Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

469b708b6b...18.exe

windows7-x64

10

469b708b6b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 16:26 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe

  • Size

    274KB

  • MD5

    469b708b6ba255800d133cc7c5ceb859

  • SHA1

    b8925035a2fa3b611ff9cb3c8d1f0a56651dd227

  • SHA256

    98f0d279c8d30af5ae4e61832150d337443f28ee40d638433334d55a97cf26d2

  • SHA512

    69d0c1604fa46adfce0620dea3ec6882bea3e65780c183e2b51de5fc823e9768094fd5f67abedff36405ac6feead0bf7f91216631b61737ba37ccb6b1b998612

  • SSDEEP

    6144:IRBNgbTRkegIBsDPXb8yuh0v4k5YG+GMsSmJY6HMWoS2KRB:IPNSdbof60wOY8MsLJlB

Score
10/10
ponydiscoveryevasionpersistenceratspywarestealerupx

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 8 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 16 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:4364
    • C:\Users\Admin\AppData\Local\Temp\469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\D9F28\0CF01.exe%C:\Users\Admin\AppData\Roaming\D9F28
      2⤵
        PID:960
      • C:\Users\Admin\AppData\Local\Temp\469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
        C:\Users\Admin\AppData\Local\Temp\469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe startC:\Program Files (x86)\28835\lvvm.exe%C:\Program Files (x86)\28835
        2⤵
          PID:1720
        • C:\Program Files (x86)\LP\016D\2277.tmp
          "C:\Program Files (x86)\LP\016D\2277.tmp"
          2⤵
          • Executes dropped EXE
          PID:4588
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2136
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3996
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4560
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:640
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4136
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3672
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3076
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1920
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:3652
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4516
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2896
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:2172
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5028
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:940
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:4700
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:756
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3496
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:3544
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2448
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1624
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:2840
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:3964
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:2872
          • C:\Windows\explorer.exe
            explorer.exe
            1⤵
              PID:3820
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
                PID:4292
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:3880
                • C:\Windows\explorer.exe
                  explorer.exe
                  1⤵
                    PID:1188
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                      PID:3784
                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                      1⤵
                        PID:4192
                      • C:\Windows\explorer.exe
                        explorer.exe
                        1⤵
                          PID:4920
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:3216
                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                            1⤵
                              PID:2024
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:1184
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:3932
                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                  1⤵
                                    PID:4832
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:4396
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:2140
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:3732
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:3372
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:3652
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:1012
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:2764
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:4136
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:1744
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:2172
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:4452
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:4144
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:2496
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:3372
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:4232
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:4196
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:1164
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:3136
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:3448
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:3660
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:2896
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:1816
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:2236
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:3160
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:3848
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:4972
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:2460
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:4200
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:3948
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:4560
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                  PID:3776
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                    PID:2472
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    explorer.exe
                                                                                                    1⤵
                                                                                                      PID:4312
                                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                      1⤵
                                                                                                        PID:4548
                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                        1⤵
                                                                                                          PID:4904
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                            PID:1616
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                            1⤵
                                                                                                              PID:3580
                                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                              1⤵
                                                                                                                PID:112
                                                                                                              • C:\Windows\explorer.exe
                                                                                                                explorer.exe
                                                                                                                1⤵
                                                                                                                  PID:1720
                                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                  1⤵
                                                                                                                    PID:2556
                                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                    1⤵
                                                                                                                      PID:1916
                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                      explorer.exe
                                                                                                                      1⤵
                                                                                                                        PID:2892
                                                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                                        1⤵
                                                                                                                          PID:1520
                                                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                                          1⤵
                                                                                                                            PID:8

