Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    75s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2024, 11:24 UTC

General

  • Target

    e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe

  • Size

    273KB

  • MD5

    e13f1b7f45d99e88c2be459c7caffd91

  • SHA1

    c7341562529930ab22843a773a39c2fde0eeba30

  • SHA256

    b67c52a3d00ddde108f4366b640afd4481ec46fc677696521040311d383448e0

  • SHA512

    b38da9d9a6d1efdf7a2ddace409d53010424bd5ea55371cf7bd50a52bde61fac7fc06dd0b3076c98e6e8d841c0345a2d1a83abfff926a2da98f303bfa56c0aff

  • SSDEEP

    6144:P5ZRjqjwX9bDjclGvXL5G6e/KbhofVehvcq00e:vRO8X9PFvXNx6KuV0v1

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

  • Cycbot family
  • Detects Cycbot payload 7 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Modifies security service 2 TTPs 1 IoCs
  • Pony family
  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 10 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Disables taskbar notifications via registry modification
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 20 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • System policy modification 1 TTPs 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe"
    1⤵
    • Modifies security service
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2508
    • C:\Users\Admin\AppData\Local\Temp\e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe startC:\Users\Admin\AppData\Roaming\F607A\B3ED3.exe%C:\Users\Admin\AppData\Roaming\F607A
      2⤵
        PID:4140
      • C:\Users\Admin\AppData\Local\Temp\e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
        C:\Users\Admin\AppData\Local\Temp\e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe startC:\Program Files (x86)\7A1AF\lvvm.exe%C:\Program Files (x86)\7A1AF
        2⤵
          PID:3576
        • C:\Program Files (x86)\LP\D3AF\1B72.tmp
          "C:\Program Files (x86)\LP\D3AF\1B72.tmp"
          2⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2236
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3092
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4492
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:1964
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1420
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4472
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:852
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SendNotifyMessage
        PID:3592
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3724
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2516
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of SendNotifyMessage
        PID:4944
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:5092
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4628
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:3412
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:3876
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1040
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        PID:1504
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4380
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1636
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:3796
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4492
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3000
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        PID:4292
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4120
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4272
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:4128
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:2032
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3788
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        PID:1092
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Suspicious use of SetWindowsHookEx
        PID:4288
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:2328
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:100
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:1772
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:448
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:4060
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:2516
                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                    1⤵
                      PID:4864
                    • C:\Windows\explorer.exe
                      explorer.exe
                      1⤵
                        PID:4304
                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                        1⤵
                          PID:1500
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:2896
                          • C:\Windows\explorer.exe
                            explorer.exe
                            1⤵
                              PID:3288
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:3876
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:2576
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:880
                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                    1⤵
                                      PID:528
                                    • C:\Windows\explorer.exe
                                      explorer.exe
                                      1⤵
                                        PID:1088
                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                        1⤵
                                          PID:4436
                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                          1⤵
                                            PID:3204
                                          • C:\Windows\explorer.exe
                                            explorer.exe
                                            1⤵
                                              PID:2848
                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                              1⤵
                                                PID:4548
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:1676
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:1636
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:4236
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:1860
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:4184
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:5032
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:4236
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:1092
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:4260
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:4932
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:2628
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:4544
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:4100
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:1932
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:1696
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:4796
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:4288
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:1488
                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                    1⤵
                                                                                      PID:2428
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                      1⤵
                                                                                        PID:2960
                                                                                      • C:\Windows\explorer.exe
                                                                                        explorer.exe
                                                                                        1⤵
                                                                                          PID:4288
                                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                          1⤵
                                                                                            PID:3132
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                            1⤵
                                                                                              PID:3652

