Overview

overview

10

Static

static

3

d13e98daca...18.exe

windows7-x64

10

d13e98daca...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    66s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 06:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe

  • Size

    275KB

  • MD5

    d13e98dacaf32c0078692be104ae89ab

  • SHA1

    93f98d1995625c39d887180e585e50a1a90f8cd9

  • SHA256

    2bc14e7cf691d033e0f7411d146ffbb8a7ed13f193330097f4cffac509cf2047

  • SHA512

    508a6223b047d1d95ddb4c0e8e070c4d30a00c4d37b91e6f01b1b43d92c91b2768e34eef53f4fc117743f61f8383730b38d715008f341afd054fae1bf13a6030

  • SSDEEP

    6144:WG/jt2hYYHUFJNKxA6dOR7CjcA09ehuKd+OjmDO4O+10Ucw:WCQh8ToKXYDfNkOjmDO4Qxw

Score
10/10
ponycredential_accessdiscoveryevasionpersistenceratspywarestealerupx

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony
  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 14 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:4568
    • C:\Users\Admin\AppData\Local\Temp\d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\49A84\8CCA0.exe%C:\Users\Admin\AppData\Roaming\49A84
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2184
    • C:\Users\Admin\AppData\Local\Temp\d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe startC:\Program Files (x86)\84393\lvvm.exe%C:\Program Files (x86)\84393
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3628
    • C:\Program Files (x86)\LP\A034\683.tmp
      "C:\Program Files (x86)\LP\A034\683.tmp"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4832
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1420
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3516
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1592
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1680
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4584
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4216
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:4696
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4124
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3540
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:1520
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1168
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4404
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2940
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3484
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3500
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3668
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2512
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:1356
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3408
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4716
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:3444
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:852
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4772
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5012
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3664
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3548
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    PID:1204
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:4336
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4388
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:3260
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:1424
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:1508
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:2988
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:2312
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4616
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:3136
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3060
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3100
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:2404
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4792
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:2376
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:756
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:5060
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:3076
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:3564
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4768
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:4300
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2384
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:1804
                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                1⤵
                                                  PID:1620
                                                • C:\Windows\explorer.exe
                                                  explorer.exe
                                                  1⤵
                                                    PID:4396
                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                    1⤵
                                                      PID:3696
                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                      1⤵
                                                        PID:2552
                                                      • C:\Windows\explorer.exe
                                                        explorer.exe
                                                        1⤵
                                                          PID:2376
                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                          1⤵
                                                            PID:1608
                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                            1⤵
                                                              PID:2708
                                                            • C:\Windows\explorer.exe
                                                              explorer.exe
                                                              1⤵
                                                                PID:4284
                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                1⤵
                                                                  PID:4164
                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                  1⤵
                                                                    PID:1828
                                                                  • C:\Windows\explorer.exe
                                                                    explorer.exe
                                                                    1⤵
                                                                      PID:5100
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                      1⤵
                                                                        PID:1516
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                        1⤵
                                                                          PID:4944
                                                                        • C:\Windows\explorer.exe
                                                                          explorer.exe
                                                                          1⤵
                                                                            PID:4444
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                            1⤵
                                                                              PID:1988
                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                              1⤵
                                                                                PID:3944
                                                                              • C:\Windows\explorer.exe
                                                                                explorer.exe
                                                                                1⤵
                                                                                  PID:5012
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:4924
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:3448
                                                                                    • C:\Windows\explorer.exe
                                                                                      explorer.exe
                                                                                      1⤵
                                                                                        PID:2016

