Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    183s
  • max time network
    190s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 21:16 UTC

General

  • Target

    0439163d95fcc9dd62b91dff9dfdd2a7.exe

  • Size

    2.0MB

  • MD5

    0439163d95fcc9dd62b91dff9dfdd2a7

  • SHA1

    f063eb563e42a842034a1cc0b3e18d947e005d80

  • SHA256

    298160898f7dab88f6c6d7ca5478b8ab81b614d4ee025877a0c6017e30823893

  • SHA512

    de98f6d287d747c1a717d11c1a752c98f9690c9574a096268f19cf14f6ea900adbc2fe78b15c8799f7511e8cd5621e9fd4a1d98cb5b64e918be39a8fae6e0e00

  • SSDEEP

    49152:JBjdqMokrcakLz0ibq6yqhMt7RJwnOcakLz0ibq6yqh:rdqMogcakcibiqhMVqOcakcibiqh

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Program crash 18 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0439163d95fcc9dd62b91dff9dfdd2a7.exe
    "C:\Users\Admin\AppData\Local\Temp\0439163d95fcc9dd62b91dff9dfdd2a7.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:4016
    • C:\Users\Admin\AppData\Local\Temp\0439163d95fcc9dd62b91dff9dfdd2a7.exe
      C:\Users\Admin\AppData\Local\Temp\0439163d95fcc9dd62b91dff9dfdd2a7.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:400
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks.exe /CREATE /RL HIGHEST /SC ONLOGON /TR "C:\Users\Admin\AppData\Local\Temp\0439163d95fcc9dd62b91dff9dfdd2a7.exe" /TN Wxpz1JCma418 /F
        3⤵
        • Creates scheduled task(s)
        PID:4996
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /c schtasks.exe /Query /XML /TN Wxpz1JCma418 > C:\Users\Admin\AppData\Local\Temp\wTsWRa.xml
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1980
        • C:\Windows\SysWOW64\schtasks.exe
          schtasks.exe /Query /XML /TN Wxpz1JCma418
          4⤵
            PID:5056
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 608
          3⤵
          • Program crash
          PID:1148
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 652
          3⤵
          • Program crash
          PID:3160
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 736
          3⤵
          • Program crash
          PID:5004
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 660
          3⤵
          • Program crash
          PID:496
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 724
          3⤵
          • Program crash
          PID:1044
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 780
          3⤵
          • Program crash
          PID:3100
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 1464
          3⤵
          • Program crash
          PID:4828
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 1916
          3⤵
          • Program crash
          PID:5096
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 2144
          3⤵
          • Program crash
          PID:1048
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 1932
          3⤵
          • Program crash
          PID:484
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 1976
          3⤵
          • Program crash
          PID:1468
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 1916
          3⤵
          • Program crash
          PID:4712
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 2160
          3⤵
          • Program crash
          PID:2200
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 1968
          3⤵
          • Program crash
          PID:4444
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 2168
          3⤵
          • Program crash
          PID:2060
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 1932
          3⤵
          • Program crash
          PID:492
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 2176
          3⤵
          • Program crash
          PID:4576
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 664
          3⤵
          • Program crash
          PID:1500
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 400 -ip 400
      1⤵
        PID:1216
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 400 -ip 400
        1⤵
          PID:4624
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 400 -ip 400
          1⤵
            PID:3688
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 400 -ip 400
            1⤵
              PID:184
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 400 -ip 400
              1⤵
                PID:1388
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 400 -ip 400
                1⤵
                  PID:5044
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 400 -ip 400
                  1⤵
                    PID:116
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 400 -ip 400
                    1⤵
                      PID:4984
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 400 -ip 400
                      1⤵
                        PID:548
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 400 -ip 400
                        1⤵
                          PID:4040
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 400 -ip 400
                          1⤵
                            PID:412
                          • C:\Windows\SysWOW64\WerFault.exe
                            C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 400 -ip 400
                            1⤵
                              PID:4328
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 400 -ip 400
                              1⤵
                                PID:740
                              • C:\Windows\SysWOW64\WerFault.exe
                                C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 400 -ip 400
                                1⤵
                                  PID:2904
                                • C:\Windows\SysWOW64\WerFault.exe
                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 400 -ip 400
                                  1⤵
                                    PID:2392
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 400 -ip 400
                                    1⤵
                                      PID:2784
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 400 -ip 400
                                      1⤵
                                        PID:4444
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 400 -ip 400
                                        1⤵
                                          PID:4908