                                                                                            Network

                                                                                            • flag-us
                                                                                              DNS
                                                                                              154.239.44.20.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              154.239.44.20.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              67.31.126.40.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              67.31.126.40.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              95.221.229.192.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              95.221.229.192.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              evcs-ocsp.ws.symantec.com
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              evcs-ocsp.ws.symantec.com
                                                                                              IN A
                                                                                              Response
                                                                                              evcs-ocsp.ws.symantec.com
                                                                                              IN CNAME
                                                                                              mpki-ocsp.digicert.com
                                                                                              mpki-ocsp.digicert.com
                                                                                              IN CNAME
                                                                                              fp3011.wpc.2be4.phicdn.net
                                                                                              fp3011.wpc.2be4.phicdn.net
                                                                                              IN CNAME
                                                                                              fp3011.wpc.phicdn.net
                                                                                              fp3011.wpc.phicdn.net
                                                                                              IN A
                                                                                              152.199.19.74
                                                                                            • flag-de
                                                                                              GET
                                                                                              http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                              Remote address:
                                                                                              152.199.19.74:80
                                                                                              Request
                                                                                              GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D HTTP/1.1
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              User-Agent: Microsoft-CryptoAPI/10.0
                                                                                              Host: evcs-ocsp.ws.symantec.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 620
                                                                                              Cache-Control: public, max-age=300
                                                                                              Content-Type: application/ocsp-response
                                                                                              Date: Wed, 11 Dec 2024 11:24:40 GMT
                                                                                              Last-Modified: Wed, 11 Dec 2024 11:14:20 GMT
                                                                                              Server: ECAcc (lhc/7916)
                                                                                              X-Cache: HIT
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Content-Length: 5
                                                                                            • flag-de
                                                                                              GET
                                                                                              http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                              Remote address:
                                                                                              152.199.19.74:80
                                                                                              Request
                                                                                              GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D HTTP/1.1
                                                                                              Cache-Control: no-cache
                                                                                              Connection: Keep-Alive
                                                                                              Pragma: no-cache
                                                                                              Accept: */*
                                                                                              User-Agent: Microsoft-CryptoAPI/10.0
                                                                                              Host: evcs-ocsp.ws.symantec.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 620
                                                                                              Cache-Control: public, max-age=300
                                                                                              Content-Type: application/ocsp-response
                                                                                              Date: Wed, 11 Dec 2024 11:24:40 GMT
                                                                                              Last-Modified: Wed, 11 Dec 2024 11:14:20 GMT
                                                                                              Server: ECAcc (lhc/7916)
                                                                                              X-Cache: HIT
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Content-Length: 5
                                                                                            • flag-us
                                                                                              DNS
                                                                                              evcs-crl.ws.symantec.com
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              evcs-crl.ws.symantec.com
                                                                                              IN A
                                                                                              Response
                                                                                              evcs-crl.ws.symantec.com
                                                                                              IN CNAME
                                                                                              crl-symcprod.digicert.com
                                                                                              crl-symcprod.digicert.com
                                                                                              IN CNAME
                                                                                              crl.edge.digicert.com
                                                                                              crl.edge.digicert.com
                                                                                              IN CNAME
                                                                                              fp2e7a.wpc.2be4.phicdn.net
                                                                                              fp2e7a.wpc.2be4.phicdn.net
                                                                                              IN CNAME
                                                                                              fp2e7a.wpc.phicdn.net
                                                                                              fp2e7a.wpc.phicdn.net
                                                                                              IN A
                                                                                              192.229.221.95
                                                                                            • flag-se
                                                                                              GET
                                                                                              http://evcs-crl.ws.symantec.com/evcs.crl
                                                                                              Remote address:
                                                                                              192.229.221.95:80
                                                                                              Request
                                                                                              GET /evcs.crl HTTP/1.1
                                                                                              Cache-Control: max-age = 3600
                                                                                              Connection: Keep-Alive
                                                                                              Accept: */*
                                                                                              If-Modified-Since: Mon, 07 Oct 2024 08:46:45 GMT
                                                                                              User-Agent: Microsoft-CryptoAPI/10.0
                                                                                              Host: evcs-crl.ws.symantec.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 735
                                                                                              Cache-Control: public, max-age=3600
                                                                                              Content-Type: application/pkix-crl