                                                                                      Network

                                                                                      • flag-us
                                                                                        DNS
                                                                                        58.55.71.13.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        58.55.71.13.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        75.159.190.20.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        75.159.190.20.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        172.210.232.199.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        172.210.232.199.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        95.221.229.192.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        95.221.229.192.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        evcs-ocsp.ws.symantec.com
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        evcs-ocsp.ws.symantec.com
                                                                                        IN A
                                                                                        Response
                                                                                        evcs-ocsp.ws.symantec.com
                                                                                        IN CNAME
                                                                                        mpki-ocsp.digicert.com
                                                                                        mpki-ocsp.digicert.com
                                                                                        IN CNAME
                                                                                        fp3011.wpc.2be4.phicdn.net
                                                                                        fp3011.wpc.2be4.phicdn.net
                                                                                        IN CNAME
                                                                                        fp3011.wpc.phicdn.net
                                                                                        fp3011.wpc.phicdn.net
                                                                                        IN A
                                                                                        152.199.19.74
                                                                                      • flag-de
                                                                                        GET
                                                                                        http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                        Remote address:
                                                                                        152.199.19.74:80
                                                                                        Request
                                                                                        GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept: */*
                                                                                        User-Agent: Microsoft-CryptoAPI/10.0
                                                                                        Host: evcs-ocsp.ws.symantec.com
                                                                                        Response
                                                                                        HTTP/1.1 200 OK
                                                                                        Accept-Ranges: bytes
                                                                                        Age: 5603
                                                                                        Cache-Control: public, max-age=300
                                                                                        Content-Type: application/ocsp-response
                                                                                        Date: Sat, 07 Sep 2024 06:06:37 GMT
                                                                                        Last-Modified: Sat, 07 Sep 2024 04:33:15 GMT
                                                                                        Server: ECAcc (lhc/7916)
                                                                                        X-Cache: HIT
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        Content-Length: 5
                                                                                      • flag-de
                                                                                        GET
                                                                                        http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                        Remote address:
                                                                                        152.199.19.74:80
                                                                                        Request
                                                                                        GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D HTTP/1.1
                                                                                        Cache-Control: no-cache
                                                                                        Connection: Keep-Alive
                                                                                        Pragma: no-cache
                                                                                        Accept: */*
                                                                                        User-Agent: Microsoft-CryptoAPI/10.0
                                                                                        Host: evcs-ocsp.ws.symantec.com
                                                                                        Response
                                                                                        HTTP/1.1 200 OK
                                                                                        Accept-Ranges: bytes
                                                                                        Age: 5603
                                                                                        Cache-Control: public, max-age=300
                                                                                        Content-Type: application/ocsp-response
                                                                                        Date: Sat, 07 Sep 2024 06:06:37 GMT
                                                                                        Last-Modified: Sat, 07 Sep 2024 04:33:15 GMT
                                                                                        Server: ECAcc (lhc/7916)
                                                                                        X-Cache: HIT
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        Content-Length: 5
                                                                                      • flag-us
                                                                                        DNS
                                                                                        evcs-crl.ws.symantec.com
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        evcs-crl.ws.symantec.com
                                                                                        IN A
                                                                                        Response
                                                                                        evcs-crl.ws.symantec.com
                                                                                        IN CNAME
                                                                                        crl-symcprod.digicert.com
                                                                                        crl-symcprod.digicert.com
                                                                                        IN CNAME
                                                                                        crl.edge.digicert.com
                                                                                        crl.edge.digicert.com
                                                                                        IN CNAME
                                                                                        fp2e7a.wpc.2be4.phicdn.net
                                                                                        fp2e7a.wpc.2be4.phicdn.net
                                                                                        IN CNAME
                                                                                        fp2e7a.wpc.phicdn.net
                                                                                        fp2e7a.wpc.phicdn.net
                                                                                        IN A
                                                                                        192.229.221.95
                                                                                      • flag-se
                                                                                        GET
                                                                                        http://evcs-crl.ws.symantec.com/evcs.crl
                                                                                        Remote address:
                                                                                        192.229.221.95:80
                                                                                        Request
                                                                                        GET /evcs.crl HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Accept: */*
                                                                                        User-Agent: Microsoft-CryptoAPI/10.0
                                                                                        Host: evcs-crl.ws.symantec.com
                                                                                        Response
                                                                                        HTTP/1.1 200 OK
                                                                                        Accept-Ranges: bytes
                                                                                        Age: 5580
                                                                                        Cache-Control: public, max-age=3600
                                                                                        Content-Type: application/pkix-crl
                                                                                        Date: Sat, 07 Sep 2024 06:06:37 GMT
                                                                                        Last-Modified: Sat, 07 Sep 2024 04:33:37 GMT
                                                                                        Server: ECAcc (lhd/35B2)
                                                                                        X-Cache: HIT
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        Content-Length: 2069
                                                                                      • flag-us
                                                                                        DNS
                                                                                        74.19.199.152.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        74.19.199.152.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        634imtxk.datastoreplus.com
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        634imtxk.datastoreplus.com
                                                                                        IN A
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        freedownload3.com
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        freedownload3.com
                                                                                        IN A
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        149.220.183.52.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        149.220.183.52.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        t2u46dp9z.onlineblogplus.com
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        t2u46dp9z.onlineblogplus.com
                                                                                        IN A
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        ljw7u.datastoreplus.com
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        ljw7u.datastoreplus.com
                                                                                        IN A
                                                                                        Response
                                                                                      • flag-se
                                                                                        GET
                                                                                        http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        Remote address:
                                                                                        192.229.221.95:80
                                                                                        Request
                                                                                        GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D HTTP/1.1
                                                                                        Connection: close
                                                                                        Accept: */*
                                                                                        User-Agent: Microsoft-CryptoAPI/10.0
                                                                                        Host: ocsp.digicert.com
                                                                                        Response