                                        Network

                                        • flag-us
                                          DNS
                                          158.240.127.40.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          158.240.127.40.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          173.178.17.96.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          173.178.17.96.in-addr.arpa
                                          IN PTR
                                          Response
                                          173.178.17.96.in-addr.arpa
                                          IN PTR
                                          a96-17-178-173deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          140.32.126.40.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          140.32.126.40.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          50.23.12.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          50.23.12.20.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          95.221.229.192.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          95.221.229.192.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          206.23.85.13.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          206.23.85.13.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          88.156.103.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          88.156.103.20.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          241.154.82.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          241.154.82.20.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          pastebin.com
                                          0439163d95fcc9dd62b91dff9dfdd2a7.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          pastebin.com
                                          IN A
                                          Response
                                          pastebin.com
                                          IN A
                                          172.67.34.170
                                          pastebin.com
                                          IN A
                                          104.20.67.143
                                          pastebin.com
                                          IN A
                                          104.20.68.143
                                        • flag-us
                                          DNS
                                          cutit.org
                                          0439163d95fcc9dd62b91dff9dfdd2a7.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          cutit.org
                                          IN A
                                          Response
                                          cutit.org
                                          IN A
                                          64.91.240.248
                                        • flag-us
                                          GET
                                          https://cutit.org/oxgBR
                                          0439163d95fcc9dd62b91dff9dfdd2a7.exe
                                          Remote address:
                                          64.91.240.248:443
                                          Request
                                          GET /oxgBR HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; pt-br; MZ608 Build/7.7.1-141-7-FLEM-UMTS-LA) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
                                          Host: cutit.org
                                          Cache-Control: no-cache
                                          Response
                                          HTTP/1.1 200 OK
                                          Date: Sat, 30 Dec 2023 01:27:19 GMT
                                          Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
                                          X-Powered-By: PHP/5.4.16
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Content-Length: 1912
                                          Content-Type: text/html; charset=UTF-8
                                        • flag-us
                                          DNS
                                          170.34.67.172.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          170.34.67.172.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          248.240.91.64.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          248.240.91.64.in-addr.arpa
                                          IN PTR
                                          Response
                                          248.240.91.64.in-addr.arpa
                                          IN PTR
                                          crocodile parklogiccom
                                        • flag-us
                                          DNS
                                          18.134.221.88.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          18.134.221.88.in-addr.arpa
                                          IN PTR
                                          Response
                                          18.134.221.88.in-addr.arpa
                                          IN PTR
                                          a88-221-134-18deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          40.13.222.173.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          40.13.222.173.in-addr.arpa
                                          IN PTR
                                          Response
                                          40.13.222.173.in-addr.arpa
                                          IN PTR
                                          a173-222-13-40deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          41.110.16.96.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          41.110.16.96.in-addr.arpa
                                          IN PTR
                                          Response
                                          41.110.16.96.in-addr.arpa
                                          IN PTR
                                          a96-16-110-41deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          193.179.17.96.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          193.179.17.96.in-addr.arpa
                                          IN PTR
                                          Response
                                          193.179.17.96.in-addr.arpa
                                          IN PTR
                                          a96-17-179-193deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          59.128.231.4.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          59.128.231.4.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          43.58.199.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          43.58.199.20.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          43.58.199.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          43.58.199.20.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          tse1.mm.bing.net
