Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

9b035bad2b...18.exe

windows7-x64

10

9b035bad2b...18.exe

windows10-1703-x64

10

9b035bad2b...18.exe

windows10-2004-x64

10

9b035bad2b...18.exe

windows11-21h2-x64

10

Resubmissions

11/04/2024, 11:14 UTC

240411-nb5z8sdd7y 10

11/04/2024, 11:14 UTC

240411-nb5dpsdd7w 10

11/04/2024, 11:14 UTC

240411-nb43yaac56 10

11/04/2024, 11:14 UTC

240411-nb3vwadd7t 10

11/04/2024, 11:14 UTC

240411-nb3j4sac55 10

09/04/2024, 03:54 UTC

240409-egc2zahd2z 10

09/04/2024, 03:53 UTC

240409-ef443adg89 10

09/04/2024, 03:53 UTC

240409-efxd8ahc9v 10

09/04/2024, 03:53 UTC

240409-efmvsahc8w 10

03/04/2024, 00:16 UTC

240403-akzypahh9t 10

Analysis

  • max time kernel
    1195s
  • max time network
    1199s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/04/2024, 03:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe

  • Size

    7.6MB

  • MD5

    9b035bad2b8a21fb2c57fd784c89b8d5

  • SHA1

    ee15fad65f3f22df7f54e218176c45d369ebb70f

  • SHA256

    2d49873798ab5ee10992f377ebb27ee940b1f354b9ec4ebebe687177ea2b214c

  • SHA512

    96c0189aba67db2f1c38affa5ac44665566ea17e20e5f749aef771739c81beb96bbcac8ea35aad80cffc9d492e23fcbaefbf03f72011d9bd1ccac36182466dde

  • SSDEEP

    196608:imEljesxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQUDxtw3iFFrS6XOfTV73cP:balxwZ6v1CPwDv3uFteg2EeJUO9WLjD/

Score
10/10
bitrattrojanupx

Malware Config

Extracted

Family

bitrat

Version

1.32

C2

7ix5nfolcp4ta4mk2dtihev73rw7d2edpbd5tp7sf7zgmpv66fpxnwqd.onion:80

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    dllhost

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    trojanbitrat
  • BitRAT payload 2 IoCs
  • ACProtect 1.3x - 1.4x DLL software 7 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 43 IoCs
  • Loads dropped DLL 64 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Looks up external IP address via web service 21 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 44 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3824
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:5016
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4192
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:656
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:992
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4572
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1052
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4008
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:5060
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4180
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3496
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3916
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1092
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2844
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4144
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4036
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3180
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4252
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1376
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1132
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1408
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1184
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4948
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1840
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4632
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3356
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3728
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:692
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2784
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4956
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3160
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4108
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1080
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3308
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2840
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1472
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4696
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:4960
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2464
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3800
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:2112
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:1076
    • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
      "C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe" -f torrc
      2⤵
      • Executes dropped EXE
      PID:3332