                                                                                        HTTP/1.1 200 OK
                                                                                        Accept-Ranges: bytes
                                                                                        Age: 2807
                                                                                        Cache-Control: max-age=7200
                                                                                        Content-Type: application/ocsp-response
                                                                                        Date: Sat, 07 Sep 2024 06:06:56 GMT
                                                                                        Last-Modified: Sat, 07 Sep 2024 05:20:09 GMT
                                                                                        Server: ECAcc (lhd/35FB)
                                                                                        X-Cache: HIT
                                                                                        Content-Length: 471
                                                                                        Connection: close
                                                                                      • flag-us
                                                                                        DNS
                                                                                        9q4-cv.randomasystems.com
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        9q4-cv.randomasystems.com
                                                                                        IN A
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        183.59.114.20.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        183.59.114.20.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        198.187.3.20.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        198.187.3.20.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        217.135.221.88.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        217.135.221.88.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                        217.135.221.88.in-addr.arpa
                                                                                        IN PTR
                                                                                        a88-221-135-217deploystaticakamaitechnologiescom
                                                                                      • flag-us
                                                                                        DNS
                                                                                        TRANSERSDATAFORME.COM
                                                                                        683.tmp
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        TRANSERSDATAFORME.COM
                                                                                        IN A
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        240.221.184.93.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        240.221.184.93.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                      • flag-us
                                                                                        DNS
                                                                                        www.google.com
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        www.google.com
                                                                                        IN A
                                                                                        Response
                                                                                        www.google.com
                                                                                        IN A
                                                                                        142.250.27.106
                                                                                        www.google.com
                                                                                        IN A
                                                                                        142.250.27.147
                                                                                        www.google.com
                                                                                        IN A
                                                                                        142.250.27.105
                                                                                        www.google.com
                                                                                        IN A
                                                                                        142.250.27.99
                                                                                        www.google.com
                                                                                        IN A
                                                                                        142.250.27.104
                                                                                        www.google.com
                                                                                        IN A
                                                                                        142.250.27.103
                                                                                      • flag-nl
                                                                                        GET
                                                                                        http://www.google.com/
                                                                                        Remote address:
                                                                                        142.250.27.106:80
                                                                                        Request
                                                                                        GET / HTTP/1.0
                                                                                        Connection: close
                                                                                        Host: www.google.com
                                                                                        Accept: */*
                                                                                        Response
                                                                                        HTTP/1.0 302 Found
                                                                                        Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGKrb77YGIjDnr9-sjnl7W86xsoaLSNP_mhVA214yBvamKI8cIVwvBFq4WHNCQHLwlhkmS4mizKAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                        x-hallmonitor-challenge: CgwIqtvvtgYQ47nguAISBMJuDUY
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-ccYbMqhHmzwL6ncqaNZm5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                        Date: Sat, 07 Sep 2024 06:07:38 GMT
                                                                                        Server: gws
                                                                                        Content-Length: 396
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Set-Cookie: AEC=AVYB7cobaGFFKV6LSjrAlDYcrNNVYgh1G_rEyMClObH77cgu_VHf69COyKU; expires=Thu, 06-Mar-2025 06:07:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                      • flag-nl
                                                                                        GET
                                                                                        http://www.google.com/
                                                                                        Remote address:
                                                                                        142.250.27.106:80
                                                                                        Request
                                                                                        GET / HTTP/1.1
                                                                                        Connection: close
                                                                                        Pragma: no-cache
                                                                                        Host: www.google.com
                                                                                        Response
                                                                                        HTTP/1.1 302 Found
                                                                                        Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGKrb77YGIjDnr9-sjnl7W86xsoaLSNP_mhVA214yBvamKI8cIVwvBFq4WHNCQHLwlhkmS4mizKAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                        x-hallmonitor-challenge: CgwIq9vvtgYQg5verwESBMJuDUY
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-h5YIWN-5u8LbkMRD9LPtTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                        Date: Sat, 07 Sep 2024 06:07:39 GMT
                                                                                        Server: gws
                                                                                        Content-Length: 396
                                                                                        X-XSS-Protection: 0
                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                        Set-Cookie: AEC=AVYB7cq6G4reH2XEoIop3sOZ9xA0QcRd5HBZ95XU22GlxA43TnoX5YxCOVs; expires=Thu, 06-Mar-2025 06:07:39 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                        Connection: close
                                                                                      • flag-us
                                                                                        DNS
                                                                                        106.27.250.142.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        106.27.250.142.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                        106.27.250.142.in-addr.arpa
                                                                                        IN PTR
                                                                                        ra-in-f1061e100net
                                                                                      • flag-nl
                                                                                        GET
                                                                                        http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGKrb77YGIjDnr9-sjnl7W86xsoaLSNP_mhVA214yBvamKI8cIVwvBFq4WHNCQHLwlhkmS4mizKAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                        Remote address:
                                                                                        142.250.27.106:80
                                                                                        Request
                                                                                        GET /sorry/index?continue=http://www.google.com/&q=EgTCbg1GGKrb77YGIjDnr9-sjnl7W86xsoaLSNP_mhVA214yBvamKI8cIVwvBFq4WHNCQHLwlhkmS4mizKAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                        Connection: close
                                                                                        Pragma: no-cache
                                                                                        Host: www.google.com
                                                                                        Response
                                                                                        HTTP/1.1 429 Too Many Requests
                                                                                        Date: Sat, 07 Sep 2024 06:07:39 GMT
                                                                                        Pragma: no-cache
                                                                                        Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                        Content-Type: text/html
                                                                                        Server: HTTP server (unknown)
                                                                                        Content-Length: 3052
                                                                                        X-XSS-Protection: 0
                                                                                        Connection: close
                                                                                      • flag-us
                                                                                        DNS
                                                                                        13.227.111.52.in-addr.arpa
                                                                                        Remote address:
                                                                                        8.8.8.8:53
                                                                                        Request
                                                                                        13.227.111.52.in-addr.arpa
                                                                                        IN PTR
                                                                                        Response
                                                                                      • 152.199.19.74:80
                                                                                        http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                        http
                                                                                        843 B
                                                                                         954 B
                                                                                         7
                                                                                        5

