Overview

overview

10

Static

static

3

ba92222c0e...18.exe

windows7-x64

10

ba92222c0e...18.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 05:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe

  • Size

    2.3MB

  • MD5

    ba92222c0e5c25c531e322148d5ac011

  • SHA1

    dd5b00d68c1fbc9fbf6acf42fb85210f9dc71c8c

  • SHA256

    1d1732c1f40085db43ea9b1e377ca70c2b2572938982234d9a6c3240b538fee4

  • SHA512

    c7886c000f614dd2fef9b45556bfaeaa851762684f780729beb50628a3107f1c3d1d73b6275f7d3ba11c5990786229ff6afc811f2277fb8ecf27178fa7ccf91f

  • SSDEEP

    49152:F0Q5Ujw6tkkcq428htQPOL2XmGs3hfFeWmu3rWrHGn9LvH8nLwPlC/v3:BiE6OzqehtQ+ThdN7YHGn976wPl6v3

Score
9/10
bootkitdiscoveryevasionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Signatures

  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
    evasion
  • Blocks application from running via registry modification 18 IoCs

    Adds application to list of disallowed applications.

    evasion
  • Drops file in Drivers directory 4 IoCs
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 58 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 36 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks for any installed AV software in registry 1 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 28 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 11 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 6 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Users\Admin\AppData\Local\Temp\ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe" "C:\Users\Admin\AppData\Local\Temp\ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe"
      2⤵
      • Enumerates VirtualBox registry keys
      • Blocks application from running via registry modification
      • Drops file in Drivers directory
      • Event Triggered Execution: Image File Execution Options Injection
      • Adds Run key to start application
      • Checks for any installed AV software in registry
      • Enumerates connected drives
      • Writes to the Master Boot Record (MBR)
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1604
      • C:\Windows\SysWOW64\Wbem\mofcomp.exe
        mofcomp "C:\Users\Admin\AppData\Local\Temp\8456.mof"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:1884
      • C:\Windows\SysWOW64\netsh.exe
        netsh "firewall" add allowedprogram "C:\Users\Admin\AppData\Local\Temp\ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe" "PC Security Guardian" ENABLE
        3⤵
        • Event Triggered Execution: Netsh Helper DLL
        • System Location Discovery: System Language Discovery
        PID:2624
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt jnszeenpygk1598n.com 8.8.8.8
        3⤵
        • System Location Discovery: System Language Discovery
        PID:32
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt jnszeenpygk1598n.net 8.8.8.8
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4980
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt jnszeenpygk1598n.com 208.67.222.222
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2072
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt jnszeenpygk1598n.net 208.67.222.222
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1800
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt jnszeenpygk1598n.com 8.8.4.4
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4132
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt jnszeenpygk1598n.net 8.8.4.4
        3⤵
        • System Location Discovery: System Language Discovery
        PID:516
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt jnszeenpygk1598n.com 208.67.220.220
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4368
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt jnszeenpygk1598n.net 208.67.220.220
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2120
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt mnp204wclmvdfops.com 8.8.8.8
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2248
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt mnp204wclmvdfops.net 8.8.8.8
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3492
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt mnp204wclmvdfops.com 208.67.222.222
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4376
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt mnp204wclmvdfops.net 208.67.222.222
        3⤵
        • System Location Discovery: System Language Discovery
        PID:512
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt mnp204wclmvdfops.com 8.8.4.4
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4240
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt mnp204wclmvdfops.net 8.8.4.4
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3864
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt mnp204wclmvdfops.com 208.67.220.220
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2408
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt mnp204wclmvdfops.net 208.67.220.220
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4512
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt elszbh799mnubil.com 8.8.8.8
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2064
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt elszbh799mnubil.net 8.8.8.8
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4620
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt elszbh799mnubil.com 208.67.222.222
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4836
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt elszbh799mnubil.net 208.67.222.222
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1224
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt elszbh799mnubil.com 8.8.4.4
        3⤵
        • System Location Discovery: System Language Discovery
        PID:516
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt elszbh799mnubil.net 8.8.4.4
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2376
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt elszbh799mnubil.com 208.67.220.220
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3468
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup -q=txt elszbh799mnubil.net 208.67.220.220
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4840