Network

  • flag-us
    DNS
    141.245.123.195.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    141.245.123.195.in-addr.arpa
    IN PTR
    Response
    141.245.123.195.in-addr.arpa
    IN PTR
    itlczentrycz
  • flag-us
    DNS
    112.56.58.89.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    112.56.58.89.in-addr.arpa
    IN PTR
    Response
    112.56.58.89.in-addr.arpa
    IN PTR
    tor-relay-3axstetde
  • flag-us
    DNS
    182.65.177.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.65.177.93.in-addr.arpa
    IN PTR
    Response
    182.65.177.93.in-addr.arpa
    IN PTR
    tor-entry-001-4363241313opsfinet
  • flag-us
    DNS
    myexternalip.com
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    myexternalip.com
    IN A
    Response
    myexternalip.com
    IN A
    34.117.118.44
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: zjJrHtFl97OAdxqTpaBtcGh60TyIeKrg
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:19:05 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    44.118.117.34.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    44.118.117.34.in-addr.arpa
    IN PTR
    Response
    44.118.117.34.in-addr.arpa
    IN PTR
    4411811734bcgoogleusercontentcom
  • flag-us
    DNS
    249.197.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    249.197.17.2.in-addr.arpa
    IN PTR
    Response
    249.197.17.2.in-addr.arpa
    IN PTR
    a2-17-197-249deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.97.55.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.97.55.23.in-addr.arpa
    IN PTR
    Response
    11.97.55.23.in-addr.arpa
    IN PTR
    a23-55-97-11deploystaticakamaitechnologiescom
  • flag-us
    DNS
    171.101.63.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.101.63.23.in-addr.arpa
    IN PTR
    Response
    171.101.63.23.in-addr.arpa
    IN PTR
    a23-63-101-171deploystaticakamaitechnologiescom
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: MTW862vkfTtdO2T4F4OH75279N2k7dIh
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:19:30 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    90.181.79.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    90.181.79.217.in-addr.arpa
    IN PTR
    Response
    90.181.79.217.in-addr.arpa
    IN PTR
    tor-proxy-02 for-privacynet
  • flag-us
    DNS
    201.64.52.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    201.64.52.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.197.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.197.17.2.in-addr.arpa
    IN PTR
    Response
    240.197.17.2.in-addr.arpa
    IN PTR
    a2-17-197-240deploystaticakamaitechnologiescom
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 2em3QzatsMDrrIF6XKkd0VYWPL0QOUEL
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:20:22 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: SXwvwHl611UYTjOT8FzOJWljYz5vJRgT
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:21:08 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    253.14.7.81.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    253.14.7.81.in-addr.arpa
    IN PTR
    Response
    253.14.7.81.in-addr.arpa
    IN PTR
    81-7-14-253icho
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: WuFYwFWpXoRF76Zq0w1ioiH00cRr0OIk
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:21:46 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: JsHIOlooxhZtvYuPNfVc5bDac4IYDskN
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:24:34 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: whw5LNmAKDIPJTGodGLXMM4qLfZVJRHc
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:25:23 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: N36yrfRNzOYawuPAEAbIgrG3UJfWDOjE
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:26:10 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: d9j37mnCaWAc8itEuKFkppex0lZgNK5K
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:27:12 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    61.85.100.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    61.85.100.185.in-addr.arpa
    IN PTR
    Response
    61.85.100.185.in-addr.arpa
    IN PTR
    tor-exit-node-nibbanadsonorg
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: kQoK8hq76552uviVdGLOKkgzwUl2mHLu
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:28:30 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    26.251.21.65.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.251.21.65.in-addr.arpa
    IN PTR
    Response
    26.251.21.65.in-addr.arpa
    IN PTR
    static262512165clients your-serverde
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: Q6lH5I4B0PmGwgjnHYje6i4WdiuOao1Q
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:29:59 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: kmBwsQqpYOKWvt2rpcPZgLQzi8eS8hfF
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:30:42 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: a0ofls6q9mVtaGaKCOMfQqxH2geJQtob
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:31:36 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 76iGVpgdwdzzKQ6wO9eFSDylj4aIAO3X
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:32:25 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: OPWpwcjUgmPXkGxOuYnGvfA5n7ec40IR
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:33:07 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    248.21.182.46.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    248.21.182.46.in-addr.arpa
    IN PTR
    Response
    248.21.182.46.in-addr.arpa
    IN PTR
    tor-exit-relayanonymizing-proxydigitalcouragede
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: lRX655iv273Vnph6TnWa6ThAPv2QnAKf
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:33:52 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: u2aSJDsh9aldZuhGPL7Gq43iPllnrBll
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:34:34 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: rzytPKYHOeBQMWcztybhouPIHW5byRiR
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:35:30 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    149.111.45.5.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.111.45.5.in-addr.arpa
    IN PTR
    Response
    149.111.45.5.in-addr.arpa
    IN PTR
    nobody yourvservernet
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: 4wdrzmuMpxzGDUZnqhkIACwTKjyihGXw
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:36:11 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    https://myexternalip.com/raw
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    Remote address:
    34.117.118.44:443
    Request
    GET /raw HTTP/1.1
    User-Agent: yWvhF4NAkCmKRE4OmeDI0reuge9neE5h
    Host: myexternalip.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 200 OK
    server: fasthttp
    date: Tue, 09 Apr 2024 04:37:06 GMT
    content-type: text/plain; charset=utf-8
    Content-Length: 14
    access-control-allow-origin: *
    via: 1.1 google
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • 195.123.245.141:443
    www.trl2es.com
    tls
    dllhost.exe
    50.9kB
     770.2kB
     553
    565
  • 127.0.0.1:49797
    dllhost.exe
  • 89.58.56.112:443
    www.cuhqw3c.com
    tls
    dllhost.exe
    688.2kB
     7.5MB
     5419
    5470
  • 93.177.65.182:443
    www.r6ureysqpsjqc4prgcbtwbx.com
    tls
    dllhost.exe
    507.4kB
     5.7MB
     3904
    4355
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 89.58.56.112:443
    www.3mebnq63pozm4u.com
    tls
    dllhost.exe
    43.2kB
     49.9kB
     93
    138
  • 93.177.65.182:443
    www.lbdaatvvuavh5hxkgeojqi.com
    tls
    dllhost.exe
    27.2kB
     29.2kB
     55
    76
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    955 B
     4.1kB
     12
    9