                                                                                        HTTP Request

                                                                                        GET http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D

                                                                                        HTTP Response

                                                                                        200

                                                                                        HTTP Request

                                                                                        GET http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D

                                                                                        HTTP Response

                                                                                        200
                                                                                      • 192.229.221.95:80
                                                                                        http://evcs-crl.ws.symantec.com/evcs.crl
                                                                                        http
                                                                                        409 B
                                                                                         2.6kB
                                                                                         6
                                                                                        5

                                                                                        HTTP Request

                                                                                        GET http://evcs-crl.ws.symantec.com/evcs.crl

                                                                                        HTTP Response

                                                                                        200
                                                                                      • 192.229.221.95:80
                                                                                        http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
                                                                                        http
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        469 B
                                                                                         968 B
                                                                                         5
                                                                                        5

                                                                                        HTTP Request

                                                                                        GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D

                                                                                        HTTP Response

                                                                                        200
                                                                                      • 127.0.0.1:51273
                                                                                        explorer.exe
                                                                                      • 127.0.0.1:51273
                                                                                      • 142.250.27.106:80
                                                                                        http://www.google.com/
                                                                                        http
                                                                                        302 B
                                                                                         1.5kB
                                                                                         5
                                                                                        5

                                                                                        HTTP Request

                                                                                        GET http://www.google.com/

                                                                                        HTTP Response

                                                                                        302
                                                                                      • 142.250.27.106:80
                                                                                        http://www.google.com/
                                                                                        http
                                                                                        307 B
                                                                                         1.5kB
                                                                                         5
                                                                                        5

                                                                                        HTTP Request

                                                                                        GET http://www.google.com/

                                                                                        HTTP Response

                                                                                        302
                                                                                      • 142.250.27.106:80
                                                                                        http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGKrb77YGIjDnr9-sjnl7W86xsoaLSNP_mhVA214yBvamKI8cIVwvBFq4WHNCQHLwlhkmS4mizKAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                        http
                                                                                        526 B
                                                                                         3.6kB
                                                                                         6
                                                                                        7

                                                                                        HTTP Request

                                                                                        GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgTCbg1GGKrb77YGIjDnr9-sjnl7W86xsoaLSNP_mhVA214yBvamKI8cIVwvBFq4WHNCQHLwlhkmS4mizKAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