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.ax-0001.ax-msedge.net
    g-bing-com.ax-0001.ax-msedge.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=3B93B4524DA463671528A0B64C446235; domain=.bing.com; expires=Wed, 17-Sep-2025 05:44:19 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8A32E15E09D3488283B6404D35B434EE Ref B: LON04EDGE1222 Ref C: 2024-08-23T05:44:19Z
    date: Fri, 23 Aug 2024 05:44:18 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3B93B4524DA463671528A0B64C446235
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=7IkAul4T_T5_QRQk9hsjQ6T146L75_58rUhv0CqrPKs; domain=.bing.com; expires=Wed, 17-Sep-2025 05:44:19 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 48E61FF4396E4364829A896E5643A177 Ref B: LON04EDGE1222 Ref C: 2024-08-23T05:44:19Z
    date: Fri, 23 Aug 2024 05:44:18 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    Remote address:
    150.171.27.10:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=3B93B4524DA463671528A0B64C446235; MSPTC=7IkAul4T_T5_QRQk9hsjQ6T146L75_58rUhv0CqrPKs
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 179FD23A291C4A399DBC07F274F1EFC2 Ref B: LON04EDGE1222 Ref C: 2024-08-23T05:44:19Z
    date: Fri, 23 Aug 2024 05:44:18 GMT
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    4.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    10.27.171.150.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    10.27.171.150.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www5.pc-security-guardian.com
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www5.pc-security-guardian.com
    IN A
    Response
  • flag-us
    DNS
    secure1.savellrnetwork.com
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    secure1.savellrnetwork.com
    IN A
    Response
  • flag-us
    DNS
    secure1.first-checkerwgu.com
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    secure1.first-checkerwgu.com
    IN A
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    jnszeenpygk1598n.com
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    jnszeenpygk1598n.com
    IN TXT
    Response
  • flag-us
    DNS
    jnszeenpygk1598n.com
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    jnszeenpygk1598n.com
    IN TXT
    Response
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    jnszeenpygk1598n.net
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    jnszeenpygk1598n.net
    IN TXT
    Response
  • flag-us
    DNS
    jnszeenpygk1598n.net
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    jnszeenpygk1598n.net
    IN TXT
    Response
  • flag-us
    DNS
    222.222.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    222.222.67.208.in-addr.arpa
    IN PTR
    Response
    222.222.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    222.222.67.208.in-addr.arpa
    IN PTR
    resolver1�\
  • flag-us
    DNS
    jnszeenpygk1598n.com
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    jnszeenpygk1598n.com
    IN TXT
    Response
  • flag-us
    DNS
    jnszeenpygk1598n.com
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    jnszeenpygk1598n.com
    IN TXT
    Response
  • flag-us
    DNS
    222.222.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    222.222.67.208.in-addr.arpa
    IN PTR
    Response
    222.222.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    222.222.67.208.in-addr.arpa
    IN PTR
    resolver1�\
  • flag-us
    DNS
    jnszeenpygk1598n.net
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    jnszeenpygk1598n.net
    IN TXT
    Response
  • flag-us
    DNS
    jnszeenpygk1598n.net
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    jnszeenpygk1598n.net
    IN TXT
    Response
  • flag-us
    DNS
    4.4.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    4.4.8.8.in-addr.arpa
    IN PTR
    Response
    4.4.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    jnszeenpygk1598n.com
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    jnszeenpygk1598n.com
    IN TXT
    Response
  • flag-us
    DNS
    222.222.67.208.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    222.222.67.208.in-addr.arpa
    IN PTR
    Response
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsopendnscom
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�E
    222.222.67.208.in-addr.arpa
    IN PTR
    resolver1�=
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsssecisco�E
  • flag-us
    DNS
    4.4.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.4.8.8.in-addr.arpa
    IN PTR
    Response
    4.4.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    jnszeenpygk1598n.com
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    jnszeenpygk1598n.com
    IN TXT
    Response
  • flag-us
    DNS
    4.4.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    4.4.8.8.in-addr.arpa
    IN PTR
    Response
    4.4.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    jnszeenpygk1598n.net
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    jnszeenpygk1598n.net
    IN TXT
    Response
  • flag-us
    DNS
    jnszeenpygk1598n.net
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    jnszeenpygk1598n.net
    IN TXT
    Response
  • flag-us
    DNS
    220.220.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    220.220.67.208.in-addr.arpa
    IN PTR
    Response
    220.220.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    220.220.67.208.in-addr.arpa
    IN PTR
    resolver2�\
  • flag-us
    DNS
    jnszeenpygk1598n.com
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    jnszeenpygk1598n.com
    IN TXT
    Response
  • flag-us
    DNS
    jnszeenpygk1598n.com
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    jnszeenpygk1598n.com
    IN TXT
    Response
  • flag-us
    DNS
    220.220.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    220.220.67.208.in-addr.arpa
    IN PTR
    Response
    220.220.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    220.220.67.208.in-addr.arpa
    IN PTR
    resolver2�\
  • flag-us
    DNS
    220.220.67.208.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    220.220.67.208.in-addr.arpa
    IN PTR
    Response
    220.220.67.208.in-addr.arpa
    IN PTR
    resolver2opendnscom
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�K
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsssecisco�K
    220.220.67.208.in-addr.arpa
    IN PTR
    dns�C
  • flag-us
    DNS
    jnszeenpygk1598n.net
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    jnszeenpygk1598n.net
    IN TXT
    Response
  • flag-us
    DNS
    jnszeenpygk1598n.net
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    jnszeenpygk1598n.net
    IN TXT
    Response
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    mnp204wclmvdfops.com
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    mnp204wclmvdfops.com
    IN TXT
    Response
  • flag-us
    DNS
    mnp204wclmvdfops.com
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    mnp204wclmvdfops.com
    IN TXT
    Response
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    mnp204wclmvdfops.net
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    mnp204wclmvdfops.net
    IN TXT
    Response
  • flag-us
    DNS
    mnp204wclmvdfops.net
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    mnp204wclmvdfops.net
    IN TXT
    Response
  • flag-us
    DNS
    222.222.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    222.222.67.208.in-addr.arpa
    IN PTR
    Response
    222.222.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    222.222.67.208.in-addr.arpa
    IN PTR
    resolver1�\
  • flag-us
    DNS
    mnp204wclmvdfops.com
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    mnp204wclmvdfops.com
    IN TXT
    Response
  • flag-us
    DNS
    mnp204wclmvdfops.com
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    mnp204wclmvdfops.com
    IN TXT
    Response
  • flag-us
    DNS
    222.222.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    222.222.67.208.in-addr.arpa
    IN PTR
    Response
    222.222.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    222.222.67.208.in-addr.arpa
    IN PTR
    resolver1�\
  • flag-us
    DNS
    mnp204wclmvdfops.net
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    mnp204wclmvdfops.net
    IN TXT
    Response
  • flag-us
    DNS
    mnp204wclmvdfops.net
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    mnp204wclmvdfops.net
    IN TXT
    Response
  • flag-us
