Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

New Project 1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2023, 00:30 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Project 1.exe

  • Size

    7.9MB

  • MD5

    b1c2fc17bdfc63a9c9a38fd50b5ef56f

  • SHA1

    399bc3892ea9558b44c48c35a116e68ea10ffcbf

  • SHA256

    dc3ec70f6daa71429bee069cdce1d600db4ad9d054ac745dba2310c624d193fa

  • SHA512

    55f5e9c6b2f5bac36cd31c2ca69ff627eaecdf61abdb33f530744fcd352edda256a7079be0b261cbc6a7f20bb6940c1b1ff1b1e2a622a514647afa675957ef09

  • SSDEEP

    196608:eLo2IyBOU7KIUPwVRQTBmvuwIhCMwt1/okm:eM2T57KNPwVRQUfbfjtm

Score
10/10
njrathackedpersistencetrojan

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

considered-arrest.at.ply.gg:19159

Mutex

45dc89a20c39cab97b1d3cdf088b928f

Attributes
  • reg_key

    45dc89a20c39cab97b1d3cdf088b928f

  • splitter

    |'|'|

Signatures

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\New Project 1.exe
    "C:\Users\Admin\AppData\Local\Temp\New Project 1.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Users\Admin\AppData\Local\Temp\._cache_New Project 1.exe
      "C:\Users\Admin\AppData\Local\Temp\._cache_New Project 1.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2164
      • C:\Users\Admin\AppData\Local\Temp\PandorahVNC.exe
        "C:\Users\Admin\AppData\Local\Temp\PandorahVNC.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3976
        • C:\Users\Admin\AppData\Local\Temp\._cache_PandorahVNC.exe
          "C:\Users\Admin\AppData\Local\Temp\._cache_PandorahVNC.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:1352
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 1856
            5⤵
            • Program crash
            PID:2244
      • C:\Users\Admin\AppData\Local\Temp\persiste Module.exe
        "C:\Users\Admin\AppData\Local\Temp\persiste Module.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:5032
        • C:\Users\Admin\AppData\Local\Temp\._cache_persiste Module.exe
          "C:\Users\Admin\AppData\Local\Temp\._cache_persiste Module.exe"
          4⤵
          • Executes dropped EXE
          • Modifies registry class
          PID:4416
    • C:\ProgramData\Synaptics\Synaptics.exe
      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:540
      • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3188
        • C:\Users\Admin\AppData\Local\Temp\persiste Module.exe
          "C:\Users\Admin\AppData\Local\Temp\persiste Module.exe"
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:2428
          • C:\Users\Admin\AppData\Local\Temp\._cache_persiste Module.exe
            "C:\Users\Admin\AppData\Local\Temp\._cache_persiste Module.exe"
            5⤵
            • Executes dropped EXE
            PID:1628
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:880
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1352 -ip 1352
    1⤵
      PID:4824
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:216