                                                                                                                          Network

                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            g.bing.com
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            g.bing.com
                                                                                                                            IN A
                                                                                                                            Response
                                                                                                                            g.bing.com
                                                                                                                            IN CNAME
                                                                                                                            g-bing-com.dual-a-0034.a-msedge.net
                                                                                                                            g-bing-com.dual-a-0034.a-msedge.net
                                                                                                                            IN CNAME
                                                                                                                            dual-a-0034.a-msedge.net
                                                                                                                            dual-a-0034.a-msedge.net
                                                                                                                            IN A
                                                                                                                            13.107.21.237
                                                                                                                            dual-a-0034.a-msedge.net
                                                                                                                            IN A
                                                                                                                            204.79.197.237
                                                                                                                          • flag-us
                                                                                                                            GET
                                                                                                                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2a6e52608cce498b8ee81907f7d6b4b5&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
                                                                                                                            Remote address:
                                                                                                                            13.107.21.237:443
                                                                                                                            Request
                                                                                                                            GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2a6e52608cce498b8ee81907f7d6b4b5&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
                                                                                                                            host: g.bing.com
                                                                                                                            accept-encoding: gzip, deflate
                                                                                                                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                            Response
                                                                                                                            HTTP/2.0 204
                                                                                                                            cache-control: no-cache, must-revalidate
                                                                                                                            pragma: no-cache
                                                                                                                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                            set-cookie: MUID=37EE1638F9EA634D3B9A0284F80A6275; domain=.bing.com; expires=Fri, 08-Aug-2025 16:27:05 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                            access-control-allow-origin: *
                                                                                                                            x-cache: CONFIG_NOCACHE
                                                                                                                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                            x-msedge-ref: Ref A: 969918423D0C4FF49F08248E259807B2 Ref B: LON04EDGE1208 Ref C: 2024-07-14T16:27:05Z
                                                                                                                            date: Sun, 14 Jul 2024 16:27:05 GMT
                                                                                                                          • flag-us
                                                                                                                            GET
                                                                                                                            https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2a6e52608cce498b8ee81907f7d6b4b5&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
                                                                                                                            Remote address:
                                                                                                                            13.107.21.237:443
                                                                                                                            Request
                                                                                                                            GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2a6e52608cce498b8ee81907f7d6b4b5&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
                                                                                                                            host: g.bing.com
                                                                                                                            accept-encoding: gzip, deflate
                                                                                                                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                            cookie: MUID=37EE1638F9EA634D3B9A0284F80A6275
                                                                                                                            Response
                                                                                                                            HTTP/2.0 204
                                                                                                                            cache-control: no-cache, must-revalidate
                                                                                                                            pragma: no-cache
                                                                                                                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                            set-cookie: MSPTC=K6euxnph6f7ho00CCa4NujXMCAz0xbOs2FeO_Rbp24Y; domain=.bing.com; expires=Fri, 08-Aug-2025 16:27:05 GMT; path=/; Partitioned; secure; SameSite=None
                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                            access-control-allow-origin: *
                                                                                                                            x-cache: CONFIG_NOCACHE
                                                                                                                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                            x-msedge-ref: Ref A: 5C211B01DAB04BE48BF42F4E5AF6C610 Ref B: LON04EDGE1208 Ref C: 2024-07-14T16:27:05Z
                                                                                                                            date: Sun, 14 Jul 2024 16:27:05 GMT
                                                                                                                          • flag-us
                                                                                                                            GET
                                                                                                                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2a6e52608cce498b8ee81907f7d6b4b5&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
                                                                                                                            Remote address:
                                                                                                                            13.107.21.237:443
                                                                                                                            Request
                                                                                                                            GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2a6e52608cce498b8ee81907f7d6b4b5&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid= HTTP/2.0
                                                                                                                            host: g.bing.com
                                                                                                                            accept-encoding: gzip, deflate
                                                                                                                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                                            cookie: MUID=37EE1638F9EA634D3B9A0284F80A6275; MSPTC=K6euxnph6f7ho00CCa4NujXMCAz0xbOs2FeO_Rbp24Y
                                                                                                                            Response
                                                                                                                            HTTP/2.0 204