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:49934
    dllhost.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:49978
    dllhost.exe
  • 217.79.181.90:443
    www.afln.com
    tls
    dllhost.exe
    3.1kB
     9.7kB
     13
    13
  • 93.177.65.182:443
    www.gus33ek2j6p7j6lb.com
    tls
    dllhost.exe
    37.2kB
     43.2kB
     87
    115
  • 89.58.56.112:443
    www.kuoqfgiotrtwodt.com
    tls
    dllhost.exe
    31.2kB
     39.5kB
     74
    103
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50063
    dllhost.exe
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50144
    dllhost.exe
  • 81.7.14.253:443
    www.a2quqzmugdgl5gxe3jy6lnrum.com
    tls
    dllhost.exe
    3.2kB
     9.2kB
     13
    16
  • 127.0.0.1:50176
    dllhost.exe
  • 89.58.56.112:443
    www.ib3z2kl7gzgr3o.com
    tls
    dllhost.exe
    9.0kB
     13.3kB
     26
    33
  • 93.177.65.182:443
    www.4e7e.com
    tls
    dllhost.exe
    25.7kB
     33.5kB
     59
    76
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50229
    dllhost.exe
  • 127.0.0.1:50257
    dllhost.exe
  • 96.253.78.108:443
    dllhost.exe
    156 B
     3
  • 93.177.65.182:443
    www.c4jpkt.com
    tls
    dllhost.exe
    10.6kB
     14.3kB
     29
    34
  • 89.58.56.112:443
    www.nyliq.com
    tls
    dllhost.exe
    17.7kB
     22.2kB
     44
    57
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:50336
    dllhost.exe
  • 195.123.245.141:443
    www.2zcsotslwhs.com
    tls
    dllhost.exe
    3.1kB
     9.1kB
     12
    13
  • 89.58.56.112:443
    www.lyb6uitgi.com
    tls
    dllhost.exe
    20.0kB
     21.9kB
     46
    62
  • 93.177.65.182:443
    www.agjajsl.com
    tls
    dllhost.exe
    502 B
     92 B
     4
    2
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:50402
    dllhost.exe
  • 127.0.0.1:50432
    dllhost.exe
  • 50.7.74.170:443
    dllhost.exe
    156 B
     3
  • 89.58.56.112:443
    www.qfl5g42.com
    tls
    dllhost.exe
    23.3kB
     28.8kB
     51
    75
  • 93.177.65.182:443
    www.th3z4bl.com
    tls
    dllhost.exe
    12.6kB
     15.7kB
     26
    32
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50498
    dllhost.exe
  • 136.243.214.137:443
    dllhost.exe
    156 B
     3
  • 93.177.65.182:443
    www.45ijoc5zxd7mmu4yn.com
    tls
    dllhost.exe
    19.3kB
     23.4kB
     45
    61
  • 217.79.181.90:443
    www.6m7jmrbrus2.com
    tls
    dllhost.exe
    8.3kB
     9.2kB
     23
    24
  • 89.58.56.112:443
    www.6ncnr3.com
    tls
    dllhost.exe
    12.6kB
     18.1kB
     36
    46
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50566
    dllhost.exe
  • 127.0.0.1:50589
    dllhost.exe
  • 81.7.16.182:443
    dllhost.exe
    156 B
     3
  • 93.177.65.182:443
    www.6fhky33v.com
    tls
    dllhost.exe
    16.8kB
     20.5kB
     37
    46
  • 89.58.56.112:443
    www.g4oiuxrj7tm27hdiqkd.com
    tls
    dllhost.exe
    14.3kB
     19.1kB
     38
    46
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 217.79.181.90:443
    www.hyge7hfvkx5i4yipzfbyd66p.com
    tls
    dllhost.exe
    5.4kB
     8.4kB
     16
    19
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50660
    dllhost.exe
  • 127.0.0.1:50683
    dllhost.exe
  • 62.210.254.132:443
    dllhost.exe
    156 B