                                                                                              Date: Wed, 11 Dec 2024 11:24:40 GMT
                                                                                              Last-Modified: Wed, 11 Dec 2024 11:12:25 GMT
                                                                                              Server: ECAcc (lhd/35B2)
                                                                                              X-Cache: HIT
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-XSS-Protection: 1; mode=block
                                                                                              Content-Length: 1859
                                                                                            • flag-us
                                                                                              DNS
                                                                                              74.19.199.152.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              74.19.199.152.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              knowledgesutra.com
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              knowledgesutra.com
                                                                                              IN A
                                                                                              Response
                                                                                              knowledgesutra.com
                                                                                              IN A
                                                                                              3.33.130.190
                                                                                              knowledgesutra.com
                                                                                              IN A
                                                                                              15.197.148.33
                                                                                            • flag-us
                                                                                              GET
                                                                                              http://knowledgesutra.com/img/temp/hi.cgi?pr=gA924CD3uYd2g0w%2F75eF8BgsCCsiS3YyeeDWHkxNge1u15U8M0n6qMBBZ4SPpXLi1nDGn3ar%2Bfc6PuopKkRO%2FiEwherkJbSX%2BZInzJJ3RDZC37zv%2FxjmEpxjhb%2FI7r04BbahyAFZgz2t0I%2F2zEnt%2FKP%2FhXWkFv7tGXBdtFY60V5kP9SltDjI6uovp64gyPtgW0FDqBICTSrOPD1k1Ygi97CZCssjH0T24at6zaeYHTUU8AwcTpmhObmlzV8VOE0a1xDrQ6ilY%2F8dedK1Pg9t30c8FdugOoayUiN9HHcQM9qS%2BCNWyksvAwrG%2FsLpPJLmdTUZirTCt3oajY%2FoEc8Pv1dqpqabaNQfYtfmoMRiCU8fVFpSLy10Ot4RLAlb
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              Remote address:
                                                                                              3.33.130.190:80
                                                                                              Request
                                                                                              GET /img/temp/hi.cgi?pr=gA924CD3uYd2g0w%2F75eF8BgsCCsiS3YyeeDWHkxNge1u15U8M0n6qMBBZ4SPpXLi1nDGn3ar%2Bfc6PuopKkRO%2FiEwherkJbSX%2BZInzJJ3RDZC37zv%2FxjmEpxjhb%2FI7r04BbahyAFZgz2t0I%2F2zEnt%2FKP%2FhXWkFv7tGXBdtFY60V5kP9SltDjI6uovp64gyPtgW0FDqBICTSrOPD1k1Ygi97CZCssjH0T24at6zaeYHTUU8AwcTpmhObmlzV8VOE0a1xDrQ6ilY%2F8dedK1Pg9t30c8FdugOoayUiN9HHcQM9qS%2BCNWyksvAwrG%2FsLpPJLmdTUZirTCt3oajY%2FoEc8Pv1dqpqabaNQfYtfmoMRiCU8fVFpSLy10Ot4RLAlb HTTP/1.0
                                                                                              Connection: close
                                                                                              Host: knowledgesutra.com
                                                                                              Accept: */*
                                                                                              User-Agent: chrome/9.0
                                                                                              Response
                                                                                              HTTP/1.0 200 OK
                                                                                              content-type: text/html
                                                                                              date: Wed, 11 Dec 2024 11:24:42 GMT
                                                                                              content-length: 524
                                                                                            • flag-us
                                                                                              DNS
                                                                                              190.130.33.3.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              190.130.33.3.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                              190.130.33.3.in-addr.arpa
                                                                                              IN PTR
                                                                                              a2aa9ff50de748dbeawsglobalacceleratorcom
                                                                                            • flag-us
                                                                                              DNS
                                                                                              jumptomoon.com
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              jumptomoon.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              149.220.183.52.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              149.220.183.52.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              jumptomoon.com
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              jumptomoon.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              ourdatatransfers.com
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              ourdatatransfers.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              197.87.175.4.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              197.87.175.4.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              206.23.85.13.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              206.23.85.13.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              simplexstored.com
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              simplexstored.com
                                                                                              IN A
                                                                                              Response
                                                                                            • flag-se
                                                                                              GET
                                                                                              http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              Remote address:
                                                                                              192.229.221.95:80
                                                                                              Request
                                                                                              GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D HTTP/1.1
                                                                                              Connection: close
                                                                                              Accept: */*
                                                                                              User-Agent: Microsoft-CryptoAPI/10.0
                                                                                              Host: ocsp.digicert.com
                                                                                              Response
                                                                                              HTTP/1.1 200 OK
                                                                                              Accept-Ranges: bytes
                                                                                              Age: 809
                                                                                              Cache-Control: max-age=7200
                                                                                              Content-Type: application/ocsp-response
                                                                                              Date: Wed, 11 Dec 2024 11:25:09 GMT
                                                                                              Last-Modified: Wed, 11 Dec 2024 11:11:40 GMT
                                                                                              Server: ECAcc (lhd/35B8)
                                                                                              X-Cache: HIT
                                                                                              Content-Length: 471
                                                                                              Connection: close
                                                                                            • flag-us
                                                                                              DNS
                                                                                              83.210.23.2.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              83.210.23.2.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                              83.210.23.2.in-addr.arpa
                                                                                              IN PTR
                                                                                              a2-23-210-83deploystaticakamaitechnologiescom
                                                                                            • flag-us
                                                                                              DNS
                                                                                              www.google.com
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              www.google.com
                                                                                              IN A