    DNS
    4.4.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    4.4.8.8.in-addr.arpa
    IN PTR
    Response
    4.4.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    mnp204wclmvdfops.com
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    mnp204wclmvdfops.com
    IN TXT
    Response
  • flag-us
    DNS
    mnp204wclmvdfops.com
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    mnp204wclmvdfops.com
    IN TXT
    Response
  • flag-us
    DNS
    4.4.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    4.4.8.8.in-addr.arpa
    IN PTR
    Response
    4.4.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    mnp204wclmvdfops.net
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    mnp204wclmvdfops.net
    IN TXT
    Response
  • flag-us
    DNS
    mnp204wclmvdfops.net
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    mnp204wclmvdfops.net
    IN TXT
    Response
  • flag-us
    DNS
    220.220.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    220.220.67.208.in-addr.arpa
    IN PTR
    Response
    220.220.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    220.220.67.208.in-addr.arpa
    IN PTR
    resolver2�\
  • flag-us
    DNS
    mnp204wclmvdfops.com
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    mnp204wclmvdfops.com
    IN TXT
    Response
  • flag-us
    DNS
    mnp204wclmvdfops.com
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    mnp204wclmvdfops.com
    IN TXT
    Response
  • flag-us
    DNS
    220.220.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    220.220.67.208.in-addr.arpa
    IN PTR
    Response
    220.220.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    220.220.67.208.in-addr.arpa
    IN PTR
    resolver2�\
  • flag-us
    DNS
    mnp204wclmvdfops.net
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    mnp204wclmvdfops.net
    IN TXT
    Response
  • flag-us
    DNS
    mnp204wclmvdfops.net
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    mnp204wclmvdfops.net
    IN TXT
    Response
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    elszbh799mnubil.com
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    elszbh799mnubil.com
    IN TXT
    Response
  • flag-us
    DNS
    elszbh799mnubil.com
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    elszbh799mnubil.com
    IN TXT
    Response
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    elszbh799mnubil.net
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    elszbh799mnubil.net
    IN TXT
    Response
  • flag-us
    DNS
    elszbh799mnubil.net
    nslookup.exe
    Remote address:
    8.8.8.8:53
    Request
    elszbh799mnubil.net
    IN TXT
    Response
  • flag-us
    DNS
    222.222.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    222.222.67.208.in-addr.arpa
    IN PTR
    Response
    222.222.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    222.222.67.208.in-addr.arpa
    IN PTR
    resolver1�\
  • flag-us
    DNS
    elszbh799mnubil.com
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    elszbh799mnubil.com
    IN TXT
    Response
  • flag-us
    DNS
    elszbh799mnubil.com
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    elszbh799mnubil.com
    IN TXT
    Response
  • flag-us
    DNS
    222.222.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    222.222.67.208.in-addr.arpa
    IN PTR
    Response
    222.222.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    222.222.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    222.222.67.208.in-addr.arpa
    IN PTR
    resolver1�\
  • flag-us
    DNS
    elszbh799mnubil.net
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    elszbh799mnubil.net
    IN TXT
    Response
  • flag-us
    DNS
    elszbh799mnubil.net
    nslookup.exe
    Remote address:
    208.67.222.222:53
    Request
    elszbh799mnubil.net
    IN TXT
    Response
  • flag-us
    DNS
    4.4.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    4.4.8.8.in-addr.arpa
    IN PTR
    Response
    4.4.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    elszbh799mnubil.com
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    elszbh799mnubil.com
    IN TXT
    Response
  • flag-us
    DNS
    elszbh799mnubil.com
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    elszbh799mnubil.com
    IN TXT
    Response
  • flag-us
    DNS
    4.4.8.8.in-addr.arpa
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    4.4.8.8.in-addr.arpa
    IN PTR
    Response
    4.4.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    elszbh799mnubil.net
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    elszbh799mnubil.net
    IN TXT
    Response
  • flag-us
    DNS
    elszbh799mnubil.net
    nslookup.exe
    Remote address:
    8.8.4.4:53
    Request
    elszbh799mnubil.net
    IN TXT
    Response
  • flag-us
    DNS
    220.220.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    220.220.67.208.in-addr.arpa
    IN PTR
    Response
    220.220.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    220.220.67.208.in-addr.arpa
    IN PTR
    resolver2�\
  • flag-us
    DNS
    elszbh799mnubil.com
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    elszbh799mnubil.com
    IN TXT
    Response
  • flag-us
    DNS
    elszbh799mnubil.com
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    elszbh799mnubil.com
    IN TXT
    Response
  • flag-us
    DNS
    220.220.67.208.in-addr.arpa
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    220.220.67.208.in-addr.arpa
    IN PTR
    Response
    220.220.67.208.in-addr.arpa
    IN PTR
    dnssseciscocom
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsopendns�G
    220.220.67.208.in-addr.arpa
    IN PTR
    dnsumbrella�G
    220.220.67.208.in-addr.arpa
    IN PTR
    resolver2�\
  • flag-us
    DNS
    elszbh799mnubil.net
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    elszbh799mnubil.net
    IN TXT
    Response
  • flag-us
    DNS
    elszbh799mnubil.net
    nslookup.exe
    Remote address:
    208.67.220.220:53
    Request
    elszbh799mnubil.net
    IN TXT
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    45.19.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    45.19.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388131_1EYI33LVMASFWRIF7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388131_1EYI33LVMASFWRIF7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 700191
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C517B2B18EA64D3CBF9EA58990250A3D Ref B: LON04EDGE1216 Ref C: 2024-08-23T05:45:59Z
    date: Fri, 23 Aug 2024 05:45:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418567_1CP2YH6ACBDMHMMFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418567_1CP2YH6ACBDMHMMFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 548687
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0A267C8B6D3947F38AF0F2435D9E2D5C Ref B: LON04EDGE1216 Ref C: 2024-08-23T05:45:59Z
    date: Fri, 23 Aug 2024 05:45:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 663065
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: CE8A54B1FC314B57A27971189936C81B Ref B: LON04EDGE1216 Ref C: 2024-08-23T05:45:59Z
    date: Fri, 23 Aug 2024 05:45:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388132_1CFPZKWNYM387IUQU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388132_1CFPZKWNYM387IUQU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 465025
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 469A2423CD1D4A54800D6AC5A8DD4480 Ref B: LON04EDGE1216 Ref C: 2024-08-23T05:45:59Z
    date: Fri, 23 Aug 2024 05:45:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 594481
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 1583BBE5A9474228AFAB89FEDE1DE7D7 Ref B: LON04EDGE1216 Ref C: 2024-08-23T05:45:59Z
    date: Fri, 23 Aug 2024 05:45:59 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418568_12QU0TF0Q0S6KJNUT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340418568_12QU0TF0Q0S6KJNUT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 581717
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D4AF9CB90DA74F25931D1E1C352F9BC0 Ref B: LON04EDGE1216 Ref C: 2024-08-23T05:46:00Z
    date: Fri, 23 Aug 2024 05:46:00 GMT
  • flag-us
    DNS
    24.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.73.42.20.in-addr.arpa
    IN PTR
    Response
  • 150.171.27.10:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=
    tls, http2
    2.0kB
     9.3kB
     21
    18