    Network

    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      76.38.195.152.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      76.38.195.152.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      55.154.139.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.154.139.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      keyauth.business
      ._cache_PandorahVNC.exe
      Remote address:
      8.8.8.8:53
      Request
      keyauth.business
      IN A
      Response
      keyauth.business
      IN A
      172.67.155.204
      keyauth.business
      IN A
      104.21.72.222
    • flag-us
      POST
      https://keyauth.business/1.0/
      ._cache_PandorahVNC.exe
      Remote address:
      172.67.155.204:443
      Request
      POST /1.0/ HTTP/1.1
      Content-Type: application/x-www-form-urlencoded
      Host: keyauth.business
      Content-Length: 348
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 307 Temporary Redirect
      Date: Wed, 08 Mar 2023 00:31:15 GMT
      Content-Length: 0
      Connection: keep-alive
      Location: https://keyauth.win/1.0/
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMp8ErVr%2FYj22HuY8Z0ZqZE2ixAde0EdPSUTQZmOiuj0ptWpm%2Fj%2BbbRtBsuqVc9YibOQYJFIx7WltXbzKR1eKjOjEPA%2BqkVQ%2FBeBcnnogQrNYcdxHeG17LbS4wQbpqPU13TC"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 7a46f96b09c4b909-AMS
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
    • flag-us
      DNS
      keyauth.win
      ._cache_PandorahVNC.exe
      Remote address:
      8.8.8.8:53
      Request
      keyauth.win
      IN A
      Response
      keyauth.win
      IN A
      172.67.190.19
      keyauth.win
      IN A
      104.21.57.106
    • flag-us
      POST
      https://keyauth.win/1.0/
      ._cache_PandorahVNC.exe
      Remote address:
      172.67.190.19:443
      Request
      POST /1.0/ HTTP/1.1
      Content-Type: application/x-www-form-urlencoded
      Host: keyauth.win
      Content-Length: 348
      Expect: 100-continue
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Wed, 08 Mar 2023 00:31:16 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      CF-Cache-Status: DYNAMIC
      Server-Timing: cf-q-config;dur=5.0000003284367e-06
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hNsdyJfMNQQIf6kmnEqOAyfTdCPFO7XhwEYaxmSFTVTSemFNxcvDivpBeiSRfM8X0NRQDfp0J7n7ox3I6C1Fvv%2FP6dVB9Fbgt1OjiuML6OOWunM%2Bfu9iBlXL4bxLiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      content-security-policy: upgrade-insecure-requests
      permissions-policy: accelerometer=(), camera=(), fullscreen=*, geolocation=(self), gyroscope=(), microphone=(), payment=*
      referrer-policy: strict-origin-when-cross-origin
      strict-transport-security: max-age=31536000; includeSubDomains
      x-content-security-policy: img-src *; media-src * data:;
      x-content-type-options: nosniff
      x-frame-options: DENY
      x-xss-protection: 1; mode=block
      Server: cloudflare
      CF-RAY: 7a46f96c6838b89c-AMS
      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
    • flag-us
      DNS
      204.155.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      204.155.67.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      19.190.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.190.67.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      6727.webhost-05.my-host.network
      ._cache_PandorahVNC.exe
      Remote address:
      8.8.8.8:53
      Request
      6727.webhost-05.my-host.network
      IN A
      Response
      6727.webhost-05.my-host.network
      IN CNAME
      webhost-05.my-host.network
      webhost-05.my-host.network
      IN A
      37.114.32.205
    • flag-de
      GET
      https://6727.webhost-05.my-host.network/PandorahVNC/SecureStringNAOT.exe
      ._cache_PandorahVNC.exe
      Remote address:
      37.114.32.205:443
      Request
      GET /PandorahVNC/SecureStringNAOT.exe HTTP/1.1
      Host: 6727.webhost-05.my-host.network
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 08 Mar 2023 00:31:16 GMT
      Content-Type: application/x-msdos-program
      Content-Length: 3627008
      Last-Modified: Mon, 20 Feb 2023 17:57:46 GMT
      Connection: keep-alive
      ETag: "63f3b49a-375800"
      X-Powered-By: PleskLin
      Accept-Ranges: bytes
    • flag-us
      DNS
      205.32.114.37.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.32.114.37.in-addr.arpa
      IN PTR
      Response
      205.32.114.37.in-addr.arpa
      IN PTR
      webhost-05hosmaticcom
    • flag-us
      DNS
      24.32.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.32.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.8.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.8.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      xred.mooo.com
      Synaptics.exe
      Remote address:
      8.8.8.8:53
      Request
      xred.mooo.com
      IN A
      Response
    • flag-us
      DNS
      freedns.afraid.org
      Synaptics.exe
      Remote address:
      8.8.8.8:53
      Request
      freedns.afraid.org
      IN A
      Response
      freedns.afraid.org
      IN A
      69.42.215.252
    • flag-us
      GET
      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
      Synaptics.exe
      Remote address:
      69.42.215.252:80
      Request
      GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
      User-Agent: MyApp
      Host: freedns.afraid.org
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Wed, 08 Mar 2023 00:31:19 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Vary: Accept-Encoding
      X-Cache: MISS
    • flag-us
      DNS
      252.215.42.69.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      252.215.42.69.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      252.215.42.69.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      252.215.42.69.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      252.215.42.69.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      252.215.42.69.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.211.185.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.211.185.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      8.179.89.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.179.89.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      docs.google.com
      Synaptics.exe
      Remote address:
      8.8.8.8:53
      Request
      docs.google.com
      IN A
      Response
      docs.google.com
      IN A
      142.250.179.174
    • flag-us
      DNS
      docs.google.com
      Synaptics.exe
      Remote address:
      8.8.8.8:53
      Request
      docs.google.com
      IN A
      Response
      docs.google.com
      IN A
      142.250.179.174
    • flag-nl
      GET
      https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
      Synaptics.exe
      Remote address:
      142.250.179.174:443
      Request
      GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
      User-Agent: Synaptics.exe
      Host: docs.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Wed, 08 Mar 2023 00:32:20 GMT
      Strict-Transport-Security: max-age=31536000
      Content-Security-Policy: script-src 'report-sample' 'nonce-GUhrOSvU-8N7sYA-qNf_6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-nl
      GET
      https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
      Synaptics.exe
      Remote address:
      142.250.179.174:443
      Request
      GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
      User-Agent: Synaptics.exe
      Host: docs.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Wed, 08 Mar 2023 00:32:21 GMT
      Strict-Transport-Security: max-age=31536000
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
      Content-Security-Policy: script-src 'report-sample' 'nonce--9PIH5R712HRDQuzysuDqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-nl
      GET
      https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
      Synaptics.exe
      Remote address:
      142.250.179.174:443
      Request
      GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
      User-Agent: Synaptics.exe
      Host: docs.google.com
      Cache-Control: no-cache
      Response
      HTTP/1.1 404 Not Found
      Content-Type: text/html; charset=utf-8
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Wed, 08 Mar 2023 00:32:21 GMT
      Strict-Transport-Security: max-age=31536000
      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
      Content-Security-Policy: script-src 'report-sample' 'nonce-U1HKrejIvrXPtKactkBC_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
      Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
      Server: ESF
      X-XSS-Protection: 0
      X-Content-Type-Options: nosniff
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      Accept-Ranges: none
      Vary: Accept-Encoding
      Transfer-Encoding: chunked
    • flag-us
      DNS
      174.179.250.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      174.179.250.142.in-addr.arpa
      IN PTR
      Response
      174.179.250.142.in-addr.arpa
      IN PTR
      ams15s41-in-f141e100net
    • flag-us
      DNS
      35.36.251.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      35.36.251.142.in-addr.arpa
      IN PTR
      Response
      35.36.251.142.in-addr.arpa
      IN PTR
      ams17s12-in-f31e100net
    • flag-us
      DNS
      97.238.32.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.238.32.23.in-addr.arpa
      IN PTR
      Response
      97.238.32.23.in-addr.arpa
      IN PTR
      a23-32-238-97deploystaticakamaitechnologiescom
    • 172.67.155.204:443
      https://keyauth.business/1.0/
      tls, http
      ._cache_PandorahVNC.exe
      1.2kB
       3.8kB
       9
      7