                                                                                              Response
                                                                                              www.google.com
                                                                                              IN A
                                                                                              172.217.20.164
                                                                                            • flag-fr
                                                                                              GET
                                                                                              http://www.google.com/
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              Remote address:
                                                                                              172.217.20.164:80
                                                                                              Request
                                                                                              GET / HTTP/1.0
                                                                                              Connection: close
                                                                                              Host: www.google.com
                                                                                              Accept: */*
                                                                                              Response
                                                                                              HTTP/1.0 302 Found
                                                                                              Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGLbt5boGIjAfcLy3NYONgvyW68t6PU4zpEljgiop0dJe3FtOz0ccEG_WfyRQmGe__1a-rDilNGcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                              x-hallmonitor-challenge: CgwItu3lugYQ9Yj2ywESBLXXsFM
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-CQqKRJSd5phQBq-IXQ-9lQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                              Date: Wed, 11 Dec 2024 11:25:42 GMT
                                                                                              Server: gws
                                                                                              Content-Length: 396
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Set-Cookie: AEC=AZ6Zc-V4flsyCmaWMgDBrGBiR6gTzPE6cPLdIBzIWPpp6E1zXmqUSyDEu7E; expires=Mon, 09-Jun-2025 11:25:42 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                            • flag-fr
                                                                                              GET
                                                                                              http://www.google.com/
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              Remote address:
                                                                                              172.217.20.164:80
                                                                                              Request
                                                                                              GET / HTTP/1.1
                                                                                              Connection: close
                                                                                              Pragma: no-cache
                                                                                              Host: www.google.com
                                                                                              Response
                                                                                              HTTP/1.1 302 Found
                                                                                              Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGLbt5boGIjAfcLy3NYONgvyW68t6PU4zpEljgiop0dJe3FtOz0ccEG_WfyRQmGe__1a-rDilNGcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                              x-hallmonitor-challenge: CgwIt-3lugYQoNa7iQESBLXXsFM
                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                              Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-XwoG95DMmub0JwdwgpS1tQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                              Date: Wed, 11 Dec 2024 11:25:43 GMT
                                                                                              Server: gws
                                                                                              Content-Length: 396
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Set-Cookie: AEC=AZ6Zc-Uv_U_KNI8IFzucpHoKbbln8I85k-jdg8K-03WP_kjMsOozCewwGw; expires=Mon, 09-Jun-2025 11:25:43 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                              Connection: close
                                                                                            • flag-us
                                                                                              DNS
                                                                                              164.20.217.172.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              164.20.217.172.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                              164.20.217.172.in-addr.arpa
                                                                                              IN PTR
                                                                                              waw02s07-in-f1641e100net
                                                                                              164.20.217.172.in-addr.arpa
                                                                                              IN PTR
                                                                                              waw02s07-in-f4�J
                                                                                              164.20.217.172.in-addr.arpa
                                                                                              IN PTR
                                                                                              par10s49-in-f4�J
                                                                                            • flag-fr
                                                                                              GET
                                                                                              http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGLbt5boGIjAfcLy3NYONgvyW68t6PU4zpEljgiop0dJe3FtOz0ccEG_WfyRQmGe__1a-rDilNGcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              Remote address:
                                                                                              172.217.20.164:80
                                                                                              Request
                                                                                              GET /sorry/index?continue=http://www.google.com/&q=EgS117BTGLbt5boGIjAfcLy3NYONgvyW68t6PU4zpEljgiop0dJe3FtOz0ccEG_WfyRQmGe__1a-rDilNGcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                                                                              Connection: close
                                                                                              Pragma: no-cache
                                                                                              Host: www.google.com
                                                                                              Response
                                                                                              HTTP/1.1 429 Too Many Requests
                                                                                              Date: Wed, 11 Dec 2024 11:25:44 GMT
                                                                                              Pragma: no-cache
                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                              Content-Type: text/html
                                                                                              Server: HTTP server (unknown)
                                                                                              Content-Length: 3075
                                                                                              X-XSS-Protection: 0
                                                                                              Connection: close
                                                                                            • flag-us
                                                                                              DNS
                                                                                              19.229.111.52.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              19.229.111.52.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                            • flag-us
                                                                                              DNS
                                                                                              13.173.189.20.in-addr.arpa
                                                                                              Remote address:
                                                                                              8.8.8.8:53
                                                                                              Request
                                                                                              13.173.189.20.in-addr.arpa
                                                                                              IN PTR
                                                                                              Response
                                                                                            • 152.199.19.74:80
                                                                                              http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D
                                                                                              http
                                                                                              843 B
                                                                                              952 B
                                                                                              7
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D