     3
  • 93.177.65.182:443
    www.hiepibycz5jhlve.com
    tls
    dllhost.exe
    18.3kB
     22.2kB
     36
    48
  • 89.58.56.112:443
    www.wsng75eepi376zzb4mzu.com
    tls
    dllhost.exe
    17.1kB
     21.2kB
     42
    58
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 217.79.181.90:443
    www.xua6c23yvgj4li6.com
    tls
    dllhost.exe
    3.0kB
     5.5kB
     11
    12
  • 127.0.0.1:50754
    dllhost.exe
  • 127.0.0.1:50783
    dllhost.exe
  • 31.185.104.20:443
    dllhost.exe
    156 B
     3
  • 93.177.65.182:443
    www.ipv5nj7wa45rh.com
    tls
    dllhost.exe
    22.9kB
     24.9kB
     54
    71
  • 89.58.56.112:443
    www.x5plmdlouajv7x4z4boqfkxk.com
    tls
    dllhost.exe
    21.2kB
     25.4kB
     49
    71
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:50839
    dllhost.exe
  • 127.0.0.1:50860
    dllhost.exe
  • 185.100.85.61:443
    www.tj4q6wfdtt6lkowbhw5ls5s.com
    tls
    dllhost.exe
    3.1kB
     8.9kB
     12
    12
  • 93.177.65.182:443
    www.t3rbaakk.com
    tls
    dllhost.exe
    17.7kB
     21.6kB
     44
    55
  • 89.58.56.112:443
    www.bsjvjqczhccg7j4pzc.com
    tls
    dllhost.exe
    11.8kB
     15.0kB
     30
    38
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 217.79.181.90:443
    www.miy6kox2b4xuboqv.com
    tls
    dllhost.exe
    4.8kB
     8.3kB
     15
    17
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:50915
    dllhost.exe
  • 127.0.0.1:50943
    dllhost.exe
  • 50.7.74.174:443
    dllhost.exe
    156 B
     3
  • 89.58.56.112:443
    www.nfilbj4dpt.com
    tls
    dllhost.exe
    24.6kB
     28.0kB
     56
    80
  • 93.177.65.182:443
    www.lknvi6c536tgmf.com
    tls
    dllhost.exe
    23.8kB
     23.1kB
     50
    67
  • 217.79.181.90:443
    www.plyyfz46quyj.com
    tls
    dllhost.exe
    5.3kB
     5.0kB
     15
    14
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 127.0.0.1:50995
    dllhost.exe
  • 127.0.0.1:51022
    dllhost.exe
  • 65.21.251.26:443
    www.v4u5yzu6txdpjrwm7at2hd.com
    tls
    dllhost.exe
    3.1kB
     9.0kB
     12
    12
  • 89.58.56.112:443
    www.ifismizl6tm5.com
    tls
    dllhost.exe
    27.0kB
     30.4kB
     60
    88
  • 93.177.65.182:443
    www.qyaoynyn2z3z6oj75yckjd3wt.com
    tls
    dllhost.exe
    23.9kB
     26.2kB
     52
    76
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51087
    dllhost.exe
  • 127.0.0.1:51111
    dllhost.exe
  • 217.182.51.248:443
    dllhost.exe
    156 B
     3
  • 89.58.56.112:443
    www.ewu6lap6evz.com
    tls
    dllhost.exe
    32.0kB
     34.9kB
     67
    98
  • 93.177.65.182:443
    www.wwlj6o5kigtv.com
    tls
    dllhost.exe
    25.5kB
     26.6kB
     53
    75
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51165
    dllhost.exe
  • 163.172.149.155:443
    dllhost.exe
    156 B
     3
  • 127.0.0.1:51191
    dllhost.exe
  • 93.177.65.182:443
    www.my7kra4gxtzchn5bskjj.com
    tls
    dllhost.exe
    42.8kB
     44.8kB
     86
    120
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 89.58.56.112:443
    www.r7mhd65w4yj2rvcwv.com
    tls
    dllhost.exe
    4.9kB
     8.5kB
     18
    21
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51253
    dllhost.exe
  • 127.0.0.1:51283
    dllhost.exe
  • 163.172.149.155:443