      HTTP Request

      POST https://keyauth.business/1.0/

      HTTP Response

      307
    • 172.67.190.19:443
      https://keyauth.win/1.0/
      tls, http
      ._cache_PandorahVNC.exe
      1.3kB
       5.0kB
       10
      11

      HTTP Request

      POST https://keyauth.win/1.0/

      HTTP Response

      200
    • 37.114.32.205:443
      https://6727.webhost-05.my-host.network/PandorahVNC/SecureStringNAOT.exe
      tls, http
      ._cache_PandorahVNC.exe
      62.7kB
       3.7MB
       1353
      2680

      HTTP Request

      GET https://6727.webhost-05.my-host.network/PandorahVNC/SecureStringNAOT.exe

      HTTP Response

      200
    • 69.42.215.252:80
      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
      http
      Synaptics.exe
      706 B
       415 B
       12
      4

      HTTP Request

      GET http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

      HTTP Response

      200
    • 40.79.141.152:443
      322 B
       7
    • 209.197.3.8:80
      322 B
       7
    • 173.223.113.164:443
      322 B
       7
    • 173.223.113.131:80
      322 B
       7
    • 131.253.33.203:80
      322 B
       7
    • 209.197.3.8:80
      322 B
       7
    • 209.197.3.8:80
      322 B
       7
    • 209.197.3.8:80
      322 B
       7
    • 93.184.220.29:80
      322 B
       7
    • 142.250.179.174:443
      https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
      tls, http
      Synaptics.exe
      2.2kB
       17.6kB
       31
      29

      HTTP Request

      GET https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

      HTTP Response

      404

      HTTP Request

      GET https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

      HTTP Response

      404

      HTTP Request

      GET https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

      HTTP Response

      404
    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      76.38.195.152.in-addr.arpa
      dns
      72 B
       143 B
       1
      1