                                                                                        HTTP Response

                                                                                        429
                                                                                      • 52.111.227.11:443
                                                                                        322 B
                                                                                         7
                                                                                      • 127.0.0.1:51273
                                                                                      • 127.0.0.1:51273
                                                                                      • 8.8.8.8:53
                                                                                        58.55.71.13.in-addr.arpa
                                                                                        dns
                                                                                        70 B
                                                                                         144 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        58.55.71.13.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        75.159.190.20.in-addr.arpa
                                                                                        dns
                                                                                        72 B
                                                                                         158 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        75.159.190.20.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        172.210.232.199.in-addr.arpa
                                                                                        dns
                                                                                        74 B
                                                                                         128 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        172.210.232.199.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        95.221.229.192.in-addr.arpa
                                                                                        dns
                                                                                        73 B
                                                                                         144 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        95.221.229.192.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        evcs-ocsp.ws.symantec.com
                                                                                        dns
                                                                                        71 B
                                                                                         185 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        evcs-ocsp.ws.symantec.com

                                                                                        DNS Response

                                                                                        152.199.19.74

                                                                                      • 8.8.8.8:53
                                                                                        evcs-crl.ws.symantec.com
                                                                                        dns
                                                                                        70 B
                                                                                         210 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        evcs-crl.ws.symantec.com

                                                                                        DNS Response

                                                                                        192.229.221.95

                                                                                      • 8.8.8.8:53
                                                                                        74.19.199.152.in-addr.arpa
                                                                                        dns
                                                                                        72 B
                                                                                         143 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        74.19.199.152.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        634imtxk.datastoreplus.com
                                                                                        dns
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        72 B
                                                                                         145 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        634imtxk.datastoreplus.com

                                                                                      • 8.8.8.8:53
                                                                                        freedownload3.com
                                                                                        dns
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        63 B
                                                                                         136 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        freedownload3.com

                                                                                      • 224.0.0.251:5353
                                                                                        224 B
                                                                                         4
                                                                                      • 8.8.8.8:53
                                                                                        149.220.183.52.in-addr.arpa
                                                                                        dns
                                                                                        73 B
                                                                                         147 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        149.220.183.52.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        t2u46dp9z.onlineblogplus.com
                                                                                        dns
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        74 B
                                                                                         147 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        t2u46dp9z.onlineblogplus.com

                                                                                      • 8.8.8.8:53
                                                                                        ljw7u.datastoreplus.com
                                                                                        dns
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        69 B
                                                                                         142 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        ljw7u.datastoreplus.com

                                                                                      • 8.8.8.8:53
                                                                                        9q4-cv.randomasystems.com
                                                                                        dns
                                                                                        d13e98dacaf32c0078692be104ae89ab_JaffaCakes118.exe
                                                                                        71 B
                                                                                         144 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        9q4-cv.randomasystems.com

                                                                                      • 8.8.8.8:53
                                                                                        183.59.114.20.in-addr.arpa
                                                                                        dns
                                                                                        72 B
                                                                                         158 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        183.59.114.20.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        198.187.3.20.in-addr.arpa
                                                                                        dns
                                                                                        71 B
                                                                                         157 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        198.187.3.20.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        217.135.221.88.in-addr.arpa
                                                                                        dns
                                                                                        73 B
                                                                                         139 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        217.135.221.88.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        TRANSERSDATAFORME.COM
                                                                                        dns
                                                                                        683.tmp
                                                                                        67 B
                                                                                         140 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        TRANSERSDATAFORME.COM

                                                                                      • 8.8.8.8:53
                                                                                        240.221.184.93.in-addr.arpa
                                                                                        dns
                                                                                        73 B
                                                                                         144 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        240.221.184.93.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        www.google.com
                                                                                        dns
                                                                                        60 B
                                                                                         156 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        www.google.com

                                                                                        DNS Response

                                                                                        142.250.27.106
                                                                                        142.250.27.147
                                                                                        142.250.27.105
                                                                                        142.250.27.99
                                                                                        142.250.27.104
                                                                                        142.250.27.103

                                                                                      • 8.8.8.8:53
                                                                                        106.27.250.142.in-addr.arpa
                                                                                        dns
                                                                                        73 B
                                                                                         107 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        106.27.250.142.in-addr.arpa

                                                                                      • 8.8.8.8:53
                                                                                        13.227.111.52.in-addr.arpa
                                                                                        dns
                                                                                        72 B
                                                                                         158 B
                                                                                         1
                                                                                        1