                                                                                                                            cache-control: no-cache, must-revalidate
                                                                                                                            pragma: no-cache
                                                                                                                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                            access-control-allow-origin: *
                                                                                                                            x-cache: CONFIG_NOCACHE
                                                                                                                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                            x-msedge-ref: Ref A: B592319A4037474184C031D8BD22151C Ref B: LON04EDGE1208 Ref C: 2024-07-14T16:27:05Z
                                                                                                                            date: Sun, 14 Jul 2024 16:27:05 GMT
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            237.21.107.13.in-addr.arpa
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            237.21.107.13.in-addr.arpa
                                                                                                                            IN PTR
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            0.159.190.20.in-addr.arpa
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            0.159.190.20.in-addr.arpa
                                                                                                                            IN PTR
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            57.169.31.20.in-addr.arpa
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            57.169.31.20.in-addr.arpa
                                                                                                                            IN PTR
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            240.221.184.93.in-addr.arpa
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            240.221.184.93.in-addr.arpa
                                                                                                                            IN PTR
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            newworldorderreport.com
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            newworldorderreport.com
                                                                                                                            IN A
                                                                                                                            Response
                                                                                                                            newworldorderreport.com
                                                                                                                            IN A
                                                                                                                            198.7.57.33
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            i3duh.opalimanos.com
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            i3duh.opalimanos.com
                                                                                                                            IN A
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            GET
                                                                                                                            http://newworldorderreport.com/img/3421.png?sv=878&tq=gJ4WK%2FSUh7TFkkR8oY%2BQtMWTUj26kJH7yZJQPbqVybhqtUn5CGFATA%3D%3D
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            Remote address:
                                                                                                                            198.7.57.33:80
                                                                                                                            Request
                                                                                                                            GET /img/3421.png?sv=878&tq=gJ4WK%2FSUh7TFkkR8oY%2BQtMWTUj26kJH7yZJQPbqVybhqtUn5CGFATA%3D%3D HTTP/1.0
                                                                                                                            Connection: close
                                                                                                                            Host: newworldorderreport.com
                                                                                                                            Accept: */*
                                                                                                                            User-Agent: chrome/9.0
                                                                                                                            Response
                                                                                                                            HTTP/1.1 301 Moved Permanently
                                                                                                                            date: Sun, 14 Jul 2024 16:27:10 GMT
                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                            cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                            x-redirect-by: WordPress
                                                                                                                            location: https://newworldorderreport.com/img/3421.png?sv=878&tq=gJ4WK%2FSUh7TFkkR8oY%2BQtMWTUj26kJH7yZJQPbqVybhqtUn5CGFATA%3D%3D
                                                                                                                            vary: Accept-Encoding
                                                                                                                            content-length: 0
                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                            age: 0
                                                                                                                            server: Apache
                                                                                                                            connection: close
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            33.57.7.198.in-addr.arpa
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            33.57.7.198.in-addr.arpa
                                                                                                                            IN PTR
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            ddl.dudlik-munik.com
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            ddl.dudlik-munik.com
                                                                                                                            IN A
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            gso8n1n.opalimanos.com
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            gso8n1n.opalimanos.com
                                                                                                                            IN A
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            86.23.85.13.in-addr.arpa
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            86.23.85.13.in-addr.arpa
                                                                                                                            IN PTR
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            56.126.166.20.in-addr.arpa
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            56.126.166.20.in-addr.arpa
                                                                                                                            IN PTR
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            jg4kc2pto6.dudlik-munik.com
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            jg4kc2pto6.dudlik-munik.com
                                                                                                                            IN A
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            98.58.20.217.in-addr.arpa
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            98.58.20.217.in-addr.arpa
                                                                                                                            IN PTR
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            TRANSERSDATAFORME.COM
                                                                                                                            2277.tmp
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            TRANSERSDATAFORME.COM
                                                                                                                            IN A
                                                                                                                            Response
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            www.google.com
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            www.google.com
                                                                                                                            IN A
                                                                                                                            Response
                                                                                                                            www.google.com
                                                                                                                            IN A
                                                                                                                            142.250.180.4
                                                                                                                          • flag-gb
                                                                                                                            GET
                                                                                                                            http://www.google.com/
                                                                                                                            Remote address:
                                                                                                                            142.250.180.4:80