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          tse1.mm.bing.net
                                          IN A
                                          Response
                                          tse1.mm.bing.net
                                          IN CNAME
                                          mm-mm.bing.net.trafficmanager.net
                                          mm-mm.bing.net.trafficmanager.net
                                          IN CNAME
                                          dual-a-0001.a-msedge.net
                                          dual-a-0001.a-msedge.net
                                          IN A
                                          204.79.197.200
                                          dual-a-0001.a-msedge.net
                                          IN A
                                          13.107.21.200
                                        • flag-us
                                          DNS
                                          tse1.mm.bing.net
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          tse1.mm.bing.net
                                          IN A
                                          Response
                                          tse1.mm.bing.net
                                          IN CNAME
                                          mm-mm.bing.net.trafficmanager.net
                                          mm-mm.bing.net.trafficmanager.net
                                          IN CNAME
                                          dual-a-0001.a-msedge.net
                                          dual-a-0001.a-msedge.net
                                          IN A
                                          204.79.197.200
                                          dual-a-0001.a-msedge.net
                                          IN A
                                          13.107.21.200
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239317301699_12NV8Y4ZR4ST0I53H&pid=21.2&w=1080&h=1920&c=4
                                          Remote address:
                                          204.79.197.200:443
                                          Request
                                          GET /th?id=OADD2.10239317301699_12NV8Y4ZR4ST0I53H&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 332996
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 1BC9992EA65744C28DE0F5BD0C78BB57 Ref B: LON04EDGE1014 Ref C: 2023-12-30T01:27:45Z
                                          date: Sat, 30 Dec 2023 01:27:44 GMT
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239317301290_1IGRZL9QG2RVKOW2C&pid=21.2&w=1920&h=1080&c=4
                                          Remote address:
                                          204.79.197.200:443
                                          Request
                                          GET /th?id=OADD2.10239317301290_1IGRZL9QG2RVKOW2C&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 388747
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 0C02B12137864D6AAAF00693D912DBDF Ref B: LON04EDGE1014 Ref C: 2023-12-30T01:27:45Z
                                          date: Sat, 30 Dec 2023 01:27:44 GMT
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239317300974_1FWKD3OQIJ5N50HNG&pid=21.2&w=1920&h=1080&c=4
                                          Remote address:
                                          204.79.197.200:443
                                          Request
                                          GET /th?id=OADD2.10239317300974_1FWKD3OQIJ5N50HNG&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 347833
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: F9F2706AF1DE41B2B8BF5AB7FAE0C230 Ref B: LON04EDGE1014 Ref C: 2023-12-30T01:27:45Z
                                          date: Sat, 30 Dec 2023 01:27:45 GMT
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239317301358_1ZPBGXJ99CUBJXGTN&pid=21.2&w=1080&h=1920&c=4
                                          Remote address:
                                          204.79.197.200:443
                                          Request
                                          GET /th?id=OADD2.10239317301358_1ZPBGXJ99CUBJXGTN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 323910
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 897A9256AE9C4219881FCEBB5FF36AA4 Ref B: LON04EDGE1014 Ref C: 2023-12-30T01:27:45Z
                                          date: Sat, 30 Dec 2023 01:27:45 GMT
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239317300925_1WNJI31X17K21EZ5K&pid=21.2&w=1920&h=1080&c=4
                                          Remote address:
                                          204.79.197.200:443
                                          Request
                                          GET /th?id=OADD2.10239317300925_1WNJI31X17K21EZ5K&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 327646
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 03579B4DD6D8409DA8A9B428769B2912 Ref B: LON04EDGE1014 Ref C: 2023-12-30T01:27:46Z
                                          date: Sat, 30 Dec 2023 01:27:45 GMT
                                        • flag-us
                                          GET
                                          https://tse1.mm.bing.net/th?id=OADD2.10239317301407_1XK9J8C92JQXSR9UG&pid=21.2&w=1080&h=1920&c=4
                                          Remote address:
                                          204.79.197.200:443
                                          Request
                                          GET /th?id=OADD2.10239317301407_1XK9J8C92JQXSR9UG&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
                                          host: tse1.mm.bing.net
                                          accept: */*
                                          accept-encoding: gzip, deflate, br
                                          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                          Response
                                          HTTP/2.0 200
                                          cache-control: public, max-age=2592000
                                          content-length: 349825
                                          content-type: image/jpeg
                                          x-cache: TCP_HIT
                                          access-control-allow-origin: *
                                          access-control-allow-headers: *
                                          access-control-allow-methods: GET, POST, OPTIONS
                                          timing-allow-origin: *
                                          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
                                          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: E99563F0AD1646799BBD12A2A9714FAE Ref B: LON04EDGE1014 Ref C: 2023-12-30T01:27:48Z