      DNS Request

      76.38.195.152.in-addr.arpa

    • 8.8.8.8:53
      55.154.139.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      55.154.139.52.in-addr.arpa

    • 8.8.8.8:53
      keyauth.business
      dns
      ._cache_PandorahVNC.exe
      62 B
       94 B
       1
      1

      DNS Request

      keyauth.business

      DNS Response

      172.67.155.204
      104.21.72.222

    • 8.8.8.8:53
      keyauth.win
      dns
      ._cache_PandorahVNC.exe
      57 B
       89 B
       1
      1

      DNS Request

      keyauth.win

      DNS Response

      172.67.190.19
      104.21.57.106

    • 8.8.8.8:53
      204.155.67.172.in-addr.arpa
      dns
      73 B
       135 B
       1
      1

      DNS Request

      204.155.67.172.in-addr.arpa

    • 8.8.8.8:53
      19.190.67.172.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      19.190.67.172.in-addr.arpa

    • 8.8.8.8:53
      6727.webhost-05.my-host.network
      dns
      ._cache_PandorahVNC.exe
      77 B
       107 B
       1
      1

      DNS Request

      6727.webhost-05.my-host.network

      DNS Response

      37.114.32.205

    • 8.8.8.8:53
      205.32.114.37.in-addr.arpa
      dns
      72 B
       109 B
       1
      1

      DNS Request

      205.32.114.37.in-addr.arpa

    • 8.8.8.8:53
      24.32.109.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      24.32.109.52.in-addr.arpa

    • 8.8.8.8:53
      86.8.109.52.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      86.8.109.52.in-addr.arpa

    • 8.8.8.8:53
      xred.mooo.com
      dns
      Synaptics.exe
      59 B
       118 B
       1
      1

      DNS Request

      xred.mooo.com

    • 8.8.8.8:53
      freedns.afraid.org
      dns
      Synaptics.exe
      64 B
       80 B
       1
      1

      DNS Request

      freedns.afraid.org

      DNS Response

      69.42.215.252

    • 224.0.0.251:5353
      114 B
       2
    • 8.8.8.8:53
      252.215.42.69.in-addr.arpa
      dns
      216 B
       216 B
       3
      3

      DNS Request

      252.215.42.69.in-addr.arpa

      DNS Request

      252.215.42.69.in-addr.arpa

      DNS Request

      252.215.42.69.in-addr.arpa

    • 8.8.8.8:53
      133.211.185.52.in-addr.arpa
      dns
      146 B
       294 B
       2
      2

      DNS Request

      133.211.185.52.in-addr.arpa

      DNS Request

      133.211.185.52.in-addr.arpa

    • 8.8.8.8:53
      8.179.89.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      8.179.89.13.in-addr.arpa

    • 8.8.8.8:53
      docs.google.com
      dns
      Synaptics.exe
      122 B
       154 B
       2
      2

      DNS Request

      docs.google.com

      DNS Request

      docs.google.com

      DNS Response

      142.250.179.174

      DNS Response

      142.250.179.174

    • 8.8.8.8:53
      174.179.250.142.in-addr.arpa
      dns
      74 B
       113 B
       1
      1

      DNS Request

      174.179.250.142.in-addr.arpa

    • 8.8.8.8:53
      35.36.251.142.in-addr.arpa
      dns
      72 B
       110 B
       1
      1

      DNS Request

      35.36.251.142.in-addr.arpa

    • 8.8.8.8:53
      97.238.32.23.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      97.238.32.23.in-addr.arpa

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Synaptics\Synaptics.exe
      Filesize

      7.9MB

      MD5

      b1c2fc17bdfc63a9c9a38fd50b5ef56f

      SHA1

      399bc3892ea9558b44c48c35a116e68ea10ffcbf

      SHA256

      dc3ec70f6daa71429bee069cdce1d600db4ad9d054ac745dba2310c624d193fa

      SHA512

      55f5e9c6b2f5bac36cd31c2ca69ff627eaecdf61abdb33f530744fcd352edda256a7079be0b261cbc6a7f20bb6940c1b1ff1b1e2a622a514647afa675957ef09

