Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

841cb772ed...18.exe

windows7-x64

7

841cb772ed...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 00:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe

  • Size

    326KB

  • MD5

    841cb772ed5e46e1e187fd2e34f95110

  • SHA1

    2c79f894fb1142bb6906c1639b355457e47cd8ba

  • SHA256

    7a993b8cc6a588035b80f56de898fa7a9600a6d30152cd2ca96cd1f9fc612582

  • SHA512

    f83bfca0dbdd979ab382f5b374ada0142c2948b45b264f878830b61045dee24bd8912c281ec612f4b4d0f80456f4cc654da06d86ffb5eb907f7c190ec2922331

  • SSDEEP

    6144:+cM5DWnN6aAW/2kXz20ckY+NIMZKHuW9KQwY:ZM5DSN6aAH0XNed

Score
7/10
discoverypersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 37 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe C:\Users\Admin\AppData\Local\Temp\841cb772ed5e46e1e187fd2e34f95110_JaffaCakes118
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2160
    • C:\WINDOWS\CIDD_P\lsass.exe
      C:\WINDOWS\CIDD_P\lsass.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Enumerates connected drives
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2340
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:2656

Network

  • flag-us
    DNS
    www.yahoo.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    www.yahoo.com
    IN A
    Response
    www.yahoo.com
    IN CNAME
    me-ycpi-cf-www.g06.yahoodns.net
    me-ycpi-cf-www.g06.yahoodns.net
    IN A
    87.248.114.11
    me-ycpi-cf-www.g06.yahoodns.net
    IN A
    87.248.114.12
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:14:49 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:14:54 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:11 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:16 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:21 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:26 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:30 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:34 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:39 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:43 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:47 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:52 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:15:57 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:16:01 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:16:05 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:16:11 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    http://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:80
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Host: www.yahoo.com
    Cache-Control: no-cache
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sat, 10 Aug 2024 00:16:15 GMT
    Connection: keep-alive
    Server: ATS
    Cache-Control: no-store
    Content-Type: text/html
    Content-Language: en
    Location: https://www.yahoo.com/
    Content-Length: 1
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:14:25 GMT
    x-envoy-upstream-service-time: 53
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:14:29 GMT
    x-envoy-upstream-service-time: 45
    server: ATS
    Age: 25
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:14:47 GMT
    x-envoy-upstream-service-time: 59
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:14:52 GMT
    x-envoy-upstream-service-time: 41
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:14:57 GMT
    x-envoy-upstream-service-time: 70
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:02 GMT
    x-envoy-upstream-service-time: 71
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:06 GMT
    x-envoy-upstream-service-time: 70
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:10 GMT
    x-envoy-upstream-service-time: 64
    server: ATS
    Age: 26
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:15 GMT
    x-envoy-upstream-service-time: 68
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:19 GMT
    x-envoy-upstream-service-time: 49
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:23 GMT
    x-envoy-upstream-service-time: 46
    server: ATS
    Age: 26
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:28 GMT
    x-envoy-upstream-service-time: 96
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:33 GMT
    x-envoy-upstream-service-time: 41
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:37 GMT
    x-envoy-upstream-service-time: 73
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:42 GMT
    x-envoy-upstream-service-time: 52
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:46 GMT
    x-envoy-upstream-service-time: 38
    server: ATS
    Age: 25
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-gb
    GET
    https://www.yahoo.com/
    lsass.exe
    Remote address:
    87.248.114.11:443
    Request
    GET / HTTP/1.1
    User-Agent: AutoIt v3
    Connection: Keep-Alive
    Cache-Control: no-cache
    Host: www.yahoo.com
    Response
    HTTP/1.1 200 OK
    referrer-policy: no-referrer-when-downgrade
    strict-transport-security: max-age=31536000
    x-frame-options: SAMEORIGIN
    content-type: text/html; charset=utf-8
    date: Sat, 10 Aug 2024 00:15:51 GMT
    x-envoy-upstream-service-time: 45
    server: ATS
    Age: 24
    Cache-Control: no-store, no-cache, max-age=0, private
    Expires: -1
    Transfer-Encoding: chunked
    Connection: keep-alive
    Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
  • flag-us
    DNS
    nklmtf11nklmtf112.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf112.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf1.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf1.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf1122.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf1122.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf1122.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf1122.t35.com
    IN A
  • flag-us
    DNS
    nklmtf2nklmtf2.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf2nklmtf2.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf11222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf11222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf3nklmtf3.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf3nklmtf3.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf112222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf112222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf13.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf13.t35.com
    IN A
    Response
  • flag-us
    DNS
    crl.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    crl.microsoft.com
    IN A
    Response
    crl.microsoft.com
    IN CNAME
    crl.www.ms.akadns.net
    crl.www.ms.akadns.net
    IN CNAME
    a1363.dscg.akamai.net
    a1363.dscg.akamai.net
    IN A
    173.222.211.50
    a1363.dscg.akamai.net
    IN A
    173.222.211.58
  • flag-gb
    GET
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    Remote address:
    173.222.211.50:80
    Request
    GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    If-Modified-Since: Wed, 01 May 2024 09:28:59 GMT
    User-Agent: Microsoft-CryptoAPI/6.1
    Host: crl.microsoft.com
    Response
    HTTP/1.1 200 OK
    Content-Length: 1036
    Content-Type: application/octet-stream
    Content-MD5: 5xIscz+eN7ugykyYXOEdbQ==
    Last-Modified: Thu, 11 Jul 2024 01:45:51 GMT
    ETag: 0x8DCA14B323B2CC0
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: ff5f5f93-e01e-0040-183b-d350d2000000
    x-ms-version: 2009-09-19
    x-ms-lease-status: unlocked
    x-ms-blob-type: BlockBlob
    Date: Sat, 10 Aug 2024 00:14:55 GMT
    Connection: keep-alive
  • flag-us
    DNS
    nklmtf11nklmtf1122222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf1122222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf133.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf133.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf11222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf11222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf1333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf1333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf112222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf112222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf13333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf13333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf1122222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf1122222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf133333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf133333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf11222222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf11222222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf1333333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf1333333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf112222222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf112222222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf13333333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf13333333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf1122222222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf1122222222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf133333333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf133333333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf11222222222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf11222222222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf1333333333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf1333333333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf112222222222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf112222222222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf13333333333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf13333333333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf1122222222222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf1122222222222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf133333333333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf133333333333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf11222222222222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf11222222222222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf1333333333333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf1333333333333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf112222222222222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf112222222222222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf13333333333333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf13333333333333.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf11nklmtf1122222222222222222.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf11nklmtf1122222222222222222.t35.com
    IN A
    Response
  • flag-us
    DNS
    nklmtf1nklmtf133333333333333.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    nklmtf1nklmtf133333333333333.t35.com
    IN A
    Response
  • flag-us
    DNS
    alas.matf.bg.ac.yu
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    alas.matf.bg.ac.yu
    IN A
    Response
  • flag-us
    DNS
    stoopp30stoopp30.t35.com
    lsass.exe
    Remote address:
    8.8.8.8:53
    Request
    stoopp30stoopp30.t35.com
    IN A
    Response
  • 87.248.114.11:80
    http://www.yahoo.com/
    http
    lsass.exe
    3.0kB
     4.8kB
     36
    19