                                                                                                                            Request
                                                                                                                            GET / HTTP/1.0
                                                                                                                            Connection: close
                                                                                                                            Host: www.google.com
                                                                                                                            Accept: */*
                                                                                                                            Response
                                                                                                                            HTTP/1.0 302 Found
                                                                                                                            Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJr5z7QGIjDCG475zQwj-YRGlCXPLlwLTiIoG3fJw6NwwR0YJx_kL4IEUQvM2AekoNadqO3f0kMyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                            x-hallmonitor-challenge: CgsIm_nPtAYQ86zgDRIEwm4NRg
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-Fc0vIav7q0ubQU86UYJBtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                            Date: Sun, 14 Jul 2024 16:28:11 GMT
                                                                                                                            Server: gws
                                                                                                                            Content-Length: 396
                                                                                                                            X-XSS-Protection: 0
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            Set-Cookie: AEC=AVYB7coEy9GthEjj8KqbyHF5VaKYTfrmfiZqvwDrzCoi7i4NnSsKPQaWxw; expires=Fri, 10-Jan-2025 16:28:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                          • flag-gb
                                                                                                                            GET
                                                                                                                            http://www.google.com/
                                                                                                                            Remote address:
                                                                                                                            142.250.180.4:80
                                                                                                                            Request
                                                                                                                            GET / HTTP/1.1
                                                                                                                            Connection: close
                                                                                                                            Pragma: no-cache
                                                                                                                            Host: www.google.com
                                                                                                                            Response
                                                                                                                            HTTP/1.1 302 Found
                                                                                                                            Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJv5z7QGIjCXzHcW4HXk5RDBdXYabU-cSiwvvoWF7FcEpAg3u_lApUJFpPVZbbKjD4d44H-PJygyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                            x-hallmonitor-challenge: CgwIm_nPtAYQiv-K_QESBMJuDUY
                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                            Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-8ZjqWEsEx7k0tQBHaaA4yA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                            Date: Sun, 14 Jul 2024 16:28:11 GMT
                                                                                                                            Server: gws
                                                                                                                            Content-Length: 396
                                                                                                                            X-XSS-Protection: 0
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            Set-Cookie: AEC=AVYB7cqUajPyeXVm4yyDiU_vceswsfoR5C7F-OgLAYNraYn0Htr7DnsfRQ; expires=Fri, 10-Jan-2025 16:28:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                            Connection: close
                                                                                                                          • flag-us
                                                                                                                            DNS
                                                                                                                            4.180.250.142.in-addr.arpa
                                                                                                                            Remote address:
                                                                                                                            8.8.8.8:53
                                                                                                                            Request
                                                                                                                            4.180.250.142.in-addr.arpa
                                                                                                                            IN PTR
                                                                                                                            Response
                                                                                                                            4.180.250.142.in-addr.arpa
                                                                                                                            IN PTR
                                                                                                                            lhr25s32-in-f41e100net
                                                                                                                          • flag-gb
                                                                                                                            GET
                                                                                                                            http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJv5z7QGIjCXzHcW4HXk5RDBdXYabU-cSiwvvoWF7FcEpAg3u_lApUJFpPVZbbKjD4d44H-PJygyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                            Remote address:
                                                                                                                            142.250.180.4:80
                                                                                                                            Request
                                                                                                                            GET /sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJv5z7QGIjCXzHcW4HXk5RDBdXYabU-cSiwvvoWF7FcEpAg3u_lApUJFpPVZbbKjD4d44H-PJygyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                                                            Connection: close
                                                                                                                            Pragma: no-cache
                                                                                                                            Host: www.google.com
                                                                                                                            Response
                                                                                                                            HTTP/1.1 429 Too Many Requests
                                                                                                                            Date: Sun, 14 Jul 2024 16:28:11 GMT
                                                                                                                            Pragma: no-cache
                                                                                                                            Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                            Content-Type: text/html
                                                                                                                            Server: HTTP server (unknown)
                                                                                                                            Content-Length: 3052
                                                                                                                            X-XSS-Protection: 0
                                                                                                                            Connection: close
                                                                                                                          • 13.107.21.237:443
                                                                                                                            https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2a6e52608cce498b8ee81907f7d6b4b5&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=
                                                                                                                            tls, http2
                                                                                                                            2.0kB
                                                                                                                             9.3kB
                                                                                                                             22
                                                                                                                            19