      Download Submit

    • C:\ProgramData\Synaptics\Synaptics.exe
      Filesize

      7.9MB

      MD5

      b1c2fc17bdfc63a9c9a38fd50b5ef56f

      SHA1

      399bc3892ea9558b44c48c35a116e68ea10ffcbf

      SHA256

      dc3ec70f6daa71429bee069cdce1d600db4ad9d054ac745dba2310c624d193fa

      SHA512

      55f5e9c6b2f5bac36cd31c2ca69ff627eaecdf61abdb33f530744fcd352edda256a7079be0b261cbc6a7f20bb6940c1b1ff1b1e2a622a514647afa675957ef09

      Download Submit

    • C:\ProgramData\Synaptics\Synaptics.exe
      Filesize

      7.9MB

      MD5

      b1c2fc17bdfc63a9c9a38fd50b5ef56f

      SHA1

      399bc3892ea9558b44c48c35a116e68ea10ffcbf

      SHA256

      dc3ec70f6daa71429bee069cdce1d600db4ad9d054ac745dba2310c624d193fa

      SHA512

      55f5e9c6b2f5bac36cd31c2ca69ff627eaecdf61abdb33f530744fcd352edda256a7079be0b261cbc6a7f20bb6940c1b1ff1b1e2a622a514647afa675957ef09

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\._cache_persiste Module.exe.log
      Filesize

      319B

      MD5

      da4fafeffe21b7cb3a8c170ca7911976

      SHA1

      50ef77e2451ab60f93f4db88325b897d215be5ad

      SHA256

      7341a4a13e81cbb5b7f39ec47bb45f84836b08b8d8e3ea231d2c7dad982094f7

      SHA512

      0bc24b69460f31a0ebc0628b99908d818ee85feb7e4b663271d9375b30cced0cd55a0bbf8edff1281a4c886ddf4476ffc989c283069cdcb1235ffcb265580fc6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_New Project 1.exe
      Filesize

      7.2MB

      MD5

      0ecfd1d18a2bfe0be78b5ebae1f60872

      SHA1

      8ac431400f364a19803899475264993a02e01300

      SHA256

      63c6c51d671fe6add62a536301244ec07ef433d009321884c86d6419f00cabe2

      SHA512

      604c66ee707653a26df338ca4f113c2284074436cd7a589394c7cb5cb61fdf0aaa7a8eeaf580000195bb5a9a253506484cda9bdf1139aa169b084a27569549fb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_New Project 1.exe
      Filesize

      7.2MB

      MD5

      0ecfd1d18a2bfe0be78b5ebae1f60872

      SHA1

      8ac431400f364a19803899475264993a02e01300

      SHA256

      63c6c51d671fe6add62a536301244ec07ef433d009321884c86d6419f00cabe2

      SHA512

      604c66ee707653a26df338ca4f113c2284074436cd7a589394c7cb5cb61fdf0aaa7a8eeaf580000195bb5a9a253506484cda9bdf1139aa169b084a27569549fb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_New Project 1.exe
      Filesize

      7.2MB

      MD5

      0ecfd1d18a2bfe0be78b5ebae1f60872

      SHA1

      8ac431400f364a19803899475264993a02e01300

      SHA256

      63c6c51d671fe6add62a536301244ec07ef433d009321884c86d6419f00cabe2

      SHA512

      604c66ee707653a26df338ca4f113c2284074436cd7a589394c7cb5cb61fdf0aaa7a8eeaf580000195bb5a9a253506484cda9bdf1139aa169b084a27569549fb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_PandorahVNC.exe
      Filesize

      3.3MB

      MD5

      bdf57bb779169e0e76dd7ef9b962a3a8

      SHA1

      8635cd15e6ca3929aabe49ccf8202621e8fd624a

      SHA256

      e612636863efc9d4963a7bd65dcd5e30b612af8a35122a88cc5d500f680860d9

      SHA512

      40b0f0db351a8247f96b4848562d8f806451495b08179344101141c805b2b07707edebfb1792ba7f567ca2139cdec1de0c45b3c3694ee5f2e4111575cc1ac355

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_PandorahVNC.exe
      Filesize

      3.3MB

      MD5

      bdf57bb779169e0e76dd7ef9b962a3a8

      SHA1

      8635cd15e6ca3929aabe49ccf8202621e8fd624a

      SHA256

      e612636863efc9d4963a7bd65dcd5e30b612af8a35122a88cc5d500f680860d9

      SHA512

      40b0f0db351a8247f96b4848562d8f806451495b08179344101141c805b2b07707edebfb1792ba7f567ca2139cdec1de0c45b3c3694ee5f2e4111575cc1ac355