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=755d48a178d4436baf769062f825ae8f&localId=w:E92F5014-0C4E-9698-76FF-9DC443206841&deviceId=6896205358161453&anid=

    HTTP Response

    204
  • 67.213.222.16:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 209.222.8.99:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    208 B
     4
  • 173.244.223.33:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    208 B
     4
  • 173.244.223.33:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 174.36.42.71:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 74.125.45.100:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 209.222.8.98:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 209.222.8.98:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    208 B
     4
  • 69.57.173.219:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    208 B
     4
  • 95.211.2.55:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 174.36.42.71:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 69.57.173.219:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 74.125.45.100:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 67.213.222.16:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 173.244.223.33:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 74.125.45.100:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 69.57.173.219:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 209.222.8.99:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 127.0.0.1:27777
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
  • 173.244.223.33:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418568_12QU0TF0Q0S6KJNUT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    125.6kB
     3.7MB
     2683
    2677

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388131_1EYI33LVMASFWRIF7&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418567_1CP2YH6ACBDMHMMFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388132_1CFPZKWNYM387IUQU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418568_12QU0TF0Q0S6KJNUT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     6.9kB
     15
    13
  • 209.222.8.99:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 69.57.173.219:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 209.222.8.99:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    260 B
     5
  • 209.222.8.99:80
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    156 B
     3
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     148 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    4.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    4.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    10.27.171.150.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    10.27.171.150.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    www5.pc-security-guardian.com
    dns
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    75 B
     148 B
     1
    1

    DNS Request

    www5.pc-security-guardian.com

  • 8.8.8.8:53
    secure1.savellrnetwork.com
    dns
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    72 B
     145 B
     1
    1

    DNS Request

    secure1.savellrnetwork.com

  • 8.8.8.8:53
    secure1.first-checkerwgu.com
    dns
    ba92222c0e5c25c531e322148d5ac011_JaffaCakes118.exe
    74 B
     147 B
     1
    1

    DNS Request

    secure1.first-checkerwgu.com

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    jnszeenpygk1598n.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.com

  • 8.8.8.8:53
    jnszeenpygk1598n.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.com

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    jnszeenpygk1598n.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.net

  • 8.8.8.8:53
    jnszeenpygk1598n.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.net

  • 208.67.222.222:53
    222.222.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    222.222.67.208.in-addr.arpa

  • 208.67.222.222:53
    jnszeenpygk1598n.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.com

  • 208.67.222.222:53
    jnszeenpygk1598n.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.com

  • 208.67.222.222:53
    222.222.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    222.222.67.208.in-addr.arpa

  • 208.67.222.222:53
    jnszeenpygk1598n.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.net

  • 208.67.222.222:53
    jnszeenpygk1598n.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.net