                                                                                              HTTP Response

                                                                                              200

                                                                                              HTTP Request

                                                                                              GET http://evcs-ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQckPwgwK2Thdm9JYVwXQ4ERz3XDQQUo47PGUI9MeGrIYmEbcvZeaKysloCEHX7Uch2jvaSe%2FQdoaI0odk%3D

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 192.229.221.95:80
                                                                                              http://evcs-crl.ws.symantec.com/evcs.crl
                                                                                              http
                                                                                              490 B
                                                                                              2.4kB
                                                                                              6
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://evcs-crl.ws.symantec.com/evcs.crl

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 3.33.130.190:80
                                                                                              http://knowledgesutra.com/img/temp/hi.cgi?pr=gA924CD3uYd2g0w%2F75eF8BgsCCsiS3YyeeDWHkxNge1u15U8M0n6qMBBZ4SPpXLi1nDGn3ar%2Bfc6PuopKkRO%2FiEwherkJbSX%2BZInzJJ3RDZC37zv%2FxjmEpxjhb%2FI7r04BbahyAFZgz2t0I%2F2zEnt%2FKP%2FhXWkFv7tGXBdtFY60V5kP9SltDjI6uovp64gyPtgW0FDqBICTSrOPD1k1Ygi97CZCssjH0T24at6zaeYHTUU8AwcTpmhObmlzV8VOE0a1xDrQ6ilY%2F8dedK1Pg9t30c8FdugOoayUiN9HHcQM9qS%2BCNWyksvAwrG%2FsLpPJLmdTUZirTCt3oajY%2FoEc8Pv1dqpqabaNQfYtfmoMRiCU8fVFpSLy10Ot4RLAlb
                                                                                              http
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              801 B
                                                                                              878 B
                                                                                              6
                                                                                              6

                                                                                              HTTP Request

                                                                                              GET http://knowledgesutra.com/img/temp/hi.cgi?pr=gA924CD3uYd2g0w%2F75eF8BgsCCsiS3YyeeDWHkxNge1u15U8M0n6qMBBZ4SPpXLi1nDGn3ar%2Bfc6PuopKkRO%2FiEwherkJbSX%2BZInzJJ3RDZC37zv%2FxjmEpxjhb%2FI7r04BbahyAFZgz2t0I%2F2zEnt%2FKP%2FhXWkFv7tGXBdtFY60V5kP9SltDjI6uovp64gyPtgW0FDqBICTSrOPD1k1Ygi97CZCssjH0T24at6zaeYHTUU8AwcTpmhObmlzV8VOE0a1xDrQ6ilY%2F8dedK1Pg9t30c8FdugOoayUiN9HHcQM9qS%2BCNWyksvAwrG%2FsLpPJLmdTUZirTCt3oajY%2FoEc8Pv1dqpqabaNQfYtfmoMRiCU8fVFpSLy10Ot4RLAlb

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 192.229.221.95:80
                                                                                              http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
                                                                                              http
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              465 B
                                                                                              967 B
                                                                                              5
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D

                                                                                              HTTP Response

                                                                                              200
                                                                                            • 127.0.0.1:64848
                                                                                              explorer.exe
                                                                                            • 127.0.0.1:64848
                                                                                            • 172.217.20.164:80
                                                                                              http://www.google.com/
                                                                                              http
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              302 B
                                                                                              1.5kB
                                                                                              5
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/

                                                                                              HTTP Response

                                                                                              302
                                                                                            • 172.217.20.164:80
                                                                                              http://www.google.com/
                                                                                              http
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              307 B
                                                                                              1.5kB
                                                                                              5
                                                                                              5

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/

                                                                                              HTTP Response

                                                                                              302
                                                                                            • 172.217.20.164:80
                                                                                              http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGLbt5boGIjAfcLy3NYONgvyW68t6PU4zpEljgiop0dJe3FtOz0ccEG_WfyRQmGe__1a-rDilNGcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                                                                              http
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              526 B
                                                                                              3.7kB
                                                                                              6
                                                                                              7

                                                                                              HTTP Request

                                                                                              GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGLbt5boGIjAfcLy3NYONgvyW68t6PU4zpEljgiop0dJe3FtOz0ccEG_WfyRQmGe__1a-rDilNGcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

                                                                                              HTTP Response

                                                                                              429
                                                                                            • 127.0.0.1:64848
                                                                                            • 127.0.0.1:64848
                                                                                            • 127.0.0.1:64848
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                            • 127.0.0.1:64848
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                            • 8.8.8.8:53
                                                                                              154.239.44.20.in-addr.arpa
                                                                                              dns
                                                                                              72 B
                                                                                              158 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              154.239.44.20.in-addr.arpa

                                                                                            • 8.8.8.8:53
                                                                                              67.31.126.40.in-addr.arpa
                                                                                              dns
                                                                                              71 B
                                                                                              157 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              67.31.126.40.in-addr.arpa

                                                                                            • 8.8.8.8:53
                                                                                              95.221.229.192.in-addr.arpa
                                                                                              dns
                                                                                              73 B
                                                                                              144 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              95.221.229.192.in-addr.arpa

                                                                                            • 8.8.8.8:53
                                                                                              evcs-ocsp.ws.symantec.com
                                                                                              dns
                                                                                              71 B
                                                                                              185 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              evcs-ocsp.ws.symantec.com

                                                                                              DNS Response

                                                                                              152.199.19.74

                                                                                            • 8.8.8.8:53
                                                                                              evcs-crl.ws.symantec.com
                                                                                              dns
                                                                                              70 B
                                                                                              210 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              evcs-crl.ws.symantec.com