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_PandorahVNC.exe
      Filesize

      3.3MB

      MD5

      bdf57bb779169e0e76dd7ef9b962a3a8

      SHA1

      8635cd15e6ca3929aabe49ccf8202621e8fd624a

      SHA256

      e612636863efc9d4963a7bd65dcd5e30b612af8a35122a88cc5d500f680860d9

      SHA512

      40b0f0db351a8247f96b4848562d8f806451495b08179344101141c805b2b07707edebfb1792ba7f567ca2139cdec1de0c45b3c3694ee5f2e4111575cc1ac355

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
      Filesize

      7.2MB

      MD5

      0ecfd1d18a2bfe0be78b5ebae1f60872

      SHA1

      8ac431400f364a19803899475264993a02e01300

      SHA256

      63c6c51d671fe6add62a536301244ec07ef433d009321884c86d6419f00cabe2

      SHA512

      604c66ee707653a26df338ca4f113c2284074436cd7a589394c7cb5cb61fdf0aaa7a8eeaf580000195bb5a9a253506484cda9bdf1139aa169b084a27569549fb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
      Filesize

      7.2MB

      MD5

      0ecfd1d18a2bfe0be78b5ebae1f60872

      SHA1

      8ac431400f364a19803899475264993a02e01300

      SHA256

      63c6c51d671fe6add62a536301244ec07ef433d009321884c86d6419f00cabe2

      SHA512

      604c66ee707653a26df338ca4f113c2284074436cd7a589394c7cb5cb61fdf0aaa7a8eeaf580000195bb5a9a253506484cda9bdf1139aa169b084a27569549fb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_persiste Module.exe
      Filesize

      37KB

      MD5

      1ab74a6ae9e8672aec208d40553e0f46

      SHA1

      78b5e911a1dba6bdefab5a551a3c86a7c67c546f

      SHA256

      76efed220ef62db6c1f3ddf21bbc44b1614d406d09f4373d4c4dd8131635e526

      SHA512

      b3618d1daacb51cbdd777b7db815bfae1419b0f0ca22eff1a1af969aa3dfe86bcde1dfbd259f3000fa2bf35426aec35cfadb93cf5afafaa3feef7529d2cc8c05

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_persiste Module.exe
      Filesize

      37KB

      MD5

      1ab74a6ae9e8672aec208d40553e0f46

      SHA1

      78b5e911a1dba6bdefab5a551a3c86a7c67c546f

      SHA256

      76efed220ef62db6c1f3ddf21bbc44b1614d406d09f4373d4c4dd8131635e526

      SHA512

      b3618d1daacb51cbdd777b7db815bfae1419b0f0ca22eff1a1af969aa3dfe86bcde1dfbd259f3000fa2bf35426aec35cfadb93cf5afafaa3feef7529d2cc8c05

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_persiste Module.exe
      Filesize

      37KB

      MD5

      1ab74a6ae9e8672aec208d40553e0f46

      SHA1

      78b5e911a1dba6bdefab5a551a3c86a7c67c546f

      SHA256

      76efed220ef62db6c1f3ddf21bbc44b1614d406d09f4373d4c4dd8131635e526

      SHA512

      b3618d1daacb51cbdd777b7db815bfae1419b0f0ca22eff1a1af969aa3dfe86bcde1dfbd259f3000fa2bf35426aec35cfadb93cf5afafaa3feef7529d2cc8c05

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_persiste Module.exe
      Filesize

      37KB

      MD5

      1ab74a6ae9e8672aec208d40553e0f46

      SHA1

      78b5e911a1dba6bdefab5a551a3c86a7c67c546f

      SHA256

      76efed220ef62db6c1f3ddf21bbc44b1614d406d09f4373d4c4dd8131635e526

      SHA512

      b3618d1daacb51cbdd777b7db815bfae1419b0f0ca22eff1a1af969aa3dfe86bcde1dfbd259f3000fa2bf35426aec35cfadb93cf5afafaa3feef7529d2cc8c05

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_persiste Module.exe
      Filesize