  • 8.8.4.4:53
    4.4.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    4.4.8.8.in-addr.arpa

  • 8.8.4.4:53
    jnszeenpygk1598n.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.com

  • 8.8.8.8:53
    222.222.67.208.in-addr.arpa
    dns
    73 B
     181 B
     1
    1

    DNS Request

    222.222.67.208.in-addr.arpa

  • 8.8.8.8:53
    4.4.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    4.4.8.8.in-addr.arpa

  • 8.8.4.4:53
    jnszeenpygk1598n.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.com

  • 8.8.4.4:53
    4.4.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    4.4.8.8.in-addr.arpa

  • 8.8.4.4:53
    jnszeenpygk1598n.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.net

  • 8.8.4.4:53
    jnszeenpygk1598n.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.net

  • 208.67.220.220:53
    220.220.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    220.220.67.208.in-addr.arpa

  • 208.67.220.220:53
    jnszeenpygk1598n.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.com

  • 208.67.220.220:53
    jnszeenpygk1598n.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.com

  • 208.67.220.220:53
    220.220.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    220.220.67.208.in-addr.arpa

  • 8.8.8.8:53
    220.220.67.208.in-addr.arpa
    dns
    73 B
     181 B
     1
    1

    DNS Request

    220.220.67.208.in-addr.arpa

  • 208.67.220.220:53
    jnszeenpygk1598n.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.net

  • 208.67.220.220:53
    jnszeenpygk1598n.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    jnszeenpygk1598n.net

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    mnp204wclmvdfops.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.com

  • 8.8.8.8:53
    mnp204wclmvdfops.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.com

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    mnp204wclmvdfops.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.net

  • 8.8.8.8:53
    mnp204wclmvdfops.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.net

  • 208.67.222.222:53
    222.222.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    222.222.67.208.in-addr.arpa

  • 208.67.222.222:53
    mnp204wclmvdfops.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.com

  • 208.67.222.222:53
    mnp204wclmvdfops.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.com

  • 208.67.222.222:53
    222.222.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    222.222.67.208.in-addr.arpa

  • 208.67.222.222:53
    mnp204wclmvdfops.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.net

  • 208.67.222.222:53
    mnp204wclmvdfops.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.net

  • 8.8.4.4:53
    4.4.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    4.4.8.8.in-addr.arpa

  • 8.8.4.4:53
    mnp204wclmvdfops.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.com

  • 8.8.4.4:53
    mnp204wclmvdfops.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.com

  • 8.8.4.4:53
    4.4.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    4.4.8.8.in-addr.arpa

  • 8.8.4.4:53
    mnp204wclmvdfops.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.net

  • 8.8.4.4:53
    mnp204wclmvdfops.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.net

  • 208.67.220.220:53
    220.220.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    220.220.67.208.in-addr.arpa

  • 208.67.220.220:53
    mnp204wclmvdfops.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.com

  • 208.67.220.220:53
    mnp204wclmvdfops.com
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.com

  • 208.67.220.220:53
    220.220.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    220.220.67.208.in-addr.arpa

  • 208.67.220.220:53
    mnp204wclmvdfops.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.net

  • 208.67.220.220:53
    mnp204wclmvdfops.net
    dns
    nslookup.exe
    66 B
     139 B
     1
    1

    DNS Request

    mnp204wclmvdfops.net

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    elszbh799mnubil.com
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.com

  • 8.8.8.8:53
    elszbh799mnubil.com
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.com

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    elszbh799mnubil.net
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.net

  • 8.8.8.8:53
    elszbh799mnubil.net
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.net

  • 208.67.222.222:53
    222.222.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    222.222.67.208.in-addr.arpa

  • 208.67.222.222:53
    elszbh799mnubil.com
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.com

  • 208.67.222.222:53
    elszbh799mnubil.com
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.com

  • 208.67.222.222:53
    222.222.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    222.222.67.208.in-addr.arpa

  • 208.67.222.222:53
    elszbh799mnubil.net
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.net

  • 208.67.222.222:53
    elszbh799mnubil.net
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.net

  • 8.8.4.4:53
    4.4.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    4.4.8.8.in-addr.arpa

  • 8.8.4.4:53
    elszbh799mnubil.com
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.com

  • 8.8.4.4:53
    elszbh799mnubil.com
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.com

  • 8.8.4.4:53
    4.4.8.8.in-addr.arpa
    dns
    nslookup.exe
    66 B
     90 B
     1
    1

    DNS Request

    4.4.8.8.in-addr.arpa

  • 8.8.4.4:53
    elszbh799mnubil.net
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.net

  • 8.8.4.4:53
    elszbh799mnubil.net
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.net

  • 208.67.220.220:53
    220.220.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    220.220.67.208.in-addr.arpa

  • 208.67.220.220:53
    elszbh799mnubil.com
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.com

  • 208.67.220.220:53
    elszbh799mnubil.com
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.com

  • 208.67.220.220:53
    220.220.67.208.in-addr.arpa
    dns
    nslookup.exe
    73 B
     181 B
     1
    1

    DNS Request

    220.220.67.208.in-addr.arpa

  • 208.67.220.220:53
    elszbh799mnubil.net
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.net

  • 208.67.220.220:53
    elszbh799mnubil.net
    dns
    nslookup.exe
    65 B
     138 B
     1
    1