                                          date: Sat, 30 Dec 2023 01:27:47 GMT
                                        • flag-us
                                          DNS
                                          29.243.111.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          29.243.111.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          29.243.111.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          29.243.111.52.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          104.241.123.92.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          104.241.123.92.in-addr.arpa
                                          IN PTR
                                          Response
                                          104.241.123.92.in-addr.arpa
                                          IN PTR
                                          a92-123-241-104deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          104.241.123.92.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          104.241.123.92.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          119.110.54.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          119.110.54.20.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          119.110.54.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          119.110.54.20.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          119.110.54.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          119.110.54.20.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          209.178.17.96.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          209.178.17.96.in-addr.arpa
                                          IN PTR
                                          Response
                                          209.178.17.96.in-addr.arpa
                                          IN PTR
                                          a96-17-178-209deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          209.178.17.96.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          209.178.17.96.in-addr.arpa
                                          IN PTR
                                          Response
                                          209.178.17.96.in-addr.arpa
                                          IN PTR
                                          a96-17-178-209deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          217.135.221.88.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          217.135.221.88.in-addr.arpa
                                          IN PTR
                                          Response
                                          217.135.221.88.in-addr.arpa
                                          IN PTR
                                          a88-221-135-217deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          217.135.221.88.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          217.135.221.88.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          217.135.221.88.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          217.135.221.88.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          81.171.91.138.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          81.171.91.138.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          81.171.91.138.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          81.171.91.138.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          81.171.91.138.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          81.171.91.138.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          174.178.17.96.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          174.178.17.96.in-addr.arpa
                                          IN PTR
                                          Response
                                          174.178.17.96.in-addr.arpa
                                          IN PTR
                                          a96-17-178-174deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          174.178.17.96.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          174.178.17.96.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          8.179.89.13.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          8.179.89.13.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          8.179.89.13.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          8.179.89.13.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          176.178.17.96.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          176.178.17.96.in-addr.arpa
                                          IN PTR
                                          Response
                                          176.178.17.96.in-addr.arpa
                                          IN PTR
                                          a96-17-178-176deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          176.178.17.96.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          176.178.17.96.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          0.205.248.87.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          0.205.248.87.in-addr.arpa
                                          IN PTR
                                          Response
                                          0.205.248.87.in-addr.arpa
                                          IN PTR
                                          https-87-248-205-0lgwllnwnet
                                        • flag-us
                                          DNS
                                          0.205.248.87.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          0.205.248.87.in-addr.arpa
                                          IN PTR
                                          Response
                                          0.205.248.87.in-addr.arpa
                                          IN PTR
                                          https-87-248-205-0lgwllnwnet
                                        • 20.231.121.79:80
                                          156 B
                                          3
                                        • 172.67.34.170:443
                                          pastebin.com
                                          0439163d95fcc9dd62b91dff9dfdd2a7.exe
                                          190 B
                                          132 B
                                          4
                                          3
                                        • 64.91.240.248:443
                                          https://cutit.org/oxgBR
                                          tls, http
                                          0439163d95fcc9dd62b91dff9dfdd2a7.exe
                                          1.4kB
                                          5.9kB
                                          16
                                          12