                                                                                        DNS Request

                                                                                        13.227.111.52.in-addr.arpa

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Reconnaissance

                                                                                      Resource Development

                                                                                      Initial Access

                                                                                      Execution

                                                                                      Persistence

                                                                                      Boot or Logon Autostart Execution

                                                                                      2
                                                                                      T1547

                                                                                      Active Setup

                                                                                      1
                                                                                      T1547.014

                                                                                      Registry Run Keys / Startup Folder

                                                                                      1
                                                                                      T1547.001

                                                                                      Create or Modify System Process

                                                                                      1
                                                                                      T1543

                                                                                      Windows Service

                                                                                      1
                                                                                      T1543.003

                                                                                      Privilege Escalation

                                                                                      Boot or Logon Autostart Execution

                                                                                      2
                                                                                      T1547

                                                                                      Active Setup

                                                                                      1
                                                                                      T1547.014

                                                                                      Registry Run Keys / Startup Folder

                                                                                      1
                                                                                      T1547.001

                                                                                      Create or Modify System Process

                                                                                      1
                                                                                      T1543

                                                                                      Windows Service

                                                                                      1
                                                                                      T1543.003

                                                                                      Defense Evasion

                                                                                      Modify Registry

                                                                                      5
                                                                                      T1112

                                                                                      Credential Access

                                                                                      Credentials from Password Stores

                                                                                      1
                                                                                      T1555

                                                                                      Credentials from Web Browsers

                                                                                      1
                                                                                      T1555.003

                                                                                      Unsecured Credentials

                                                                                      3
                                                                                      T1552

                                                                                      Credentials In Files

                                                                                      3
                                                                                      T1552.001

                                                                                      Discovery

                                                                                      Peripheral Device Discovery

                                                                                      2
                                                                                      T1120

                                                                                      Query Registry

                                                                                      4
                                                                                      T1012

                                                                                      System Information Discovery

                                                                                      2
                                                                                      T1082

                                                                                      System Location Discovery

                                                                                      1
                                                                                      T1614

                                                                                      System Language Discovery

                                                                                      1
                                                                                      T1614.001

                                                                                      Lateral Movement

                                                                                      Collection

                                                                                      Data from Local System

                                                                                      2
                                                                                      T1005

                                                                                      Command and Control

                                                                                      Exfiltration

                                                                                      Impact

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Program Files (x86)\LP\A034\683.tmp
                                                                                        Filesize

                                                                                        97KB

                                                                                        MD5

                                                                                        35ada42115983644d2693f236ad65c57

                                                                                        SHA1

                                                                                        c732b06d0db7c9e18c79c8af9ceb75120988f7f8

                                                                                        SHA256

                                                                                        73f21aa459b1f32253cd7a29ddb141108c7948ab398597ed63593dd74cd5f011

                                                                                        SHA512

                                                                                        f5a0456d2ae3474780da2ff603d909bb800fd8b8d6188a1381c5b2f04a58da603cef762c7f30813e66a295ecd3bdbd8522ad8e7afceb8ff93449e319cd0955e0

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                        Filesize

                                                                                        471B

                                                                                        MD5

                                                                                        327dc8820fa46e204c74919c391f9328

                                                                                        SHA1

                                                                                        068ff2fe0bdace73badaf4569acfa081c66a0698

                                                                                        SHA256

                                                                                        44122c07d1232b70dc89700aa4d16ddf109c65180c1e003903c7146115fa050e

                                                                                        SHA512

                                                                                        83e039f3861cebba587b25d1ef2e48bd8d51202706b7a926621c1e973a4bac8801f4af323301130231c4d2b7e678bfeac1d1ccf131d0e2bd27b014cc0ddd2214

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9
                                                                                        Filesize

                                                                                        420B

                                                                                        MD5

                                                                                        a045a6473b40372f61079d039fd14ea3

                                                                                        SHA1

                                                                                        0d2264f7c20d02471d4fc30fcca99f62674f3eb3

                                                                                        SHA256

                                                                                        050f10dc0a92e9a35c92afafbc362bdd1c931532d464efed7cfc7666bf53e814

                                                                                        SHA512

                                                                                        a8d4a8e8036862af9342f81290de31bb4a1a900c8c97525f46b2dd59f2d8f1321fe6eea73f4a8b9f5c5f26ce48b876d0c927168eb19bd22086161fe414a2bc9e

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        c4dfc20c14e653821bd0e24ae74aa1c1

                                                                                        SHA1

                                                                                        3ff840c35f791240ad0fdde89105316a4b935a32

                                                                                        SHA256

                                                                                        99ba4f10497fbba8e61ca630931b9f11ed1498ed58c2e02dfc21b1f94db0d805

                                                                                        SHA512

                                                                                        1f7c74f0ecd7d1ad35abe2092452417f44aaaab7d866e05f30bcd7f152a77755c3122395dcbe2fe3d07af795749e59e5d90ddfdd2aa5cf690d4780a56ed685d0