    DNS Request

    elszbh799mnubil.net

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    45.19.74.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    45.19.74.20.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     170 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

  • 8.8.8.8:53
    24.73.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    24.73.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Image File Execution Options Injection

1
T1546.012

Netsh Helper DLL

1
T1546.007

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Image File Execution Options Injection

1
T1546.012

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

Software Discovery

2
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    196B

    MD5

    6e86650ad96258b23f022605c5f202d5

    SHA1

    321290e91871cb653441e3c87ee8b20ab5f008a0

    SHA256

    8c39246796530ee7588fc16486335d00d5b7273ebb26efe5833e4cfc2bcfe223

    SHA512

    e8a7bdf4bd2fba233a1a6cdf977d57dcb37ae46bc52bf29b4d23c6294e769069e146bcb5f56c4edbc3f93d38a226a9349f604b54156696ccdef41106cc05060c

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    383B

    MD5

    c449261dfafaf7306c2c27dbb22af402

    SHA1

    8fcba63a9baee1dbc1cfad19196f3c43efddf39b

    SHA256

    0c9f95550f1d1ddc5a3afc3dd74fe8402ee2878426718b2417fab30a242ac474

    SHA512

    c8c7a9cd53e2231eaf50daae7ead869b4e4f775b1cfd37998ca5a125b25f35839b09bf77864668f9a398f1371fc2bde6e1591ea25d49f5f14eee74e6adb414f7

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    2KB

    MD5

    448789fda9e1fc03e632a070157661a4

    SHA1

    cedae2b65569359f17cd0c9eb3ea295812cd1fed

    SHA256

    158cf7d89bcd2995df68b43cf787298dd9e3f07cc2e4a28df4bd1f063180a828

    SHA512

    75803a96f8fc33c6078c5bf67ab1af291fa831f910a1a1d69d38aa35f544d415dee8115be0d86cf1f5f1a90f1a7ea341a7625f536ef52733c4bb154e0703a23d

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    2KB

    MD5

    d71b1e2c04733d17522e3c240fd7b08a

    SHA1

    5d66b09eba5619e7cf66a8a419e4407a26707ff8

    SHA256

    612d0c81054e2e848e111e2c49eea61bf24969ca3520302cc074a6f386bc11cb

    SHA512

    dbd9516d1d7599e8b960021cc658ece0672fca747fdc5dcf4f94010d1b62bbf8d4fccff0972fdf530e9f31fcb285ffb946b65b7621c1272b91d39664b5485529

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    3KB

    MD5

    88025ade858f8121213ab0bff3ba67a7

    SHA1

    c705da9043227fa2051714f421e6734e8e0cc9b4

    SHA256

    9dc90ddaf56f6528f47b364908230d6c8c9b2cbeb831b4f09a6adc453153238c

    SHA512

    c4a286dc1c172561d6e4820bea828d545ef9751a299875087e53d46f96f0508b0ac5ab6c8d9ef5b97a4ad698e3f717dd86253500a976ff344fb253a2fa4b6bff

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    4KB

    MD5

    9ed9c0ec32520884bf2a5ce3d0cdb2a2

    SHA1

    9a1d40637237f854c716b5e3a09ee2cf28a99f27

    SHA256

    d256b9269adf8d25e8b4576e138ab5a3bb9f72b4a6b0a97070f04837e984baf5

    SHA512

    5ac887acde6b38084087fe5481e58a6cc9e5d2d7701ad7789c0f869333f7c4defc9584bd15ec02d4e80cab22ad6dd82201a04596ce4bbcac529de0540b2ab53f

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    4KB

    MD5

    24370389eb0bb4250bd62fdea936b483

    SHA1

    9b6ca3c508b1b40ad94281218a7a6ec6433e1102

    SHA256

    1bd9ee1c86c71686334bba2d2c7be8d71bbf987db2b02a6a8e0d6e1b68daf13e

    SHA512

    62a686144eb90a362ec0717edaf08668611dbf45e7bc856b4121ea6f17c1358a794f4cd1ef3f9e25ad1e4b143fe82757a96df99db003956a712ea20fb25589f2

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    6KB

    MD5

    8777bb3f2d08e46bda28a447b33e83df

    SHA1

    b3b8814a10907743d6d276b7ee2a89014dac1283

    SHA256

    94cccf5402e1677fdadd36c10fbdf2510d4dc637f32c5af67b10aab91ada46b6

    SHA512

    e5dbaeaf253169bdf7b4d59fe7e646d4bce80a0822756b5e3b96151fbac9d6f26e18136222c9543f14a3dde8206f95af1e2eafb0b2b2c7efc05964ec7cc76466

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    6KB

    MD5

    f06b5cbac88af56a9fc7f6aa1b0d48ac

    SHA1

    38d7692c682c3da117aa731b6f2acbcae18ccf7a

    SHA256

    6db2e0c118be03e7d4057e1af5297bb9dd7d89cb506612bbf3350de7a3a85980

    SHA512

    4496f1ee702ac15ddd4e2cbfd58d441473b1aabd43630ff42e665d0464a811777a417758d22cf76e88c4f145bd8bc5ec626f5912e1b83e1c3a027c7e6a225615