                                          HTTP Request

                                          GET https://cutit.org/oxgBR

                                          HTTP Response

                                          200
                                        • 204.79.197.200:443
                                          tse1.mm.bing.net
                                          tls, http2
                                          1.1kB
                                          549 B
                                          10
                                          7
                                        • 204.79.197.200:443
                                          tse1.mm.bing.net
                                          tls, http2
                                          2.2kB
                                          601 B
                                          12
                                          8
                                        • 204.79.197.200:443
                                          tse1.mm.bing.net
                                          tls, http2
                                          1.3kB
                                          8.7kB
                                          17
                                          14
                                        • 204.79.197.200:443
                                          https://tse1.mm.bing.net/th?id=OADD2.10239317301407_1XK9J8C92JQXSR9UG&pid=21.2&w=1080&h=1920&c=4
                                          tls, http2
                                          76.6kB
                                          2.2MB
                                          1594
                                          1591

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301699_12NV8Y4ZR4ST0I53H&pid=21.2&w=1080&h=1920&c=4

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301290_1IGRZL9QG2RVKOW2C&pid=21.2&w=1920&h=1080&c=4

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239317300974_1FWKD3OQIJ5N50HNG&pid=21.2&w=1920&h=1080&c=4

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301358_1ZPBGXJ99CUBJXGTN&pid=21.2&w=1080&h=1920&c=4

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239317300925_1WNJI31X17K21EZ5K&pid=21.2&w=1920&h=1080&c=4

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301407_1XK9J8C92JQXSR9UG&pid=21.2&w=1080&h=1920&c=4

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200

                                          HTTP Response

                                          200
                                        • 204.79.197.200:443
                                          tse1.mm.bing.net
                                          tls, http2
                                          1.6kB
                                          8.3kB
                                          17
                                          14
                                        • 96.17.178.174:80
                                        • 8.8.8.8:53
                                          158.240.127.40.in-addr.arpa
                                          dns
                                          73 B
                                          147 B
                                          1
                                          1

                                          DNS Request

                                          158.240.127.40.in-addr.arpa

                                        • 8.8.8.8:53
                                          173.178.17.96.in-addr.arpa
                                          dns
                                          72 B
                                          137 B
                                          1
                                          1

                                          DNS Request

                                          173.178.17.96.in-addr.arpa

                                        • 8.8.8.8:53
                                          140.32.126.40.in-addr.arpa
                                          dns
                                          72 B
                                          158 B
                                          1
                                          1

                                          DNS Request

                                          140.32.126.40.in-addr.arpa

                                        • 8.8.8.8:53
                                          50.23.12.20.in-addr.arpa
                                          dns
                                          70 B
                                          156 B
                                          1
                                          1

                                          DNS Request

                                          50.23.12.20.in-addr.arpa

                                        • 8.8.8.8:53
                                          95.221.229.192.in-addr.arpa
                                          dns
                                          73 B
                                          144 B
                                          1
                                          1

                                          DNS Request

                                          95.221.229.192.in-addr.arpa

                                        • 8.8.8.8:53
                                          206.23.85.13.in-addr.arpa
                                          dns
                                          71 B
                                          145 B
                                          1
                                          1

                                          DNS Request

                                          206.23.85.13.in-addr.arpa

                                        • 8.8.8.8:53
                                          88.156.103.20.in-addr.arpa
                                          dns
                                          72 B
                                          158 B
                                          1
                                          1

                                          DNS Request

                                          88.156.103.20.in-addr.arpa

                                        • 8.8.8.8:53
                                          241.154.82.20.in-addr.arpa
                                          dns
                                          72 B
                                          158 B
                                          1
                                          1

                                          DNS Request

                                          241.154.82.20.in-addr.arpa

                                        • 8.8.8.8:53
                                          pastebin.com
                                          dns
                                          0439163d95fcc9dd62b91dff9dfdd2a7.exe
                                          58 B
                                          106 B
                                          1
                                          1

                                          DNS Request

                                          pastebin.com

                                          DNS Response

                                          172.67.34.170
                                          104.20.67.143
                                          104.20.68.143

                                        • 8.8.8.8:53
                                          cutit.org
                                          dns
                                          0439163d95fcc9dd62b91dff9dfdd2a7.exe
                                          55 B
                                          71 B
                                          1
                                          1

                                          DNS Request

                                          cutit.org

                                          DNS Response

                                          64.91.240.248

                                        • 8.8.8.8:53
                                          170.34.67.172.in-addr.arpa
                                          dns
                                          72 B
                                          134 B
                                          1
                                          1