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133701629308521077.txt
                                                                                        Filesize

                                                                                        75KB

                                                                                        MD5

                                                                                        86f5703d924e20f9e8430cada8db9909

                                                                                        SHA1

                                                                                        8bfd87d28a4327f752e2d99d4d5f8beb5b7d29f8

                                                                                        SHA256

                                                                                        b60ae2b44392d0c55a139ffaab6e01055d3189a4eabb93379e206f9a02f8e8e0

                                                                                        SHA512

                                                                                        6a2249489986dd77b757eb24dafdffcfab2dc51cbee6deda9adbc9b4d7ff1d02e1d358430323213bf85296b34a530ce59e59afbecbae21ed3bb92edde8f1c384

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\BL9O2ALU\microsoft.windows[1].xml
                                                                                        Filesize

                                                                                        96B

                                                                                        MD5

                                                                                        71e0980a20933bf598e12d709b1f1a5d

                                                                                        SHA1

                                                                                        3d6f67f9eff69f233b551cf8f07fa6800974dc5a

                                                                                        SHA256

                                                                                        4266cb485dd87059ba81a2bc515a3ef64d051827c11a9ef5a4307d665965142e

                                                                                        SHA512

                                                                                        051df6f8285a96da086e45a2a09fe9552c1577ccf1e6529975eb94c27578e95bb3701fde098721ed309db7de67cb837063d4a052d16613b554b5e51574b243ca

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\49A84\4393.9A8
                                                                                        Filesize

                                                                                        300B

                                                                                        MD5

                                                                                        c61b359e23eb217688719b9c3d85e3db

                                                                                        SHA1

                                                                                        42632cd7981a4e0ded6261dfbd032de373161818

                                                                                        SHA256

                                                                                        2b3f039ce095bac94ae285400a4cca0c98dbca11cfb5abd6db0bbf72d7bbc278

                                                                                        SHA512

                                                                                        20e63bec2f2917de0f21589a573f69b14d65a702c76cb12209eb37df6a1c66369521dfa8cbf9eeb56bbaba60812323b74bfb21b3ffca6a31475a54603c40b8da

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\49A84\4393.9A8
                                                                                        Filesize

                                                                                        996B

                                                                                        MD5

                                                                                        c1c5df66a8ed2b969bc91de9ba79621e

                                                                                        SHA1

                                                                                        9470d525f6d9e9386a35187deddc67469147c76b

                                                                                        SHA256

                                                                                        ff8a72ea0902cb0e8dc9ba012d11619b0ff28e136d5eabafcf6bfef7d5144a19

                                                                                        SHA512

                                                                                        dea2d725bc5b6a3a823e5b8b3d68dee1817dc145c7273a621c08d872d18729be0d9fc8a3ce8cc90d36ff4f2c6e76e4ae506d62bf34a82d9af425cbe0374904ac

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\49A84\4393.9A8
                                                                                        Filesize

                                                                                        600B

                                                                                        MD5

                                                                                        8b57396980f0817cca3e6644f17dad82

                                                                                        SHA1

                                                                                        850c8b95e73bf5611ba5d87a17b2c0ac7a56f925

                                                                                        SHA256

                                                                                        4a0f0276f1b954574d4534d77b4f916830af5b8af6a04d4701ad00c3dc23e455

                                                                                        SHA512

                                                                                        a8457f42ead6553864a5675a2a9c2eb489512cc710720ffb2fea342350ee5a1c82ebb5748ed8b404664b49b58aa6e9dddaa3369965ca429506ba625f9b516664

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\49A84\4393.9A8
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        262a3a119b1e32bdc7c16d18b6063775

                                                                                        SHA1

                                                                                        e90119e9226b336a10b47d187c25a98f8df0a920

                                                                                        SHA256

                                                                                        c13429a71490860c25204f9293f126dddf3957a1f411db0860c82659b4bf628f

                                                                                        SHA512

                                                                                        9608d917d44bee6cdeafb007eaa248e06752d78e90325adeb8637cf878b61dd47a76e062e77c792efc5a3566df65b0e3a7cf537c5b7f45ba8701831ac51f192f

                                                                                        Download Submit

                                                                                      • memory/1204-1334-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                        Download

                                                                                      • memory/1356-895-0x0000000004B00000-0x0000000004B01000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                        Download

                                                                                      • memory/1520-590-0x00000000044D0000-0x00000000044D1000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                        Download

                                                                                      • memory/1680-283-0x0000000004090000-0x0000000004091000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                        Download