      37KB

      MD5

      1ab74a6ae9e8672aec208d40553e0f46

      SHA1

      78b5e911a1dba6bdefab5a551a3c86a7c67c546f

      SHA256

      76efed220ef62db6c1f3ddf21bbc44b1614d406d09f4373d4c4dd8131635e526

      SHA512

      b3618d1daacb51cbdd777b7db815bfae1419b0f0ca22eff1a1af969aa3dfe86bcde1dfbd259f3000fa2bf35426aec35cfadb93cf5afafaa3feef7529d2cc8c05

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\._cache_persiste Module.exe
      Filesize

      37KB

      MD5

      1ab74a6ae9e8672aec208d40553e0f46

      SHA1

      78b5e911a1dba6bdefab5a551a3c86a7c67c546f

      SHA256

      76efed220ef62db6c1f3ddf21bbc44b1614d406d09f4373d4c4dd8131635e526

      SHA512

      b3618d1daacb51cbdd777b7db815bfae1419b0f0ca22eff1a1af969aa3dfe86bcde1dfbd259f3000fa2bf35426aec35cfadb93cf5afafaa3feef7529d2cc8c05

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\EJ5pGRiY.xlsm
      Filesize

      17KB

      MD5

      e566fc53051035e1e6fd0ed1823de0f9

      SHA1

      00bc96c48b98676ecd67e81a6f1d7754e4156044

      SHA256

      8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

      SHA512

      a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\PandorahVNC.exe
      Filesize

      4.0MB

      MD5

      c08e003e9318a3c44e3b399d618900ea

      SHA1

      f4fb5d72dda68c0b209b73b514393da10937b641

      SHA256

      1807d0e8ad33486f3eb4ce7e254adc9b5df1c66dd3725c8af615612c845ff8dc

      SHA512

      f0bab8cf52240cde32cef40eb0f65447b153195b2e54b061ed8467d87c58db9a907d186c97af0fc12e6016b2f3b69a4e12474a06b057fcf7106f12f1014c0e68

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\PandorahVNC.exe
      Filesize

      4.0MB

      MD5

      c08e003e9318a3c44e3b399d618900ea

      SHA1

      f4fb5d72dda68c0b209b73b514393da10937b641

      SHA256

      1807d0e8ad33486f3eb4ce7e254adc9b5df1c66dd3725c8af615612c845ff8dc

      SHA512

      f0bab8cf52240cde32cef40eb0f65447b153195b2e54b061ed8467d87c58db9a907d186c97af0fc12e6016b2f3b69a4e12474a06b057fcf7106f12f1014c0e68

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\PandorahVNC.exe
      Filesize

      4.0MB

      MD5

      c08e003e9318a3c44e3b399d618900ea

      SHA1

      f4fb5d72dda68c0b209b73b514393da10937b641

      SHA256

      1807d0e8ad33486f3eb4ce7e254adc9b5df1c66dd3725c8af615612c845ff8dc

      SHA512

      f0bab8cf52240cde32cef40eb0f65447b153195b2e54b061ed8467d87c58db9a907d186c97af0fc12e6016b2f3b69a4e12474a06b057fcf7106f12f1014c0e68

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\persiste Module.exe
      Filesize

      790KB

      MD5

      c8ccadf228daab2a24e268c5f6de69d1

      SHA1

      746dbc9aeeeecbf29dc6040460dff7cb9879f7f7

      SHA256

      ec61a22a6c94b98563c5a8caef5595ddcc04018229cc2e1ba5de292ebd165ca4

      SHA512

      b7c0a41dde7f3bb2a2769e3689715ce534b457229fc591099da983ce354d62bfbe3d57385b0cc632bad860371aac5412fda21b727ab8ef7f77495c2c063e056f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\persiste Module.exe
      Filesize

      790KB

      MD5

      c8ccadf228daab2a24e268c5f6de69d1

      SHA1

      746dbc9aeeeecbf29dc6040460dff7cb9879f7f7

      SHA256

      ec61a22a6c94b98563c5a8caef5595ddcc04018229cc2e1ba5de292ebd165ca4

      SHA512

      b7c0a41dde7f3bb2a2769e3689715ce534b457229fc591099da983ce354d62bfbe3d57385b0cc632bad860371aac5412fda21b727ab8ef7f77495c2c063e056f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\persiste Module.exe
      Filesize