                                                                                                                            HTTP Request

                                                                                                                            GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2a6e52608cce498b8ee81907f7d6b4b5&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

                                                                                                                            HTTP Response

                                                                                                                            204

                                                                                                                            HTTP Request

                                                                                                                            GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=2a6e52608cce498b8ee81907f7d6b4b5&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

                                                                                                                            HTTP Response

                                                                                                                            204

                                                                                                                            HTTP Request

                                                                                                                            GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=2a6e52608cce498b8ee81907f7d6b4b5&localId=w:7F54B7CC-A139-0C44-079B-F8E35781E681&deviceId=6825836757805329&anid=

                                                                                                                            HTTP Response

                                                                                                                            204
                                                                                                                          • 198.7.57.33:80
                                                                                                                            http://newworldorderreport.com/img/3421.png?sv=878&tq=gJ4WK%2FSUh7TFkkR8oY%2BQtMWTUj26kJH7yZJQPbqVybhqtUn5CGFATA%3D%3D
                                                                                                                            http
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            422 B
                                                                                                                             658 B
                                                                                                                             5
                                                                                                                            5

                                                                                                                            HTTP Request

                                                                                                                            GET http://newworldorderreport.com/img/3421.png?sv=878&tq=gJ4WK%2FSUh7TFkkR8oY%2BQtMWTUj26kJH7yZJQPbqVybhqtUn5CGFATA%3D%3D

                                                                                                                            HTTP Response

                                                                                                                            301
                                                                                                                          • 142.250.180.4:80
                                                                                                                            http://www.google.com/
                                                                                                                            http
                                                                                                                            302 B
                                                                                                                             1.5kB
                                                                                                                             5
                                                                                                                            5

                                                                                                                            HTTP Request

                                                                                                                            GET http://www.google.com/

                                                                                                                            HTTP Response

                                                                                                                            302
                                                                                                                          • 142.250.180.4:80
                                                                                                                            http://www.google.com/
                                                                                                                            http
                                                                                                                            307 B
                                                                                                                             1.5kB
                                                                                                                             5
                                                                                                                            5

                                                                                                                            HTTP Request

                                                                                                                            GET http://www.google.com/

                                                                                                                            HTTP Response

                                                                                                                            302
                                                                                                                          • 142.250.180.4:80
                                                                                                                            http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJv5z7QGIjCXzHcW4HXk5RDBdXYabU-cSiwvvoWF7FcEpAg3u_lApUJFpPVZbbKjD4d44H-PJygyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                                                            http
                                                                                                                            526 B
                                                                                                                             3.6kB
                                                                                                                             6
                                                                                                                            7

                                                                                                                            HTTP Request

                                                                                                                            GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGJv5z7QGIjCXzHcW4HXk5RDBdXYabU-cSiwvvoWF7FcEpAg3u_lApUJFpPVZbbKjD4d44H-PJygyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

                                                                                                                            HTTP Response

                                                                                                                            429
                                                                                                                          • 127.0.0.1:60970
                                                                                                                          • 8.8.8.8:53
                                                                                                                            g.bing.com
                                                                                                                            dns
                                                                                                                            56 B
                                                                                                                             151 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            g.bing.com

                                                                                                                            DNS Response

                                                                                                                            13.107.21.237
                                                                                                                            204.79.197.237

                                                                                                                          • 8.8.8.8:53
                                                                                                                            237.21.107.13.in-addr.arpa
                                                                                                                            dns
                                                                                                                            72 B
                                                                                                                             158 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            237.21.107.13.in-addr.arpa

                                                                                                                          • 8.8.8.8:53
                                                                                                                            0.159.190.20.in-addr.arpa
                                                                                                                            dns
                                                                                                                            71 B
                                                                                                                             157 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            0.159.190.20.in-addr.arpa

                                                                                                                          • 8.8.8.8:53
                                                                                                                            57.169.31.20.in-addr.arpa
                                                                                                                            dns
                                                                                                                            71 B
                                                                                                                             157 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            57.169.31.20.in-addr.arpa

                                                                                                                          • 8.8.8.8:53
                                                                                                                            240.221.184.93.in-addr.arpa
                                                                                                                            dns
                                                                                                                            73 B
                                                                                                                             144 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            240.221.184.93.in-addr.arpa