                                                                                      • memory/2184-16-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                        Filesize

                                                                                        424KB

                                                                                        Download

                                                                                      • memory/2184-17-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                        Filesize

                                                                                        424KB

                                                                                        Download

                                                                                      • memory/2512-748-0x000001D6A5740000-0x000001D6A5840000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/2512-751-0x000001D6A6690000-0x000001D6A66B0000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/2512-763-0x000001D6A6650000-0x000001D6A6670000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/2512-774-0x000001D6A6C60000-0x000001D6A6C80000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/2512-747-0x000001D6A5740000-0x000001D6A5840000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/2512-746-0x000001D6A5740000-0x000001D6A5840000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/3444-1037-0x0000000004700000-0x0000000004701000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                        Download

                                                                                      • memory/3500-744-0x0000000004C90000-0x0000000004C91000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                        Download

                                                                                      • memory/3540-452-0x0000015BE9900000-0x0000015BE9A00000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/3540-451-0x0000015BE9900000-0x0000015BE9A00000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/3540-482-0x0000015BEAE30000-0x0000015BEAE50000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/3540-455-0x0000015BEAA60000-0x0000015BEAA80000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/3540-469-0x0000015BEAA20000-0x0000015BEAA40000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/3540-450-0x0000015BE9900000-0x0000015BE9A00000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/3548-1197-0x00000197A1530000-0x00000197A1550000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/3548-1224-0x00000197A1B00000-0x00000197A1B20000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/3548-1192-0x00000197A0600000-0x00000197A0700000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/3548-1194-0x00000197A0600000-0x00000197A0700000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/3548-1210-0x00000197A14F0000-0x00000197A1510000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/3628-128-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                        Filesize

                                                                                        424KB

                                                                                        Download

                                                                                      • memory/4216-320-0x0000027A4F940000-0x0000027A4F960000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4216-303-0x0000027A4F320000-0x0000027A4F340000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4216-289-0x0000027A4F360000-0x0000027A4F380000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4216-284-0x0000027A4E400000-0x0000027A4E500000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/4388-1336-0x000001EC7A390000-0x000001EC7A490000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/4388-1337-0x000001EC7A390000-0x000001EC7A490000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/4404-597-0x000001BDB6140000-0x000001BDB6160000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4404-608-0x000001BDB6100000-0x000001BDB6120000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4404-629-0x000001BDB6500000-0x000001BDB6520000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4404-592-0x000001BDB5000000-0x000001BDB5100000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/4568-0-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                        Filesize

                                                                                        424KB

                                                                                        Download

                                                                                      • memory/4568-2-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                        Filesize

                                                                                        412KB

                                                                                        Download

                                                                                      • memory/4568-3-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                        Filesize

                                                                                        424KB

                                                                                        Download

                                                                                      • memory/4568-13-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                        Filesize

                                                                                        424KB

                                                                                        Download

                                                                                      • memory/4568-710-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                        Filesize

                                                                                        424KB

                                                                                        Download

                                                                                      • memory/4568-15-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                        Filesize

                                                                                        412KB

                                                                                        Download

                                                                                      • memory/4568-126-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                        Filesize

                                                                                        424KB

                                                                                        Download

                                                                                      • memory/4696-448-0x0000000004A50000-0x0000000004A51000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                        Download

                                                                                      • memory/4716-925-0x000002049F4E0000-0x000002049F500000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4716-902-0x000002049EF00000-0x000002049EF20000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4716-911-0x000002049EBC0000-0x000002049EBE0000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4716-897-0x000002049E000000-0x000002049E100000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/4716-898-0x000002049E000000-0x000002049E100000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/4772-1076-0x0000012513040000-0x0000012513060000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4772-1054-0x0000012512C30000-0x0000012512C50000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4772-1039-0x0000011D10B20000-0x0000011D10C20000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/4772-1044-0x0000012512C70000-0x0000012512C90000-memory.dmp

                                                                                        Filesize

                                                                                        128KB

                                                                                        Download

                                                                                      • memory/4772-1040-0x0000011D10B20000-0x0000011D10C20000-memory.dmp

                                                                                        Filesize

                                                                                        1024KB

                                                                                        Download

                                                                                      • memory/4832-591-0x0000000000400000-0x000000000041B000-memory.dmp

                                                                                        Filesize

                                                                                        108KB

                                                                                        Download

                                                                                      • memory/5012-1191-0x00000000022F0000-0x00000000022F1000-memory.dmp

                                                                                        Filesize

                                                                                        4KB

                                                                                        Download

                                                                                      We care about your privacy.

                                                                                      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.