      790KB

      MD5

      c8ccadf228daab2a24e268c5f6de69d1

      SHA1

      746dbc9aeeeecbf29dc6040460dff7cb9879f7f7

      SHA256

      ec61a22a6c94b98563c5a8caef5595ddcc04018229cc2e1ba5de292ebd165ca4

      SHA512

      b7c0a41dde7f3bb2a2769e3689715ce534b457229fc591099da983ce354d62bfbe3d57385b0cc632bad860371aac5412fda21b727ab8ef7f77495c2c063e056f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\persiste Module.exe
      Filesize

      790KB

      MD5

      c8ccadf228daab2a24e268c5f6de69d1

      SHA1

      746dbc9aeeeecbf29dc6040460dff7cb9879f7f7

      SHA256

      ec61a22a6c94b98563c5a8caef5595ddcc04018229cc2e1ba5de292ebd165ca4

      SHA512

      b7c0a41dde7f3bb2a2769e3689715ce534b457229fc591099da983ce354d62bfbe3d57385b0cc632bad860371aac5412fda21b727ab8ef7f77495c2c063e056f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\persiste Module.exe
      Filesize

      790KB

      MD5

      c8ccadf228daab2a24e268c5f6de69d1

      SHA1

      746dbc9aeeeecbf29dc6040460dff7cb9879f7f7

      SHA256

      ec61a22a6c94b98563c5a8caef5595ddcc04018229cc2e1ba5de292ebd165ca4

      SHA512

      b7c0a41dde7f3bb2a2769e3689715ce534b457229fc591099da983ce354d62bfbe3d57385b0cc632bad860371aac5412fda21b727ab8ef7f77495c2c063e056f

      Download Submit

    • memory/540-511-0x0000000000400000-0x0000000000BEC000-memory.dmp

      Filesize

      7.9MB

      Download

    • memory/540-560-0x0000000000400000-0x0000000000BEC000-memory.dmp

      Filesize

      7.9MB

      Download

    • memory/540-534-0x0000000000400000-0x0000000000BEC000-memory.dmp

      Filesize

      7.9MB

      Download

    • memory/540-531-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/540-315-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/880-507-0x00007FFFB8410000-0x00007FFFB8420000-memory.dmp

      Filesize

      64KB

      Download

    • memory/880-512-0x00007FFFB6230000-0x00007FFFB6240000-memory.dmp

      Filesize

      64KB

      Download

    • memory/880-510-0x00007FFFB6230000-0x00007FFFB6240000-memory.dmp

      Filesize

      64KB

      Download

    • memory/880-508-0x00007FFFB8410000-0x00007FFFB8420000-memory.dmp

      Filesize

      64KB

      Download

    • memory/880-506-0x00007FFFB8410000-0x00007FFFB8420000-memory.dmp

      Filesize

      64KB

      Download

    • memory/880-505-0x00007FFFB8410000-0x00007FFFB8420000-memory.dmp

      Filesize

      64KB

      Download

    • memory/880-504-0x00007FFFB8410000-0x00007FFFB8420000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1352-494-0x0000000001340000-0x0000000001352000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1352-495-0x0000000005A30000-0x0000000005FD4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1352-490-0x0000000000590000-0x00000000008D8000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1352-503-0x0000000006520000-0x000000000655C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1352-509-0x0000000005A10000-0x0000000005A1A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1352-498-0x0000000005400000-0x0000000005410000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1352-496-0x0000000002E50000-0x0000000002EE2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/1628-502-0x00000000018A0000-0x00000000018B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1636-236-0x0000000000400000-0x0000000000BEC000-memory.dmp

      Filesize

      7.9MB

      Download

    • memory/1636-138-0x0000000002B70000-0x0000000002B71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-224-0x0000000000400000-0x0000000000B2C000-memory.dmp

      Filesize

      7.2MB

      Download

    • memory/2428-500-0x0000000002100000-0x0000000002101000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2428-499-0x0000000000400000-0x00000000004CC000-memory.dmp

      Filesize

      816KB

      Download

    • memory/3976-480-0x0000000000400000-0x0000000000804000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/3976-444-0x0000000002340000-0x0000000002341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4416-501-0x0000000001730000-0x0000000001740000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5032-445-0x0000000000680000-0x0000000000681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/5032-493-0x0000000000400000-0x00000000004CC000-memory.dmp

      Filesize

      816KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.