                                                                                              DNS Response

                                                                                              192.229.221.95

                                                                                            • 8.8.8.8:53
                                                                                              74.19.199.152.in-addr.arpa
                                                                                              dns
                                                                                              72 B
                                                                                              143 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              74.19.199.152.in-addr.arpa

                                                                                            • 8.8.8.8:53
                                                                                              knowledgesutra.com
                                                                                              dns
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              64 B
                                                                                              96 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              knowledgesutra.com

                                                                                              DNS Response

                                                                                              3.33.130.190
                                                                                              15.197.148.33

                                                                                            • 8.8.8.8:53
                                                                                              190.130.33.3.in-addr.arpa
                                                                                              dns
                                                                                              71 B
                                                                                              127 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              190.130.33.3.in-addr.arpa

                                                                                            • 224.0.0.251:5353
                                                                                              168 B
                                                                                              3
                                                                                            • 8.8.8.8:53
                                                                                              jumptomoon.com
                                                                                              dns
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              60 B
                                                                                              133 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              jumptomoon.com

                                                                                            • 8.8.8.8:53
                                                                                              149.220.183.52.in-addr.arpa
                                                                                              dns
                                                                                              73 B
                                                                                              147 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              149.220.183.52.in-addr.arpa

                                                                                            • 8.8.8.8:53
                                                                                              jumptomoon.com
                                                                                              dns
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              60 B
                                                                                              133 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              jumptomoon.com

                                                                                            • 8.8.8.8:53
                                                                                              ourdatatransfers.com
                                                                                              dns
                                                                                              66 B
                                                                                              139 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              ourdatatransfers.com

                                                                                            • 8.8.8.8:53
                                                                                              197.87.175.4.in-addr.arpa
                                                                                              dns
                                                                                              71 B
                                                                                              157 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              197.87.175.4.in-addr.arpa

                                                                                            • 8.8.8.8:53
                                                                                              206.23.85.13.in-addr.arpa
                                                                                              dns
                                                                                              71 B
                                                                                              145 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              206.23.85.13.in-addr.arpa

                                                                                            • 8.8.8.8:53
                                                                                              simplexstored.com
                                                                                              dns
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              63 B
                                                                                              136 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              simplexstored.com

                                                                                            • 8.8.8.8:53
                                                                                              83.210.23.2.in-addr.arpa
                                                                                              dns
                                                                                              70 B
                                                                                              133 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              83.210.23.2.in-addr.arpa

                                                                                            • 8.8.8.8:53
                                                                                              www.google.com
                                                                                              dns
                                                                                              e13f1b7f45d99e88c2be459c7caffd91_JaffaCakes118.exe
                                                                                              60 B
                                                                                              76 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              www.google.com

                                                                                              DNS Response

                                                                                              172.217.20.164

                                                                                            • 8.8.8.8:53
                                                                                              164.20.217.172.in-addr.arpa
                                                                                              dns
                                                                                              73 B
                                                                                              171 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              164.20.217.172.in-addr.arpa

                                                                                            • 8.8.8.8:53
                                                                                              19.229.111.52.in-addr.arpa
                                                                                              dns
                                                                                              72 B
                                                                                              158 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              19.229.111.52.in-addr.arpa

                                                                                            • 8.8.8.8:53
                                                                                              13.173.189.20.in-addr.arpa
                                                                                              dns
                                                                                              72 B
                                                                                              158 B
                                                                                              1
                                                                                              1

                                                                                              DNS Request

                                                                                              13.173.189.20.in-addr.arpa

                                                                                            MITRE ATT&CK Enterprise v15

                                                                                            Replay Monitor

                                                                                            Loading Replay Monitor...

                                                                                            Downloads

                                                                                            • C:\Program Files (x86)\LP\D3AF\1B72.tmp

                                                                                              Filesize

                                                                                              103KB

                                                                                              MD5

                                                                                              86d203aa2caa9884b7b360153e9ea8c1

                                                                                              SHA1

                                                                                              a10e4e44dfc2a2ace55bf60eb769da2dcc79ca73

                                                                                              SHA256

                                                                                              0e8be7424ef08580c27c82cdc0226abeef27ce7664a16491c4d5c7eecbe6272d

                                                                                              SHA512

                                                                                              491afdef0e57cd084ac76493755c3dff971f1aef06bd4bc3d13447e159f3a32e8b9cc39e30af4f934badaeb2d922a18cf40dfc933b32b9afcb9b64d3a9349567

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                              Filesize

                                                                                              471B

                                                                                              MD5

                                                                                              208708bfb45252d979ab5ba44053c609

                                                                                              SHA1

                                                                                              e4c3e8d332d84cc361d468f1eb6ae88814348c14

                                                                                              SHA256

                                                                                              936f238fe633ee6e5783b80325311fd09c63c0471b094d95b990fd52ba57fd2b

                                                                                              SHA512

                                                                                              f1e583604373404d300027f691f150527219bc932f6fd1fdd9a2c3466187f454554f2a82c4e63efd7d7caadd62505cea975f1cecb766460f44c04246f1d125d1