    dllhost.exe
    156 B
     3
  • 89.58.56.112:443
    www.ljw4n5gnpnytd.com
    tls
    dllhost.exe
    23.5kB
     30.0kB
     56
    78
  • 93.177.65.182:443
    www.poevc7fx4c452rifcl2jscqfn.com
    tls
    dllhost.exe
    14.9kB
     18.8kB
     38
    51
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51350
    dllhost.exe
  • 127.0.0.1:51376
    dllhost.exe
  • 50.7.74.172:443
    dllhost.exe
    156 B
     3
  • 89.58.56.112:443
    www.azkw5nsxao3.com
    tls
    dllhost.exe
    21.8kB
     24.9kB
     51
    71
  • 217.79.181.90:443
    www.p2tr652f2p.com
    tls
    dllhost.exe
    4.8kB
     6.2kB
     15
    16
  • 93.177.65.182:443
    www.qweh4td5.com
    tls
    dllhost.exe
    16.3kB
     19.7kB
     37
    48
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51425
    dllhost.exe
  • 46.182.21.248:443
    www.43ojt2xlsl.com
    tls
    dllhost.exe
    3.1kB
     9.1kB
     12
    13
  • 127.0.0.1:51452
    dllhost.exe
  • 93.177.65.182:443
    www.vbts45dksd7aw7p4oifhpa.com
    tls
    dllhost.exe
    18.7kB
     20.8kB
     43
    52
  • 89.58.56.112:443
    www.4xsmzv5ppm76wzhzoas7auyrq.com
    tls
    dllhost.exe
    25.7kB
     28.9kB
     56
    80
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 217.79.181.90:443
    www.xznj53fehcobog6ulo.com
    tls
    dllhost.exe
    3.0kB
     4.9kB
     10
    12
  • 127.0.0.1:51520
    dllhost.exe
  • 31.185.104.20:443
    dllhost.exe
    156 B
     3
  • 89.58.56.112:443
    www.srkz6ejnle.com
    tls
    dllhost.exe
    24.7kB
     29.2kB
     57
    84
  • 93.177.65.182:443
    www.5unfhdg7xrjyllt.com
    tls
    dllhost.exe
    14.7kB
     18.8kB
     36
    51
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51580
    dllhost.exe
  • 127.0.0.1:51609
    dllhost.exe
  • 172.98.193.43:443
    dllhost.exe
    156 B
     3
  • 93.177.65.182:443
    www.j64s3vgrgux.com
    tls
    dllhost.exe
    26.3kB
     28.4kB
     58
    78
  • 89.58.56.112:443
    www.x5zy77qjrcucw3yozuc.com
    tls
    dllhost.exe
    22.6kB
     28.4kB
     56
    77
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 217.79.181.90:443
    www.mmjyvvadcut.com
    tls
    dllhost.exe
    4.8kB
     6.7kB
     15
    17
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51676
    dllhost.exe
  • 127.0.0.1:51703
    dllhost.exe
  • 5.45.111.149:443
    www.n6c6km7qyxubvomzf7witw3l.com
    tls
    dllhost.exe
    3.1kB
     9.3kB
     13
    17
  • 93.177.65.182:443
    www.c6uylsv4zhftlovys64b3o.com
    tls
    dllhost.exe
    22.8kB
     23.8kB
     49
    70
  • 89.58.56.112:443
    www.ujzioguymumpex6xylxobjnb7.com
    tls
    dllhost.exe
    20.6kB
     25.2kB
     49
    66
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51754
    dllhost.exe
  • 163.172.157.213:443
    dllhost.exe
    156 B
     3
  • 127.0.0.1:51783
    dllhost.exe
  • 89.58.56.112:443
    www.6q6l5btg.com
    tls
    dllhost.exe
    31.1kB
     31.7kB
     70
    87
  • 93.177.65.182:443
    www.2armlkbtkf.com
    tls
    dllhost.exe
    34.7kB
     35.1kB
     70
    91
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 34.117.118.44:443
    https://myexternalip.com/raw
    tls, http
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    1.0kB
     651 B
     9
    6