                                                                                                                          • 8.8.8.8:53
                                                                                                                            newworldorderreport.com
                                                                                                                            dns
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            69 B
                                                                                                                             85 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            newworldorderreport.com

                                                                                                                            DNS Response

                                                                                                                            198.7.57.33

                                                                                                                          • 8.8.8.8:53
                                                                                                                            i3duh.opalimanos.com
                                                                                                                            dns
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            66 B
                                                                                                                             139 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            i3duh.opalimanos.com

                                                                                                                          • 224.0.0.251:5353
                                                                                                                            224 B
                                                                                                                             4
                                                                                                                          • 8.8.8.8:53
                                                                                                                            33.57.7.198.in-addr.arpa
                                                                                                                            dns
                                                                                                                            70 B
                                                                                                                             133 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            33.57.7.198.in-addr.arpa

                                                                                                                          • 8.8.8.8:53
                                                                                                                            ddl.dudlik-munik.com
                                                                                                                            dns
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            66 B
                                                                                                                             139 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            ddl.dudlik-munik.com

                                                                                                                          • 8.8.8.8:53
                                                                                                                            gso8n1n.opalimanos.com
                                                                                                                            dns
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            68 B
                                                                                                                             141 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            gso8n1n.opalimanos.com

                                                                                                                          • 8.8.8.8:53
                                                                                                                            86.23.85.13.in-addr.arpa
                                                                                                                            dns
                                                                                                                            70 B
                                                                                                                             144 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            86.23.85.13.in-addr.arpa

                                                                                                                          • 8.8.8.8:53
                                                                                                                            56.126.166.20.in-addr.arpa
                                                                                                                            dns
                                                                                                                            72 B
                                                                                                                             158 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            56.126.166.20.in-addr.arpa

                                                                                                                          • 8.8.8.8:53
                                                                                                                            jg4kc2pto6.dudlik-munik.com
                                                                                                                            dns
                                                                                                                            469b708b6ba255800d133cc7c5ceb859_JaffaCakes118.exe
                                                                                                                            73 B
                                                                                                                             146 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            jg4kc2pto6.dudlik-munik.com

                                                                                                                          • 8.8.8.8:53
                                                                                                                            98.58.20.217.in-addr.arpa
                                                                                                                            dns
                                                                                                                            71 B
                                                                                                                             131 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            98.58.20.217.in-addr.arpa

                                                                                                                          • 8.8.8.8:53
                                                                                                                            TRANSERSDATAFORME.COM
                                                                                                                            dns
                                                                                                                            2277.tmp
                                                                                                                            67 B
                                                                                                                             140 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            TRANSERSDATAFORME.COM

                                                                                                                          • 8.8.8.8:53
                                                                                                                            www.google.com
                                                                                                                            dns
                                                                                                                            60 B
                                                                                                                             76 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            www.google.com

                                                                                                                            DNS Response

                                                                                                                            142.250.180.4

                                                                                                                          • 8.8.8.8:53
                                                                                                                            4.180.250.142.in-addr.arpa
                                                                                                                            dns
                                                                                                                            72 B
                                                                                                                             110 B
                                                                                                                             1
                                                                                                                            1

                                                                                                                            DNS Request

                                                                                                                            4.180.250.142.in-addr.arpa

                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                          Replay Monitor

                                                                                                                          Loading Replay Monitor...

                                                                                                                          Downloads

                                                                                                                          • C:\Program Files (x86)\LP\016D\2277.tmp
                                                                                                                            Filesize

                                                                                                                            96KB

                                                                                                                            MD5

                                                                                                                            a3da301fded24507633e349a3219a05e

                                                                                                                            SHA1

                                                                                                                            9fdc1219630bf60b2dc079734523e7b431c09301

                                                                                                                            SHA256

                                                                                                                            af2e4c2852b826d44012a9506cdd0d463ab431690a6e49a8bb5cac53d59af081

                                                                                                                            SHA512

                                                                                                                            d63cf44fb5ab9b896de02fd01bbe5e472074b91b0263898f0abcd1e64f4f2e530b8cd796268686c0eda03ed3a959d2a84de031796a9fb30fb3addfacffc01966

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            d3c661e941cc215180bcbf0bc64098e5