                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                                                                                              Filesize

                                                                                              412B

                                                                                              MD5

                                                                                              3170b69e80f9a8b2dff4457eee6e0e65

                                                                                              SHA1

                                                                                              7fdc7f84274b557fd6b9ef29db3e1e5d07ba91e7

                                                                                              SHA256

                                                                                              b5c2dd0d057d2b3f89fa5646f04d08b393ad584719dff8bbc5e9d0b49eb64105

                                                                                              SHA512

                                                                                              0489ed314844410d4576cd0564b8420069e8070b47a6c13a265a1baf2222b7f3db2130051da10a96de9272eb5325db2c4146a47b88ae6b8fb717db2d73c5cff0

                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

                                                                                              Filesize

                                                                                              2KB

                                                                                              MD5

                                                                                              3fa9a8f0222ea50ddb873086b0bb6a5f

                                                                                              SHA1

                                                                                              91509f51c49eaf01bc492b27f0cbb63ab2cb4ab1

                                                                                              SHA256

                                                                                              c831f1e498e82d534843b24c475108dbf835e6662d621abdb73dd682a61f612c

                                                                                              SHA512

                                                                                              ed72030f231bc17cdd48bb705dfb07bebadf446d92b26c91270b272dcf33d2e1e0a5c5fb4b33b684aed56b6a71e9c9c7dbc4d41cc8a069d9fa003ce0a7e4f13e

                                                                                            • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\80AM9X7C\microsoft.windows[1].xml

                                                                                              Filesize

                                                                                              96B

                                                                                              MD5

                                                                                              c839a1973d3feaead377ea2dad131fe6

                                                                                              SHA1

                                                                                              252758616792b9b2f10bc460c84b1c1eba75ea04

                                                                                              SHA256

                                                                                              efecd8d483398a6cb569af17e66cb0ba1ca4b9c65f4a697fc7642cc007fc3ccd

                                                                                              SHA512

                                                                                              fee6ca3d2ae272b0f1f291e98830215f2ac138747651be78325ab7c1ba3f01f72cbfed4c886853caba45f16c59c78543a87a5f872b2c1f85bffa3a4e11bf50e1

                                                                                            • C:\Users\Admin\AppData\Roaming\F607A\A1AF.607

                                                                                              Filesize

                                                                                              1KB

                                                                                              MD5

                                                                                              fae39a36ba4ed9b57215eb5781dcef28

                                                                                              SHA1

                                                                                              e4406df15129ea5c9495585b4829a3928731cc15

                                                                                              SHA256

                                                                                              c756480a1cd073e21c5f538602c06b5ccff66f4dded54422cef2f600e547e3fa

                                                                                              SHA512

                                                                                              add810e9c759a5a132be4ac04c3c7f34c338acb31ab8b179c1a5bf2daa4131d49a98e04100c23f0f491504c4b9c4e6bac883338c966c934a86047754097776e7

                                                                                            • C:\Users\Admin\AppData\Roaming\F607A\A1AF.607

                                                                                              Filesize

                                                                                              600B

                                                                                              MD5

                                                                                              374c035c9325356a4a98b21bb163d956

                                                                                              SHA1

                                                                                              a908e847f21e7fd28dd474c9a317e52a820583d8

                                                                                              SHA256

                                                                                              4be0902289b832aed21cf898670b0ef22c4afa1b2691dcdb357b4be516afdc55

                                                                                              SHA512

                                                                                              c7f198549985fdaa298da0499bb4783e5d36c843276211bea6449dadcb24ca6d01f0e47997d026597a1c5dbb4de9bc9aa7aa83c14b7da6e9bd164ec44843811f

                                                                                            • C:\Users\Admin\AppData\Roaming\F607A\A1AF.607

                                                                                              Filesize

                                                                                              996B

                                                                                              MD5

                                                                                              d5b20684703f8d84a454fb174ac5d4dd

                                                                                              SHA1

                                                                                              0ca6118bf0416e707d7320aaed8619b5ffd2ce6e

                                                                                              SHA256

                                                                                              b655301259ecfbb4d9a843075d2e6a20bd25516f07eafcaac1436ec73fe8c95c

                                                                                              SHA512

                                                                                              e4c992ba67d0f3dc831799435e2cce48ceb22bec5fc87592ac23e7f1f73f422885bdb6854353c7f7920c124f6de1367d90f733d4b0f144f1abdac708d725874a