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301

    HTTP Request

    GET http://www.yahoo.com/

    HTTP Response

    301
  • 87.248.114.11:443
    https://www.yahoo.com/
    tls, http
    lsass.exe
    601.7kB
     32.4MB
     12849
    23270

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200

    HTTP Request

    GET https://www.yahoo.com/

    HTTP Response

    200
  • 173.222.211.50:80
    http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
    http
    399 B
     1.7kB
     4
    4

    HTTP Request

    GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

    HTTP Response

    200
  • 8.8.8.8:53
    www.yahoo.com
    dns
    lsass.exe
    59 B
     136 B
     1
    1

    DNS Request

    www.yahoo.com

    DNS Response

    87.248.114.11
    87.248.114.12

  • 8.8.8.8:53
    nklmtf11nklmtf112.t35.com
    dns
    lsass.exe
    71 B
     128 B
     1
    1

    DNS Request

    nklmtf11nklmtf112.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf1.t35.com
    dns
    lsass.exe
    68 B
     125 B
     1
    1

    DNS Request

    nklmtf1nklmtf1.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf1122.t35.com
    dns
    lsass.exe
    144 B
     129 B
     2
    1

    DNS Request

    nklmtf11nklmtf1122.t35.com

    DNS Request

    nklmtf11nklmtf1122.t35.com

  • 8.8.8.8:53
    nklmtf2nklmtf2.t35.com
    dns
    lsass.exe
    68 B
     125 B
     1
    1

    DNS Request

    nklmtf2nklmtf2.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf11222.t35.com
    dns
    lsass.exe
    73 B
     130 B
     1
    1

    DNS Request

    nklmtf11nklmtf11222.t35.com

  • 8.8.8.8:53
    nklmtf3nklmtf3.t35.com
    dns
    lsass.exe
    68 B
     125 B
     1
    1

    DNS Request

    nklmtf3nklmtf3.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf112222.t35.com
    dns
    lsass.exe
    74 B
     131 B
     1
    1

    DNS Request

    nklmtf11nklmtf112222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf13.t35.com
    dns
    lsass.exe
    69 B
     126 B
     1
    1

    DNS Request

    nklmtf1nklmtf13.t35.com

  • 8.8.8.8:53
    crl.microsoft.com
    dns
    63 B
     162 B
     1
    1

    DNS Request

    crl.microsoft.com

    DNS Response

    173.222.211.50
    173.222.211.58

  • 8.8.8.8:53
    nklmtf11nklmtf1122222.t35.com
    dns
    lsass.exe
    75 B
     132 B
     1
    1

    DNS Request

    nklmtf11nklmtf1122222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf133.t35.com
    dns
    lsass.exe
    70 B
     127 B
     1
    1

    DNS Request

    nklmtf1nklmtf133.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf11222222.t35.com
    dns
    lsass.exe
    76 B
     133 B
     1
    1

