Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

66f4ada621...ed.exe

windows7-x64

10

66f4ada621...ed.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 06:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66f4ada6211466ba531559f800947aed.exe

  • Size

    512KB

  • MD5

    66f4ada6211466ba531559f800947aed

  • SHA1

    5c56be827ec9a7183ba3ee581a63c23e8a55441c

  • SHA256

    86b99fa5ed242d31dd6253954980dba497709b58ae5202c4f7da53d66c140e3e

  • SHA512

    5446beca76cf4e8491b0214a702e44625521b282c4c8f9979dc0d3e78ae94f515a98416bf52fc441fc83b7b09f4f8faf5ef8553eb6d45db96a538c87ff277d9e

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6Z:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5C

Score
10/10
evasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 14 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 13 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66f4ada6211466ba531559f800947aed.exe
    "C:\Users\Admin\AppData\Local\Temp\66f4ada6211466ba531559f800947aed.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4424
    • C:\Windows\SysWOW64\pejiapdtyg.exe
      pejiapdtyg.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3288
      • C:\Windows\SysWOW64\wuofgpwr.exe
        C:\Windows\system32\wuofgpwr.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4444
    • C:\Windows\SysWOW64\wqtzurnwhibrrtj.exe
      wqtzurnwhibrrtj.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:692
    • C:\Windows\SysWOW64\nccbhyzqshipx.exe
      nccbhyzqshipx.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3448
    • C:\Windows\SysWOW64\wuofgpwr.exe
      wuofgpwr.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:720
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:5092

Network

  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    64.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    64.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.32.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.32.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.a-0001.a-msedge.net
    g-bing-com.a-0001.a-msedge.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e1979bc4cb684a6cb6b893da0a29169c&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e1979bc4cb684a6cb6b893da0a29169c&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=355C760926956F712BB56202272E6EFF; domain=.bing.com; expires=Wed, 12-Feb-2025 06:44:20 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 23F35098319E46DAABFE092715ADA761 Ref B: LON04EDGE0916 Ref C: 2024-01-19T06:44:20Z
    date: Fri, 19 Jan 2024 06:44:19 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e1979bc4cb684a6cb6b893da0a29169c&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e1979bc4cb684a6cb6b893da0a29169c&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=355C760926956F712BB56202272E6EFF
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=nqDugAptrahZP-1VwPKPsSVJe4jW5eTqadTQyWQ0e9Q; domain=.bing.com; expires=Wed, 12-Feb-2025 06:44:20 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4D6D3C5686E3410A872D959CA2D9D623 Ref B: LON04EDGE0916 Ref C: 2024-01-19T06:44:20Z
    date: Fri, 19 Jan 2024 06:44:19 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e1979bc4cb684a6cb6b893da0a29169c&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
    Remote address:
    204.79.197.200:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e1979bc4cb684a6cb6b893da0a29169c&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=355C760926956F712BB56202272E6EFF; MSPTC=nqDugAptrahZP-1VwPKPsSVJe4jW5eTqadTQyWQ0e9Q
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 04D813C2CC5D4D11AFAE084705F1F064 Ref B: LON04EDGE0916 Ref C: 2024-01-19T06:44:20Z
    date: Fri, 19 Jan 2024 06:44:19 GMT
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.98.74.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.98.74.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301286_1KT9BFBV33M44HHCV&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301286_1KT9BFBV33M44HHCV&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 370065
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 166240F9D57441DFB7D23BA100C1EAC6 Ref B: LON04EDGE0709 Ref C: 2024-01-19T06:45:52Z
    date: Fri, 19 Jan 2024 06:45:51 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 387682
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 85F1D42D0B2043559D1678B1AE92CF6D Ref B: LON04EDGE0709 Ref C: 2024-01-19T06:45:52Z
    date: Fri, 19 Jan 2024 06:45:51 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301347_122FD5KJ6L2T045SX&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301347_122FD5KJ6L2T045SX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 375947
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 174DF4DEB8734A3A805443F26385EC9D Ref B: LON04EDGE0709 Ref C: 2024-01-19T06:45:52Z
    date: Fri, 19 Jan 2024 06:45:51 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 339880
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: ECEFDA0A62664DAFAB1BFF9786336D00 Ref B: LON04EDGE0709 Ref C: 2024-01-19T06:45:52Z
    date: Fri, 19 Jan 2024 06:45:51 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300914_1CZ3WZGN4XC0X7SDC&pid=21.2&w=1920&h=1080&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300914_1CZ3WZGN4XC0X7SDC&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 470325
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E657A36450F548C0BB9490426BBCDC75 Ref B: LON04EDGE0709 Ref C: 2024-01-19T06:45:52Z
    date: Fri, 19 Jan 2024 06:45:51 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301695_1CG9B4GZ4R1NIM1DO&pid=21.2&w=1080&h=1920&c=4
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301695_1CG9B4GZ4R1NIM1DO&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 354350
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 32887236F23941F1A02D093ED094EE22 Ref B: LON04EDGE0709 Ref C: 2024-01-19T06:45:53Z
    date: Fri, 19 Jan 2024 06:45:52 GMT
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    91.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    91.65.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    91.65.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    91.65.42.20.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.200:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e1979bc4cb684a6cb6b893da0a29169c&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=
    tls, http2
    2.0kB
     9.4kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e1979bc4cb684a6cb6b893da0a29169c&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=e1979bc4cb684a6cb6b893da0a29169c&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=e1979bc4cb684a6cb6b893da0a29169c&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