    HTTP Request

    GET https://myexternalip.com/raw

    HTTP Response

    200
  • 127.0.0.1:51849
    dllhost.exe
  • 5.45.111.149:443
    www.73isluere.com
    tls
    dllhost.exe
    3.0kB
     9.2kB
     11
    14
  • 127.0.0.1:51879
    dllhost.exe
  • 89.58.56.112:443
    www.y2ityh.com
    tls
    dllhost.exe
    21.7kB
     23.8kB
     49
    70
  • 93.177.65.182:443
    www.sjwh7u4iiwtrgwcnznjnhax.com
    tls
    dllhost.exe
    11.2kB
     13.5kB
     27
    38
  • 127.0.0.1:45808
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
  • 8.8.8.8:53
    141.245.123.195.in-addr.arpa
    dns
    74 B
     102 B
     1
    1

    DNS Request

    141.245.123.195.in-addr.arpa

  • 8.8.8.8:53
    112.56.58.89.in-addr.arpa
    dns
    71 B
     106 B
     1
    1

    DNS Request

    112.56.58.89.in-addr.arpa

  • 8.8.8.8:53
    182.65.177.93.in-addr.arpa
    dns
    72 B
     120 B
     1
    1

    DNS Request

    182.65.177.93.in-addr.arpa

  • 8.8.8.8:53
    myexternalip.com
    dns
    9b035bad2b8a21fb2c57fd784c89b8d5_JaffaCakes118.exe
    62 B
     78 B
     1
    1

    DNS Request

    myexternalip.com

    DNS Response

    34.117.118.44

  • 8.8.8.8:53
    44.118.117.34.in-addr.arpa
    dns
    72 B
     124 B
     1
    1

    DNS Request

    44.118.117.34.in-addr.arpa

  • 8.8.8.8:53
    249.197.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    249.197.17.2.in-addr.arpa

  • 8.8.8.8:53
    11.97.55.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    11.97.55.23.in-addr.arpa

  • 8.8.8.8:53
    171.101.63.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    171.101.63.23.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    90.181.79.217.in-addr.arpa
    dns
    72 B
     114 B
     1
    1

    DNS Request

    90.181.79.217.in-addr.arpa

  • 8.8.8.8:53
    201.64.52.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    201.64.52.20.in-addr.arpa

  • 8.8.8.8:53
    240.197.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    240.197.17.2.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    253.14.7.81.in-addr.arpa
    dns
    70 B
     100 B
     1
    1

    DNS Request

    253.14.7.81.in-addr.arpa

  • 8.8.8.8:53
    61.85.100.185.in-addr.arpa
    dns
    72 B
     116 B
     1
    1

    DNS Request

    61.85.100.185.in-addr.arpa

  • 8.8.8.8:53
    26.251.21.65.in-addr.arpa
    dns
    71 B
     127 B
     1
    1

    DNS Request

    26.251.21.65.in-addr.arpa

  • 8.8.8.8:53
    248.21.182.46.in-addr.arpa
    dns
    72 B
     136 B
     1
    1

    DNS Request

    248.21.182.46.in-addr.arpa

  • 8.8.8.8:53
    149.111.45.5.in-addr.arpa
    dns
    71 B
     107 B
     1
    1

    DNS Request

    149.111.45.5.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-certs
    Filesize

    20KB

    MD5

    12a426d9dc4fb2152bf261c1f1ec9d0e

    SHA1

    21f43bdfa088a47c91ec41ec0a5fcdc2b863ccac

    SHA256

    91e70e89e3921476688c7b2d11192461d7cc15e3a3db4a96eb35f310ff8a3f00

    SHA512

    fec5cc688cf36daef8f832dee76c62f2c86ae3765e70b739260c60f5063c55c02df5caa7677d366804a3c95eae4b472ef8d2fb7a8c6b4997ab338e4e3670691a

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdesc-consensus.tmp
    Filesize

    2.6MB

    MD5

    fc3cdf12d74519dbccc3ae86a7606462

    SHA1

    d7d97bfa3973e176ef10b2390c4e199d1f654f54

    SHA256

    d8f554fcc8c53f1040c8ca606fd59b0b00ecdc7b4f448be0890723b93c3cd5fa

    SHA512

    89c78c310f2aa3626381e01bf4c865efc83aec3831faee42e8c8c0cd8d4c19c2eacf7cdf0fc10e18f4ebf92aae5f59f00ba6b1e6774bcda3dceb4c552368f3af