                                          DNS Request

                                          170.34.67.172.in-addr.arpa

                                        • 8.8.8.8:53
                                          248.240.91.64.in-addr.arpa
                                          dns
                                          72 B
                                          109 B
                                          1
                                          1

                                          DNS Request

                                          248.240.91.64.in-addr.arpa

                                        • 8.8.8.8:53
                                          18.134.221.88.in-addr.arpa
                                          dns
                                          72 B
                                          137 B
                                          1
                                          1

                                          DNS Request

                                          18.134.221.88.in-addr.arpa

                                        • 8.8.8.8:53
                                          40.13.222.173.in-addr.arpa
                                          dns
                                          72 B
                                          137 B
                                          1
                                          1

                                          DNS Request

                                          40.13.222.173.in-addr.arpa

                                        • 8.8.8.8:53
                                          41.110.16.96.in-addr.arpa
                                          dns
                                          71 B
                                          135 B
                                          1
                                          1

                                          DNS Request

                                          41.110.16.96.in-addr.arpa

                                        • 8.8.8.8:53
                                          193.179.17.96.in-addr.arpa
                                          dns
                                          72 B
                                          137 B
                                          1
                                          1

                                          DNS Request

                                          193.179.17.96.in-addr.arpa

                                        • 8.8.8.8:53
                                          59.128.231.4.in-addr.arpa
                                          dns
                                          71 B
                                          157 B
                                          1
                                          1

                                          DNS Request

                                          59.128.231.4.in-addr.arpa

                                        • 8.8.8.8:53
                                          43.58.199.20.in-addr.arpa
                                          dns
                                          142 B
                                          314 B
                                          2
                                          2

                                          DNS Request

                                          43.58.199.20.in-addr.arpa

                                          DNS Request

                                          43.58.199.20.in-addr.arpa

                                        • 8.8.8.8:53
                                          tse1.mm.bing.net
                                          dns
                                          124 B
                                          346 B
                                          2
                                          2

                                          DNS Request

                                          tse1.mm.bing.net

                                          DNS Request

                                          tse1.mm.bing.net

                                          DNS Response

                                          204.79.197.200
                                          13.107.21.200

                                          DNS Response

                                          204.79.197.200
                                          13.107.21.200

                                        • 8.8.8.8:53
                                          29.243.111.52.in-addr.arpa
                                          dns
                                          144 B
                                          158 B
                                          2
                                          1

                                          DNS Request

                                          29.243.111.52.in-addr.arpa

                                          DNS Request

                                          29.243.111.52.in-addr.arpa

                                        • 8.8.8.8:53
                                          104.241.123.92.in-addr.arpa
                                          dns
                                          146 B
                                          139 B
                                          2
                                          1

                                          DNS Request

                                          104.241.123.92.in-addr.arpa

                                          DNS Request

                                          104.241.123.92.in-addr.arpa

                                        • 8.8.8.8:53
                                          119.110.54.20.in-addr.arpa
                                          dns
                                          216 B
                                          158 B
                                          3
                                          1

                                          DNS Request

                                          119.110.54.20.in-addr.arpa

                                          DNS Request

                                          119.110.54.20.in-addr.arpa

                                          DNS Request

                                          119.110.54.20.in-addr.arpa

                                        • 8.8.8.8:53
                                          209.178.17.96.in-addr.arpa
                                          dns
                                          144 B
                                          274 B
                                          2
                                          2

                                          DNS Request

                                          209.178.17.96.in-addr.arpa

                                          DNS Request

                                          209.178.17.96.in-addr.arpa

                                        • 8.8.8.8:53
                                          217.135.221.88.in-addr.arpa
                                          dns
                                          219 B
                                          139 B
                                          3
                                          1

                                          DNS Request

                                          217.135.221.88.in-addr.arpa

                                          DNS Request

                                          217.135.221.88.in-addr.arpa

                                          DNS Request

                                          217.135.221.88.in-addr.arpa

                                        • 8.8.8.8:53
                                          81.171.91.138.in-addr.arpa
                                          dns
                                          216 B
                                          146 B
                                          3
                                          1