                                                                                            • memory/852-235-0x000002AB261B0000-0x000002AB261D0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/852-215-0x000002AB25DA0000-0x000002AB25DC0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/852-199-0x000002A323DC0000-0x000002A323EC0000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/852-204-0x000002AB25DE0000-0x000002AB25E00000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/1040-653-0x0000011373F20000-0x0000011373F40000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/1040-650-0x0000010B71E00000-0x0000010B71F00000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/1040-648-0x0000010B71E00000-0x0000010B71F00000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/1040-673-0x00000113742E0000-0x0000011374300000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/1040-663-0x0000011373BD0000-0x0000011373BF0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/1040-649-0x0000010B71E00000-0x0000010B71F00000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/1092-1372-0x0000000004150000-0x0000000004151000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/1420-197-0x0000000004730000-0x0000000004731000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/1504-793-0x0000000003F30000-0x0000000003F31000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/1636-822-0x000002184E0E0000-0x000002184E100000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/1636-811-0x000002184DAC0000-0x000002184DAE0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/1636-794-0x000002184CC00000-0x000002184CD00000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/1636-795-0x000002184CC00000-0x000002184CD00000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/1636-799-0x000002184DB00000-0x000002184DB20000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2236-156-0x0000000000400000-0x000000000041C000-memory.dmp

                                                                                              Filesize

                                                                                              112KB

                                                                                            • memory/2328-1374-0x0000025895940000-0x0000025895A40000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/2508-82-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                              Filesize

                                                                                              424KB

                                                                                            • memory/2508-2-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                              Filesize

                                                                                              424KB

                                                                                            • memory/2508-1222-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                              Filesize

                                                                                              424KB

                                                                                            • memory/2508-15-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                              Filesize

                                                                                              412KB

                                                                                            • memory/2508-155-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                              Filesize

                                                                                              424KB

                                                                                            • memory/2508-16-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                              Filesize

                                                                                              424KB

                                                                                            • memory/2508-1-0x0000000000400000-0x0000000000467000-memory.dmp

                                                                                              Filesize

                                                                                              412KB

                                                                                            • memory/2516-381-0x00000121839A0000-0x00000121839C0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2516-382-0x0000012183FC0000-0x0000012183FE0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2516-345-0x0000012182C00000-0x0000012182D00000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/2516-350-0x00000121839E0000-0x0000012183A00000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/2516-346-0x0000012182C00000-0x0000012182D00000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/3000-940-0x000002032A700000-0x000002032A800000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/3000-943-0x000002032B840000-0x000002032B860000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3000-952-0x000002032B800000-0x000002032B820000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3000-967-0x000002032BC00000-0x000002032BC20000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3000-939-0x000002032A700000-0x000002032A800000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/3412-645-0x00000000040E0000-0x00000000040E1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/3576-81-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                              Filesize

                                                                                              424KB

                                                                                            • memory/3592-344-0x0000000004B00000-0x0000000004B01000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/3788-1249-0x0000028ECE840000-0x0000028ECE860000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3788-1239-0x0000028ECE430000-0x0000028ECE450000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3788-1231-0x0000028ECE470000-0x0000028ECE490000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/3796-936-0x0000000004080000-0x0000000004081000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/4128-1223-0x0000000004350000-0x0000000004351000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/4140-14-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                              Filesize

                                                                                              424KB

                                                                                            • memory/4140-13-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                              Filesize

                                                                                              424KB

                                                                                            • memory/4140-12-0x0000000000400000-0x000000000046A000-memory.dmp

                                                                                              Filesize

                                                                                              424KB

                                                                                            • memory/4272-1104-0x000001FDC6FC0000-0x000001FDC6FE0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4272-1088-0x000001FDC6300000-0x000001FDC6400000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/4272-1087-0x000001FDC6300000-0x000001FDC6400000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/4272-1092-0x000001FDC7400000-0x000001FDC7420000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4272-1116-0x000001FDC77D0000-0x000001FDC77F0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4292-1086-0x0000000004670000-0x0000000004671000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            • memory/4628-500-0x000001EE3B300000-0x000001EE3B400000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/4628-498-0x000001EE3B300000-0x000001EE3B400000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/4628-519-0x000001EE3C3A0000-0x000001EE3C3C0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4628-503-0x000001EE3C3E0000-0x000001EE3C400000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4628-535-0x000001EE3C7B0000-0x000001EE3C7D0000-memory.dmp

                                                                                              Filesize

                                                                                              128KB

                                                                                            • memory/4628-499-0x000001EE3B300000-0x000001EE3B400000-memory.dmp

                                                                                              Filesize

                                                                                              1024KB

                                                                                            • memory/4944-497-0x00000000041F0000-0x00000000041F1000-memory.dmp

                                                                                              Filesize

                                                                                              4KB

                                                                                            We care about your privacy.

                                                                                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.