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new
    Filesize

    20.4MB

    MD5

    1bc9b8d84c4cd4b226053f3c4ac7b82e

    SHA1

    90907f5e6bdbc86905a19dab459b22b39b1825f6

    SHA256

    4652f69ae19065dac830d868d693a8d5ad6b98e8c20f06016723b58b225c7e82

    SHA512

    494728a50e7aaa1712e9aa8e59f7e904b6f0b25f4870a42589da3bb37c45d9f24dcb01feae80a0a4b0dfe1ef90b019682c15f8747db1c2ee9277edd95beb2065

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\cached-microdescs.new
    Filesize

    8.8MB

    MD5

    eb77fc6ac508eca0d6e04783c134f745

    SHA1

    b7e86603cb9810296f14a2d17a9752a84b20c286

    SHA256

    11b496be15089056557cec7d8d3eea8ae53e340b51fbe5226c893afe1280c610

    SHA512

    d5d9eb343e90eeba94f8cc3b4792c3db646d3be538d84c9ba87d2bf83fd9d461828dc7bc278e07e2efd8656e6d46021a62114c8389da4eb3dba5dfacd3ab3ece

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\data\state
    Filesize

    8KB

    MD5

    ebb3bec7e021ce306e53fdabb69ec73e

    SHA1

    e0a66f64f70ca5236492ba98aba9b205d70f492f

    SHA256

    bbdf2f368a194767bf05b25053174eef47b6d9d9103b6a8d84cbd3a240237c5c

    SHA512

    d8ce92143ab4d8034358f56f234de70144cc4e3ac94980b447a3ada8c75f9023ec1bd5f3aa733cf888b5e16ba0d03bb665a6de7648af1a6308b032b2b244a4c2

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\dllhost.exe
    Filesize

    973KB

    MD5

    5cfe61ff895c7daa889708665ef05d7b

    SHA1

    5e58efe30406243fbd58d4968b0492ddeef145f2

    SHA256

    f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

    SHA512

    43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libcrypto-1_1.dll
    Filesize

    1.7MB

    MD5

    2384a02c4a1f7ec481adde3a020607d3

    SHA1

    7e848d35a10bf9296c8fa41956a3daa777f86365

    SHA256

    c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

    SHA512

    1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libssl-1_1.dll
    Filesize

    439KB

    MD5

    c88826ac4bb879622e43ead5bdb95aeb

    SHA1

    87d29853649a86f0463bfd9ad887b85eedc21723

    SHA256

    c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

    SHA512

    f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\libwinpthread-1.dll
    Filesize

    188KB

    MD5

    d407cc6d79a08039a6f4b50539e560b8

    SHA1

    21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

    SHA256

    92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

    SHA512

    378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

    Download Submit

  • C:\Users\Admin\AppData\Local\07fa2a3b\tor\torrc
    Filesize

    139B

    MD5

    dbd537e3da06f7d7aeaf58f4decc0c94

    SHA1

    7e740ea6dcf8545710f99519014e9bb029028a84

    SHA256

    349b36a467d778e29b96528cdd25d6c34a54be659a9ef516b3833106ceb679b2

    SHA512

    a84633c420c825b15ef2fc5cf83a6d75fcdddbb06d3b7dc74537d5bc98b5d910d3dec4838f30be3a06373662d2946f156f36bd2e033e0b6089753006ac327a90

    Download Submit

  • \Users\Admin\AppData\Local\07fa2a3b\tor\libevent-2-1-6.dll
    Filesize

    366KB

    MD5

    099983c13bade9554a3c17484e5481f1

    SHA1

    a84e69ad9722f999252d59d0ed9a99901a60e564

    SHA256

    b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

    SHA512

    89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

    Download Submit

  • \Users\Admin\AppData\Local\07fa2a3b\tor\libgcc_s_sjlj-1.dll
    Filesize

    286KB

    MD5

    b0d98f7157d972190fe0759d4368d320

    SHA1

    5715a533621a2b642aad9616e603c6907d80efc4

    SHA256

    2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

    SHA512

    41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

    Download Submit

  • \Users\Admin\AppData\Local\07fa2a3b\tor\libssp-0.dll
    Filesize

    88KB

    MD5

    2c916456f503075f746c6ea649cf9539

    SHA1

    fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

    SHA256

    cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

    SHA512

    1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

    Download Submit

  • \Users\Admin\AppData\Local\07fa2a3b\tor\zlib1.dll
    Filesize

    52KB

    MD5

    add33041af894b67fe34e1dc819b7eb6

    SHA1

    6db46eb021855a587c95479422adcc774a272eeb

    SHA256

    8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

    SHA512

    bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

    Download Submit

  • memory/656-274-0x00000000724E0000-0x00000000725A8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/656-278-0x00000000723D0000-0x00000000724DA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/656-265-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/656-273-0x0000000072CB0000-0x0000000072F7F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/656-275-0x0000000072270000-0x000000007233E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/656-276-0x0000000072C60000-0x0000000072CA9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/656-279-0x0000000072340000-0x00000000723C8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/656-281-0x0000000072C30000-0x0000000072C54000-memory.dmp