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    7KB

    MD5

    c40b14961b47d794f3f7c3e56a375472

    SHA1

    8178e1e410e5736828cf6acac2a0f056deee5a37

    SHA256

    7f49e51bad3cca2f5206b3f7d74c08cda9bd1fbf793a59c709c887a8847a41e5

    SHA512

    3f776b3cdffc68879443f383ff8f016f679f5092879f0424e2b06639971f14a81ed550e9e9ff12c402e96d22905dac709bc695fc62498d41971d5586f26de133

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    8KB

    MD5

    a57b7b1dfa7beabac243a0ed9e806970

    SHA1

    7c1200f5a20a1469cd954614b0c8891eb77d5253

    SHA256

    784779829490a74fdc028783232cacf30520fcd8e4dfbebd22a378a77df01da8

    SHA512

    0a9338579523a29f06c19774621d611f98dc9cd464aae66d9fc6a1dbb18e355741f058ed444c726957fdc82330f18ccda0b328a7b48b8f892acedf0f597ca02c

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    8KB

    MD5

    9d72db0dbc88986a63259199e30fc4d0

    SHA1

    b7611fb971d995005aad906df147db1651b61d67

    SHA256

    07606c9b1b03201c281490d0d6650b0bc6a277753000537ee289652e738b45ed

    SHA512

    431315cc1b74268054e0b237d394dbdc6f97c5745011cba6c1300a2da292958fed04f7a5d82e3e3b8d23e01c338c2b9219fcce4761f1d4cadc09caed41b22abf

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    9KB

    MD5

    2f06252ab231e94b506de3046afa3c8b

    SHA1

    d3a2e12d164b57a9af795ecce0e81804497e291c

    SHA256

    df499e1097cc44681d5b30a192735a586de0b69068c94c318aedb8d14a0c950b

    SHA512

    ce2ed3096a9b9e65c0f79fff28f9fa47d29538f84b34e0bd0f6252b422ff46b824ed82109067871b77204cc72647b00052b22602d7b38a70b65677c5bb5e2864

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    10KB

    MD5

    37798ef9e4c621cddc3a84be204dc114

    SHA1

    89492ad5bfa822cc5130fa21e2d6475fc616e684

    SHA256

    31524066184d987b904eaad6443467f37a361096a166138c88b51421f84d0567

    SHA512

    31580cdc818d014fdb1d97f05541f07f7e359f164606c5c605ee4deac8b59e3fff90481b2bb02f872391132a3d550870852f8768f0ca9eeabc657ea8524e32a8

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    10KB

    MD5

    b833f15ca301985577fe6ae4abbdeef0

    SHA1

    1629b945f2e678b0ac20e776171fd2104e84b111

    SHA256

    78e33f2b39bf5dbff7ecd41c18036cc7340aad3943a0f08d3c6f5340f98c1536

    SHA512

    be7f7154ed72180cfdf30db5f4b84ff834af2008f656adc65466b760615261f1c2e15f0e3c3bf4021ba0ed4a8299a5ade47890c4e894082bee8f411a71a89206

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    11KB

    MD5

    2b37bfc6d680dd0759e4d039fbcee82a

    SHA1

    d870d50e1061618a541a2cc5062895751fd62905

    SHA256

    025b80a5d46023955124dcd08c1fa81e0447c4ea3e6c20638beba4c1c88ae679

    SHA512

    b9d3ab3ee7bb292a523c929db3617686219223ff04ab608162932fc4972233608617060059de9a28e27c4a0679994285f38bb1e7e8d3988ab57f5cb5f79ab6d8

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    12KB

    MD5

    17da1858132a1e6eaf99de7bc5634e5d

    SHA1

    9d7c9d0f2367b9ff1ba6cc385a4260d520723dbe

    SHA256

    b48d347e651c0173df88e0edc463ad6d8b63a03e59100a7680ec49c671e0915c

    SHA512

    03e40fde4f9ec53c038e4b6f07b47d60422ff408a233e9f456ea1b11e34d868b0f66105d485f56d69b117d1da76beedcb8d11603c979e8a7bd5466b9c7791b5b

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    13KB

    MD5

    064ae0691c6139289032fc4dbee3d12c

    SHA1

    36875da3a96de1ee6a1999768f6374e4619aad77

    SHA256

    5a23baf203d62f3ce0ce63402a96f4af2dc2bb529ee0e6e64437e0e88950d967

    SHA512

    0c992e66d682c8b13707487eb087abcc39a064304b7eec8fc342e0daa224703e8058c23957dadfa7e46f91c5707d71deb0f7472b7af027bcd0b6e0192fe5cafe

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    13KB

    MD5

    15454e9dec5512d6b7b2914f12a35ab1

    SHA1

    cbd00ded4c76acce31e00d57e9aae6dcb15ccba3

    SHA256

    e63174d61aee23cd3bb561a55ab0a40afbba133627f59bcb438c4258a31e0daa

    SHA512

    88d13eb9c805e9881265ad6ec2677ddc9bf780ac3300a276a4e309ceaa2b9819528fa7b444a68e46bf640692fc2fcf7030eb27bd570823616ac063381a03d747

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    14KB

    MD5

    3e037b6002935def0649fbea547b3962

    SHA1

    e26533e068aeee40b47fa5539ee32f6d5e8456e7

    SHA256

    e852672359874cece1c60c5bd2b95c98931d5dc1a2e69036b6af1ca0108da060

    SHA512

    6dd86bdc2d23b3df2d3e95ce233e179ca277238fec8ee306136931bae655253f2594497b9cdbae3b11052c33af04bde79f58a06068b3c68300680a536382e19d