                                                                                                                            SHA1

                                                                                                                            d887cd4a69c9b1280968e763b1c673934432f217

                                                                                                                            SHA256

                                                                                                                            ded3488a89cdedb27635be2a49577cec771fb59cb66efc75ec04775b7a9cee33

                                                                                                                            SHA512

                                                                                                                            91c031a2ff45f3beb8fb88e2d0992397471e1a06fc9a51a9086e7e8f4a1582dfd955a275804cec9d33114eebd327702e2a380ee2c0f739542cba4c536869aa4e

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133654480540043695.txt
                                                                                                                            Filesize

                                                                                                                            75KB

                                                                                                                            MD5

                                                                                                                            47bdbe19f47023c67e7c218d80f2e8c7

                                                                                                                            SHA1

                                                                                                                            77292be3874bc1da2a2ec9936b9b794fd0eee047

                                                                                                                            SHA256

                                                                                                                            788c845efaade9b549a16bdebe1b1c13e93d00a1e03bf50f4b2f5d343d03d2ff

                                                                                                                            SHA512

                                                                                                                            a55ce88ef1ff7b6bf1650b45fe63e462f1ac562b81f7e3604d492b14d964c8a38f3545475f7ad84371dddc8976ec8c847a29f3d9281706ed4bc55296847e64e6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\F2CLGW5Q\microsoft.windows[1].xml
                                                                                                                            Filesize

                                                                                                                            97B

                                                                                                                            MD5

                                                                                                                            4a191d9fedda995f5909efbcfcb7027f

                                                                                                                            SHA1

                                                                                                                            22c748a1c01c2d69a6c742b4aae9d41703a4c960

                                                                                                                            SHA256

                                                                                                                            c7edba1e760f5de63d096bb30b059fe19b90fbbc65f677e0d2facf77271a79e7

                                                                                                                            SHA512

                                                                                                                            1162b6872f60e051c569b0b6c8d41bb49be3130373c62ce39bc83c698f5f9a99f75810bccfd7137f831463cbfaf5cd6f13b59d384de334ae1ad58a4c426b162c

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Roaming\D9F28\8835.9F2
                                                                                                                            Filesize

                                                                                                                            996B

                                                                                                                            MD5

                                                                                                                            0b296e8f33329d26705f49b5df69d7b5

                                                                                                                            SHA1

                                                                                                                            74998afeb24acec1e86a589805c9e55adf680d9e

                                                                                                                            SHA256

                                                                                                                            ff4a4586c6e5644965747ebc13cbc68839b1a61012852bba0dda32fa0098dc77

                                                                                                                            SHA512

                                                                                                                            d2caf42e81ac70ad42c9032153f50679f4006ecdd42fcd3496dc2ab8d6a9745cbfae61e8e8fc253c8001e8c72ee765cf0a9da4e2f01874c8d1f3060aa0c5f1fb

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Roaming\D9F28\8835.9F2
                                                                                                                            Filesize

                                                                                                                            600B

                                                                                                                            MD5

                                                                                                                            010e272c75dfe484bbc75fdedbeabfa1

                                                                                                                            SHA1

                                                                                                                            98b8f28fb53bc2c564443ecf2a600f46c2999827

                                                                                                                            SHA256

                                                                                                                            75a6200b74d579227e4a0d25415af831aa4b5ae30cb6c2c0e758881bca2f3792

                                                                                                                            SHA512

                                                                                                                            cba7c1a468620183bb41e3b336fc6401b4b15282ff1a20b204b22817ff348a7c32c3e40fbf74fc3e27ab55855bf2bf4e110490e1d68f6927ae83b4a803c5c1e7

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Roaming\D9F28\8835.9F2
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            267ed42a0b9dc8946fd34deecb06681c

                                                                                                                            SHA1

                                                                                                                            ad436ca29c6dca4c27d7037bfcd9b8e5d9174a91

                                                                                                                            SHA256

                                                                                                                            76411f986826f5cd84b9af22a3f2e6c9332b98041ced95c08d10b449a5b5d926

                                                                                                                            SHA512

                                                                                                                            b83753b57e9269c42f4f6df449ba967d433c61f6f958eb97f421d9361c010a565120757374102874cbe97b6bee015bf6de82741ec8b5342566c1a12fd35af8ec