                                          DNS Request

                                          81.171.91.138.in-addr.arpa

                                          DNS Request

                                          81.171.91.138.in-addr.arpa

                                          DNS Request

                                          81.171.91.138.in-addr.arpa

                                        • 8.8.8.8:53
                                          174.178.17.96.in-addr.arpa
                                          dns
                                          144 B
                                          137 B
                                          2
                                          1

                                          DNS Request

                                          174.178.17.96.in-addr.arpa

                                          DNS Request

                                          174.178.17.96.in-addr.arpa

                                        • 8.8.8.8:53
                                          8.179.89.13.in-addr.arpa
                                          dns
                                          140 B
                                          144 B
                                          2
                                          1

                                          DNS Request

                                          8.179.89.13.in-addr.arpa

                                          DNS Request

                                          8.179.89.13.in-addr.arpa

                                        • 8.8.8.8:53
                                          176.178.17.96.in-addr.arpa
                                          dns
                                          144 B
                                          137 B
                                          2
                                          1

                                          DNS Request

                                          176.178.17.96.in-addr.arpa

                                          DNS Request

                                          176.178.17.96.in-addr.arpa

                                        • 8.8.8.8:53
                                          0.205.248.87.in-addr.arpa
                                          dns
                                          142 B
                                          232 B
                                          2
                                          2

                                          DNS Request

                                          0.205.248.87.in-addr.arpa

                                          DNS Request

                                          0.205.248.87.in-addr.arpa

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Temp\0439163d95fcc9dd62b91dff9dfdd2a7.exe

                                          Filesize

                                          658KB

                                          MD5

                                          c5ecf953ae04bf62da48f43549a983bb

                                          SHA1

                                          29cebba700b99c60192870efa15f2aa5401a4277

                                          SHA256

                                          e3025912d11a58d31277b374605da31fe33eac6f7e0ab8d1e4185e5ef2da67ad

                                          SHA512

                                          4baa9fc048bee468c73e98cf0a77f8a3401222555358bd16fff7616f443b023de5f3a444883c79b57e41e853697f8b6f0666b40d1e54c367b2772fcdc3efc6c1

                                        • C:\Users\Admin\AppData\Local\Temp\wTsWRa.xml

                                          Filesize

                                          1KB

                                          MD5

                                          0deedb441ecda8d25abbb184de4a0ed6

                                          SHA1

                                          c164c10f0df0c1d6fba90bf8137d045274b3ca57

                                          SHA256

                                          12c9753c1af735705d5a703efab95cf2d0aa3a945e48f5247aae8611f17c585a

                                          SHA512

                                          c27d87360997b52b0103e156ad01b28c485964dc5202db164d3e3de19b8235374ad157b1822e25e4a1fa76c2a6534c230a34d49e40a68ad468042f7660a58384

                                        • memory/400-15-0x0000000000400000-0x000000000065C000-memory.dmp

                                          Filesize

                                          2.4MB

                                        • memory/400-17-0x0000000001730000-0x00000000017AE000-memory.dmp

                                          Filesize

                                          504KB

                                        • memory/400-22-0x0000000000470000-0x00000000004DB000-memory.dmp

                                          Filesize

                                          428KB

                                        • memory/400-23-0x0000000000400000-0x000000000045B000-memory.dmp

                                          Filesize

                                          364KB

                                        • memory/400-40-0x0000000000400000-0x000000000065C000-memory.dmp

                                          Filesize

                                          2.4MB

                                        • memory/4016-0-0x0000000000400000-0x000000000065C000-memory.dmp

                                          Filesize

                                          2.4MB

                                        • memory/4016-1-0x0000000000400000-0x000000000046B000-memory.dmp

                                          Filesize

                                          428KB

                                        • memory/4016-3-0x0000000024FF0000-0x000000002506E000-memory.dmp

                                          Filesize

                                          504KB

                                        • memory/4016-13-0x0000000000400000-0x000000000046B000-memory.dmp

                                          Filesize

                                          428KB

                                        We care about your privacy.

                                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.