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    15KB

    MD5

    fb448bdf3ee3e94e012c408f68ee83b8

    SHA1

    0b4fa73172390fdff9ede880fa5b300adb202ec4

    SHA256

    bb73f37e6b9067add901c669a4eb5db572a5c677fa846b75c34eceafd70c0ea1

    SHA512

    59f494c387cc48ae3715d1d3ea60181e8007c8c45271717c125c6b1998d4f0b206d3f1cf07c9010fa51fd8fc55386da905db6b4529575020fbad58f9bdd4495f

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    16KB

    MD5

    c295881591d96bcf46d98158335fbcdb

    SHA1

    38c9c2d8248f2abf6e3c5f45bacf31a3fd55d628

    SHA256

    a89f297649935fcdb83410ac26e8d76d9b8752440e2b6bf1d350f881361bd543

    SHA512

    75438af8cc4abb6974d96cba8f29478492799dde67adb26a5caf2f03c457369bc3fe268ba8d5550d7dc1a7c6541f5c9f06f062355b5be34cef5e447199cd9819

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    16KB

    MD5

    45809d729087e4579345b515cb2abe49

    SHA1

    87568186a1603e12169ba29c4fc77ea353f3c1ab

    SHA256

    4beb24246991f256852d4824e1b5021d7b18a33be1d9a9ca6c9d8675d3d12fc0

    SHA512

    caec42e4da9226f60beccea3b5eff591b4041589d98928bbee746b2bb91f240abead802ac2422aed4afbc753843b5ae24547eb269576072bbcc2a0597911a79f

    Download Submit

  • C:\ProgramData\PSNXDXWBG\PSYQMBOFIG.cfg
    Filesize

    185B

    MD5

    b8224e5293d4fad1927c751cc00c80e7

    SHA1

    270b8c752c7e93ec5485361fe6ef7b37f0b4513b

    SHA256

    c47da9be4fc4d757add73c49654c9179067af547d0cc758d6356e2955bbfcb61

    SHA512

    8fed9a509e46319529145fa2159251e43040d26080af84e44badaab1dd339c767ff75a2c473bc0abfb448b03beb96718ee34ba6bc150ed3085322878b55a22f2

    Download Submit

  • C:\ProgramData\a40fb\PS132.exe
    Filesize

    2.3MB

    MD5

    ba92222c0e5c25c531e322148d5ac011

    SHA1

    dd5b00d68c1fbc9fbf6acf42fb85210f9dc71c8c

    SHA256

    1d1732c1f40085db43ea9b1e377ca70c2b2572938982234d9a6c3240b538fee4

    SHA512

    c7886c000f614dd2fef9b45556bfaeaa851762684f780729beb50628a3107f1c3d1d73b6275f7d3ba11c5990786229ff6afc811f2277fb8ecf27178fa7ccf91f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\8456.mof
    Filesize

    338B

    MD5

    f1105ae1645a228e4054effbed8c2901

    SHA1

    5a7940e396bcbcb7e8f3275e880811c3b10d1edf

    SHA256

    7e46f4279ddc4d534d8825da38d1fd6f8d9cce2f13c4768d3f28a7fe2f0c3e2b

    SHA512

    0e4f1fbd1e1da4c518aa26268d002fa837e31fdd95070a4081b971c24a86c56b0a5b1cf5b420a05fdbc1d60f78a19abde2bff9f4c30c44cbaedc8439756f4ddf

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js
    Filesize

    11KB

    MD5

    ebf420298e187f79f4040277feaf9241

    SHA1

    2cda4fd027d4709bacfd671e3ea6cc7a23f8f481

    SHA256

    9dbeb5312c3493a5e12c89fa0ad3bfae17af88ebc2c25a92b709714ca55f597e

    SHA512

    91f0c1957ad91f242148dd0d8fbbc3551e1c868274c9f88fc4fcf77461ee5b9bc3cac817c6616c11e4dba1a40d282caad5d4ea9ceb3f05a0a5ba6218ca712b35

    Download Submit

  • C:\Windows\System32\drivers\etc\hosts
    Filesize

    1KB

    MD5

    008fba141529811128b8cd5f52300f6e

    SHA1

    1a350b35d82cb4bd7a924b6840c36a678105f793

    SHA256

    ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84

    SHA512

    80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc

    Download Submit

  • memory/1604-388-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-284-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-308-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-389-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-307-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-313-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-333-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-404-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-338-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-422-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-423-0x0000000002650000-0x0000000002651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1604-341-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-392-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-0-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-453-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-455-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-459-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-456-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-458-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-460-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-461-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-463-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-462-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-464-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-465-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-466-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-390-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-310-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-286-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-285-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-268-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-373-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-536-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-537-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-538-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-269-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-272-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-277-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-266-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-267-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-6-0x0000000002650000-0x0000000002651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1604-4-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-5-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-3-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-660-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-636-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-637-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-639-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-643-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-653-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-652-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-655-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-650-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-648-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-645-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-646-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-649-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-657-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-658-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1604-659-0x0000000013140000-0x000000001372E000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/3012-2-0x0000000000400000-0x0000000000657000-memory.dmp

    Filesize

    2.3MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.