                                                                                                                            Download Submit

                                                                                                                          • memory/940-627-0x000001F6B6250000-0x000001F6B6270000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/940-612-0x000001F6B5340000-0x000001F6B5440000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/940-645-0x000001F6B6860000-0x000001F6B6880000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/940-617-0x000001F6B6290000-0x000001F6B62B0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/960-17-0x0000000000512000-0x0000000000532000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/960-16-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            412KB

                                                                                                                            Download

                                                                                                                          • memory/960-15-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            424KB

                                                                                                                            Download

                                                                                                                          • memory/1188-1352-0x0000000004900000-0x0000000004901000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/1624-917-0x00000181DBD70000-0x00000181DBE70000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1624-918-0x00000181DBD70000-0x00000181DBE70000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1624-949-0x00000181DD2A0000-0x00000181DD2C0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1624-922-0x00000181DCCD0000-0x00000181DCCF0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1624-936-0x00000181DCC90000-0x00000181DCCB0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1720-117-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            424KB

                                                                                                                            Download

                                                                                                                          • memory/1920-254-0x0000021D71B40000-0x0000021D71B60000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1920-237-0x0000021D70A20000-0x0000021D70B20000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/1920-242-0x0000021D71B80000-0x0000021D71BA0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/1920-273-0x0000021D71F50000-0x0000021D71F70000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2172-611-0x00000000041E0000-0x00000000041E1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/2840-1063-0x0000000003120000-0x0000000003121000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/2872-1070-0x0000021A4E300000-0x0000021A4E320000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2872-1066-0x0000021A4D400000-0x0000021A4D500000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/2872-1079-0x0000021A4E2C0000-0x0000021A4E2E0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2872-1065-0x0000021A4D400000-0x0000021A4D500000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/2872-1091-0x0000021A4E8E0000-0x0000021A4E900000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2896-476-0x0000022A71240000-0x0000022A71260000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2896-487-0x0000022A71650000-0x0000022A71670000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/2896-459-0x0000022A70120000-0x0000022A70220000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/2896-461-0x0000022A70120000-0x0000022A70220000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/2896-464-0x0000022A71280000-0x0000022A712A0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3496-764-0x000001C0E3A50000-0x000001C0E3B50000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3496-787-0x000001C0E4F80000-0x000001C0E4FA0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3496-773-0x000001C0E4B70000-0x000001C0E4B90000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3496-770-0x000001C0E4BB0000-0x000001C0E4BD0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3544-915-0x0000000004400000-0x0000000004401000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3652-457-0x0000000004770000-0x0000000004771000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3672-236-0x0000000003ED0000-0x0000000003ED1000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3820-1208-0x0000000004C10000-0x0000000004C11000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          • memory/3880-1210-0x0000027017340000-0x0000027017440000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            1024KB

                                                                                                                            Download

                                                                                                                          • memory/3880-1226-0x0000027018250000-0x0000027018270000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3880-1239-0x0000027018860000-0x0000027018880000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/3880-1215-0x0000027018290000-0x00000270182B0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4192-1371-0x0000012D7B5C0000-0x0000012D7B5E0000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4192-1360-0x0000012D7B600000-0x0000012D7B620000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            128KB

                                                                                                                            Download

                                                                                                                          • memory/4364-231-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            412KB

                                                                                                                            Download

                                                                                                                          • memory/4364-608-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            424KB

                                                                                                                            Download

                                                                                                                          • memory/4364-0-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            424KB

                                                                                                                            Download

                                                                                                                          • memory/4364-3-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            424KB

                                                                                                                            Download

                                                                                                                          • memory/4364-2-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            412KB

                                                                                                                            Download

                                                                                                                          • memory/4364-115-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            424KB

                                                                                                                            Download

                                                                                                                          • memory/4364-18-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            424KB

                                                                                                                            Download

                                                                                                                          • memory/4588-607-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            112KB

                                                                                                                            Download

                                                                                                                          • memory/4700-763-0x0000000003780000-0x0000000003781000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            Download

                                                                                                                          We care about your privacy.

                                                                                                                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.