    DNS Request

    nklmtf11nklmtf11222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf1333.t35.com
    dns
    lsass.exe
    71 B
     128 B
     1
    1

    DNS Request

    nklmtf1nklmtf1333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf112222222.t35.com
    dns
    lsass.exe
    77 B
     134 B
     1
    1

    DNS Request

    nklmtf11nklmtf112222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf13333.t35.com
    dns
    lsass.exe
    72 B
     129 B
     1
    1

    DNS Request

    nklmtf1nklmtf13333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf1122222222.t35.com
    dns
    lsass.exe
    78 B
     135 B
     1
    1

    DNS Request

    nklmtf11nklmtf1122222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf133333.t35.com
    dns
    lsass.exe
    73 B
     130 B
     1
    1

    DNS Request

    nklmtf1nklmtf133333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf11222222222.t35.com
    dns
    lsass.exe
    79 B
     136 B
     1
    1

    DNS Request

    nklmtf11nklmtf11222222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf1333333.t35.com
    dns
    lsass.exe
    74 B
     131 B
     1
    1

    DNS Request

    nklmtf1nklmtf1333333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf112222222222.t35.com
    dns
    lsass.exe
    80 B
     137 B
     1
    1

    DNS Request

    nklmtf11nklmtf112222222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf13333333.t35.com
    dns
    lsass.exe
    75 B
     132 B
     1
    1

    DNS Request

    nklmtf1nklmtf13333333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf1122222222222.t35.com
    dns
    lsass.exe
    81 B
     138 B
     1
    1

    DNS Request

    nklmtf11nklmtf1122222222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf133333333.t35.com
    dns
    lsass.exe
    76 B
     133 B
     1
    1

    DNS Request

    nklmtf1nklmtf133333333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf11222222222222.t35.com
    dns
    lsass.exe
    82 B
     139 B
     1
    1

    DNS Request

    nklmtf11nklmtf11222222222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf1333333333.t35.com
    dns
    lsass.exe
    77 B
     134 B
     1
    1

    DNS Request

    nklmtf1nklmtf1333333333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf112222222222222.t35.com
    dns
    lsass.exe
    83 B
     140 B
     1
    1

    DNS Request

    nklmtf11nklmtf112222222222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf13333333333.t35.com
    dns
    lsass.exe
    78 B
     135 B
     1
    1

    DNS Request

    nklmtf1nklmtf13333333333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf1122222222222222.t35.com
    dns
    lsass.exe
    84 B
     141 B
     1
    1

    DNS Request

    nklmtf11nklmtf1122222222222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf133333333333.t35.com
    dns
    lsass.exe
    79 B
     136 B
     1
    1

    DNS Request

    nklmtf1nklmtf133333333333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf11222222222222222.t35.com
    dns
    lsass.exe
    85 B
     142 B
     1
    1

    DNS Request

    nklmtf11nklmtf11222222222222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf1333333333333.t35.com
    dns
    lsass.exe
    80 B
     137 B
     1
    1

    DNS Request

    nklmtf1nklmtf1333333333333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf112222222222222222.t35.com
    dns
    lsass.exe
    86 B
     143 B
     1
    1

    DNS Request

    nklmtf11nklmtf112222222222222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf13333333333333.t35.com
    dns
    lsass.exe
    81 B
     138 B
     1
    1

    DNS Request

    nklmtf1nklmtf13333333333333.t35.com

  • 8.8.8.8:53
    nklmtf11nklmtf1122222222222222222.t35.com
    dns
    lsass.exe
    87 B
     144 B
     1
    1

    DNS Request

    nklmtf11nklmtf1122222222222222222.t35.com

  • 8.8.8.8:53
    nklmtf1nklmtf133333333333333.t35.com
    dns
    lsass.exe
    82 B
     139 B
     1
    1

    DNS Request

    nklmtf1nklmtf133333333333333.t35.com

  • 8.8.8.8:53
    alas.matf.bg.ac.yu
    dns
    lsass.exe
    64 B
     139 B
     1
    1

    DNS Request

    alas.matf.bg.ac.yu

  • 8.8.8.8:53
    stoopp30stoopp30.t35.com
    dns
    lsass.exe
    70 B
     127 B
     1
    1

    DNS Request

    stoopp30stoopp30.t35.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Cab2A1E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2A31.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Windows\CIDD_P\lsass.exe
    Filesize

    326KB

    MD5

    841cb772ed5e46e1e187fd2e34f95110

    SHA1

    2c79f894fb1142bb6906c1639b355457e47cd8ba

    SHA256

    7a993b8cc6a588035b80f56de898fa7a9600a6d30152cd2ca96cd1f9fc612582

    SHA512

    f83bfca0dbdd979ab382f5b374ada0142c2948b45b264f878830b61045dee24bd8912c281ec612f4b4d0f80456f4cc654da06d86ffb5eb907f7c190ec2922331

    Download Submit

  • memory/1988-0-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/1988-9-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-72-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-75-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-69-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-70-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-71-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-91-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-73-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-11-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-76-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-77-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-86-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-87-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-88-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-89-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2340-90-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2656-2-0x0000000003A10000-0x0000000003A20000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.