916456f503075f746c6ea649cf9539

    SHA1

    fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

    SHA256

    cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

    SHA512

    1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\torrc
    Filesize

    139B

    MD5

    dbd537e3da06f7d7aeaf58f4decc0c94

    SHA1

    7e740ea6dcf8545710f99519014e9bb029028a84

    SHA256

    349b36a467d778e29b96528cdd25d6c34a54be659a9ef516b3833106ceb679b2

    SHA512

    a84633c420c825b15ef2fc5cf83a6d75fcdddbb06d3b7dc74537d5bc98b5d910d3dec4838f30be3a06373662d2946f156f36bd2e033e0b6089753006ac327a90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF1FF.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • \Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
    Filesize

    973KB

    MD5

    5cfe61ff895c7daa889708665ef05d7b

    SHA1

    5e58efe30406243fbd58d4968b0492ddeef145f2

    SHA256

    f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

    SHA512

    43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

    Download Submit

  • \Users\Admin\AppData\Local\07fa2a3b\tor\libgcc_s_sjlj-1.dll
    Filesize

    286KB

    MD5

    b0d98f7157d972190fe0759d4368d320

    SHA1

    5715a533621a2b642aad9616e603c6907d80efc4

    SHA256

    2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

    SHA512

    41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

    Download Submit

  • \Users\Admin\AppData\Local\07fa2a3b\tor\libssl-1_1.dll
    Filesize

    439KB

    MD5

    c88826ac4bb879622e43ead5bdb95aeb

    SHA1

    87d29853649a86f0463bfd9ad887b85eedc21723

    SHA256

    c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

    SHA512

    f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

    Download Submit

  • \Users\Admin\AppData\Local\07fa2a3b\tor\libwinpthread-1.dll
    Filesize

    188KB

    MD5

    d407cc6d79a08039a6f4b50539e560b8

    SHA1

    21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

    SHA256

    92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

    SHA512

    378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

    Download Submit

  • \Users\Admin\AppData\Local\07fa2a3b\tor\zlib1.dll
    Filesize

    52KB

    MD5

    add33041af894b67fe34e1dc819b7eb6

    SHA1

    6db46eb021855a587c95479422adcc774a272eeb

    SHA256

    8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

    SHA512

    bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

    Download Submit

  • memory/588-329-0x0000000074480000-0x0000000074548000-memory.dmp

    Filesize

    800KB

    Download

  • memory/588-357-0x00000000011C0000-0x00000000015C4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/588-359-0x0000000073E50000-0x0000000073F1E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/588-330-0x0000000074370000-0x000000007447A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/588-331-0x00000000742E0000-0x0000000074368000-memory.dmp

    Filesize

    544KB

    Download

  • memory/588-327-0x0000000074790000-0x00000000747D9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/588-326-0x0000000073FB0000-0x000000007427F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/588-333-0x0000000074800000-0x0000000074824000-memory.dmp