    Filesize

    144KB

    Download

  • memory/656-289-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/656-290-0x0000000072CB0000-0x0000000072F7F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/656-292-0x0000000072270000-0x000000007233E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/656-291-0x00000000724E0000-0x00000000725A8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/656-293-0x0000000072C60000-0x0000000072CA9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/656-294-0x00000000723D0000-0x00000000724DA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/992-356-0x0000000072C60000-0x0000000072CA9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/992-351-0x00000000724E0000-0x00000000725A8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/992-355-0x0000000072270000-0x000000007233E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/992-347-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/992-361-0x00000000723D0000-0x00000000724DA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/992-349-0x0000000072CB0000-0x0000000072F7F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/992-358-0x0000000072C30000-0x0000000072C54000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1680-314-0x0000000073BC0000-0x0000000073BFA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1680-108-0x00000000734C0000-0x00000000734FA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1680-77-0x0000000000400000-0x0000000000BAA000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1680-185-0x0000000073060000-0x000000007309A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1680-0-0x0000000000400000-0x0000000000BAA000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1680-52-0x0000000072930000-0x000000007296A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1680-323-0x0000000072930000-0x000000007296A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1680-1-0x0000000073BC0000-0x0000000073BFA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/3824-92-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3824-72-0x00000000730C0000-0x000000007318E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/3824-37-0x0000000000960000-0x00000000009E8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3824-33-0x00000000730C0000-0x000000007318E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/3824-42-0x0000000072C20000-0x0000000072EEF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3824-43-0x00000000731E0000-0x00000000732A8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/3824-41-0x0000000001410000-0x00000000016DF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3824-36-0x0000000072EF0000-0x0000000072F78000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3824-35-0x0000000072F80000-0x0000000072FA4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3824-69-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3824-71-0x0000000073190000-0x00000000731D9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/3824-148-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3824-78-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3824-32-0x0000000073190000-0x00000000731D9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/3824-79-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3824-25-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3824-87-0x0000000000960000-0x00000000009E8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/3824-88-0x0000000001410000-0x00000000016DF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/3824-34-0x0000000072FB0000-0x00000000730BA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3824-100-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3824-109-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3824-120-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3824-131-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4192-200-0x00000000723D0000-0x00000000724DA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4192-199-0x0000000072C30000-0x0000000072C54000-memory.dmp

    Filesize

    144KB

    Download

  • memory/4192-359-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4192-197-0x00000000724E0000-0x00000000725A8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/4192-232-0x00000000724E0000-0x00000000725A8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/4192-223-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4192-198-0x0000000072C60000-0x0000000072CA9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/4192-201-0x0000000072340000-0x00000000723C8000-memory.dmp

    Filesize

    544KB

    Download

  • memory/4192-207-0x0000000072CB0000-0x0000000072F7F000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/4192-206-0x0000000072270000-0x000000007233E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/5016-167-0x00000000730C0000-0x000000007318E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/5016-173-0x0000000072FB0000-0x00000000730BA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/5016-160-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5016-165-0x00000000731E0000-0x00000000732A8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/5016-168-0x0000000073190000-0x00000000731D9000-memory.dmp

    Filesize

    292KB

    Download

  • memory/5016-183-0x00000000731E0000-0x00000000732A8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/5016-184-0x00000000730C0000-0x000000007318E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/5016-182-0x0000000072C20000-0x0000000072EEF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/5016-181-0x0000000000A00000-0x0000000000E04000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5016-162-0x0000000072C20000-0x0000000072EEF000-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/5016-175-0x0000000072EF0000-0x0000000072F78000-memory.dmp

    Filesize

    544KB

    Download

  • memory/5016-171-0x0000000072F80000-0x0000000072FA4000-memory.dmp

    Filesize

    144KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.