    Filesize

    144KB

    Download

  • memory/588-358-0x0000000074480000-0x0000000074548000-memory.dmp

    Filesize

    800KB

    Download

  • memory/588-332-0x0000000073E50000-0x0000000073F1E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/588-356-0x0000000073FB0000-0x000000007427F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/588-328-0x00000000011C0000-0x00000000015C4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1520-136-0x00000000747E0000-0x0000000074829000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1520-187-0x00000000741B0000-0x0000000074278000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1520-137-0x00000000741B0000-0x0000000074278000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1520-141-0x0000000073FD0000-0x000000007409E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1520-138-0x00000000009C0000-0x0000000000DC4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1520-139-0x00000000740A0000-0x00000000741AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1520-135-0x0000000074280000-0x000000007454F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/1520-134-0x00000000009C0000-0x0000000000DC4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1520-140-0x0000000074750000-0x00000000747D8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/1520-142-0x0000000074880000-0x00000000748A4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2096-259-0x00000000011C0000-0x00000000015C4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2096-244-0x0000000073FB0000-0x000000007427F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2096-325-0x00000000011C0000-0x00000000015C4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2096-284-0x00000000011C0000-0x00000000015C4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2096-283-0x0000000074480000-0x0000000074548000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2096-282-0x0000000073FB0000-0x000000007427F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2096-258-0x0000000074800000-0x0000000074824000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2096-254-0x0000000074370000-0x000000007447A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2096-255-0x00000000742E0000-0x0000000074368000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2096-256-0x0000000073E50000-0x0000000073F1E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2096-246-0x0000000074790000-0x00000000747D9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2096-248-0x0000000074480000-0x0000000074548000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2136-47-0x00000000747E0000-0x0000000074829000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2136-51-0x0000000073FD0000-0x000000007409E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2136-20-0x00000000009C0000-0x0000000000DC4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2136-55-0x00000000009C0000-0x0000000000DC4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2136-24-0x0000000074280000-0x000000007454F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2136-27-0x00000000747E0000-0x0000000074829000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2136-37-0x00000000740A0000-0x00000000741AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2136-38-0x0000000074750000-0x00000000747D8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2136-39-0x0000000073FD0000-0x000000007409E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2136-40-0x0000000074880000-0x00000000748A4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2136-41-0x00000000741B0000-0x0000000074278000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2136-45-0x00000000009C0000-0x0000000000DC4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2136-46-0x0000000074280000-0x000000007454F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2136-110-0x00000000009C0000-0x0000000000DC4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2136-102-0x00000000009C0000-0x0000000000DC4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2136-78-0x00000000009C0000-0x0000000000DC4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2136-57-0x00000000009C0000-0x0000000000DC4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2136-48-0x00000000741B0000-0x0000000074278000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2136-49-0x00000000740A0000-0x00000000741AA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2304-0-0x0000000000400000-0x0000000000BAA000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2304-131-0x00000000047F0000-0x0000000004BF4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2304-17-0x0000000003AD0000-0x0000000003ED4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2304-386-0x0000000005450000-0x0000000005854000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2304-371-0x00000000041D0000-0x00000000041DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2304-56-0x0000000003AD0000-0x0000000003ED4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2304-21-0x0000000003AD0000-0x0000000003ED4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2304-54-0x0000000003AD0000-0x0000000003ED4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2304-234-0x0000000005550000-0x0000000005954000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2304-355-0x0000000005750000-0x0000000005B54000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2304-207-0x0000000000270000-0x000000000027A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2304-271-0x0000000000270000-0x000000000027A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2304-272-0x0000000000270000-0x000000000027A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2304-281-0x0000000005550000-0x0000000005954000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2304-206-0x0000000000270000-0x000000000027A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2304-346-0x0000000004800000-0x000000000480A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2304-345-0x0000000004800000-0x000000000480A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2304-296-0x0000000004800000-0x000000000480A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2304-188-0x00000000047F0000-0x0000000004BF4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2304-53-0x0000000000400000-0x0000000000BAA000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2812-197-0x00000000011C0000-0x00000000015C4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2812-166-0x0000000074800000-0x0000000074824000-memory.dmp

    Filesize

    144KB

    Download

  • memory/2812-184-0x00000000742E0000-0x0000000074368000-memory.dmp

    Filesize

    544KB

    Download

  • memory/2812-183-0x0000000074370000-0x000000007447A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2812-182-0x0000000074480000-0x0000000074548000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2812-181-0x0000000074790000-0x00000000747D9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2812-180-0x0000000073FB0000-0x000000007427F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2812-189-0x00000000011C0000-0x00000000015C4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2812-185-0x0000000073E50000-0x0000000073F1E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2812-179-0x00000000011C0000-0x00000000015C4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2812-162-0x0000000073FB0000-0x000000007427F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2812-157-0x00000000011C0000-0x00000000015C4000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/2812-158-0x0000000074790000-0x00000000747D9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/2812-159-0x0000000074480000-0x0000000074548000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2812-160-0x0000000074370000-0x000000007447A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2812-165-0x0000000073E50000-0x0000000073F1E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2812-161-0x00000000742E0000-0x0000000074368000-memory.dmp

    Filesize

    544KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.