    HTTP Response

    204
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301695_1CG9B4GZ4R1NIM1DO&pid=21.2&w=1080&h=1920&c=4
    tls, http2
    91.9kB
     2.4MB
     1750
    1746

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301286_1KT9BFBV33M44HHCV&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301347_122FD5KJ6L2T045SX&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300914_1CZ3WZGN4XC0X7SDC&pid=21.2&w=1920&h=1080&c=4

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301695_1CG9B4GZ4R1NIM1DO&pid=21.2&w=1080&h=1920&c=4

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    64.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    64.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    97.32.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.32.109.52.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     158 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    194.98.74.40.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    194.98.74.40.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    91.65.42.20.in-addr.arpa
    dns
    140 B
     312 B
     2
    2

    DNS Request

    91.65.42.20.in-addr.arpa

    DNS Request

    91.65.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
    Filesize

    418KB

    MD5

    0d0ab02e37cb109125748a04f7385251

    SHA1

    52b4cbd6daa8db70ac9a8c6240345a1a1b69189c

    SHA256

    9257aa2c073aed4ebda3c07b8489b269549d11dd38063743e596bdae6ebdc95c

    SHA512

    d624ed66b8d795d51d41a982edfd3382f64524f6a8962eb95d6ff0820e02ff803b76279e5ec2cfb180806045595ab78db6d6a30ceead0ee0a0a65853cd045e59

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
    Filesize

    393KB

    MD5

    abc9403ac943318bd54c2614e1421491

    SHA1

    135da7cc0b2757699da5b5d3d072443197d4a22b

    SHA256

    5a7818d8fb7438ca77cbf33425c7aeb93bde026990ce8543ca70a9ac4e09b37d

    SHA512

    1517a9d6a85deb4e698e771452b83dd2d35d93759abe6a95479c1945025c4af2dd812bb4a924cedbbce87ec87d18792b3efec527e19c08d71404850924a3b431

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    239B

    MD5

    12b138a5a40ffb88d1850866bf2959cd

    SHA1

    57001ba2de61329118440de3e9f8a81074cb28a2

    SHA256

    9def83813762ad0c5f6fdd68707d43b7ccd26633b2123254272180d76bc3faaf

    SHA512

    9f69865a791d09dec41df24d68ad2ab8292d1b5beeca8324ba02feba71a66f1ca4bb44954e760c0037c8db1ac00d71581cab4c77acbc3fb741940b17ccc444eb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    3KB

    MD5

    860968886b45c3bd7a9f35c8eb7c1426

    SHA1

    5e3867896d45743d0f568aacdf0bdf6e3ed074c4

    SHA256

    2649e03b0dfe80ddf983ad2a05c99390cf2e656aa8a0b819cdeb3509cd6a7cbb

    SHA512

    c98459f1f6ebf673b8e0eb8decf4ff8d0f86995f64c22c185a60395d179ee64129eea28798ca43fbe9c9d6958ef3895587eb4f83e22e45a670238cfc1511cd44

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    3KB

    MD5

    1871860c8558d0c3c3de322ade4d27c2

    SHA1

    c27f8c0c1cf23808eb52ce71c2a89886226ce208

    SHA256

    72cfa083cecc35a665a0bd31e835be45eef47451d1e0bf551a97aa6baf945e46

    SHA512

    4085b52ed5f6904983a55c1e459b3b637e02e8a908bd6670c6444902ca49eeea178f44ae23cda4348c934a6a98c93c7dbe33b74dfb8d87ee13abd66b122d31c7

    Download Submit

  • C:\Windows\SysWOW64\nccbhyzqshipx.exe
    Filesize

    57KB

    MD5

    3a81bb7f89fff51fd80d1e9e1e60471f

    SHA1

    7c04e73b47855108f7cb0f1f8e76b71078d74158

    SHA256

    7afee2b09ec479879bca80da134ceff2df40ad8eff99ed5b1461e6b64e3c474e

    SHA512

    d8500626b99b14b8e441c88b9a8431db9188b5dea17610b1d5ff35a199195026f6c9961281e7c3a4babe8c88b1a949a03a42c6872e2eb0ec1761f65095f777cc

    Download Submit

  • C:\Windows\SysWOW64\nccbhyzqshipx.exe
    Filesize

    12KB

    MD5

    c5069d67dbc788cc6221ae2642ce4944

    SHA1

    3ce79f390a31e97c4e3797732949844a1748f450

    SHA256

    88585bdeb224abf279d13e22cfd6341a441e16049f83bb6e6dca11bed70e1730

    SHA512

    2399d9e6cb3a9cb759fb4000ffb5a43759e58a1108e510692cf9aede2a3bb622df8cd605e336a03293618b7b2c0be87f562a5cc22043afe36b6d42904a66757a

    Download Submit

  • C:\Windows\SysWOW64\pejiapdtyg.exe
    Filesize

    283KB

    MD5

    b2661ef7054b1218c969e400be697566

    SHA1

    a28ae64b5e2f1355b7f6ebace76cbf581d5a026e

    SHA256

    e5a4f02ec36fb412b27806d6404eb5b14a10c58e87bee93cc072fa81013d4032

    SHA512

    bce59af2df2472153bd13ea88639a8408723576bf5510643c79d27e6fe9ee9cb1f1809c2ed3423113e053a3074b7db9522b6c1fbfd2d64aea63d15d607578588

    Download Submit

  • C:\Windows\SysWOW64\pejiapdtyg.exe
    Filesize

    222KB

    MD5

    6adf09ad9b4bd10eba63f7b6e613f929

    SHA1

    b5986838db5a89972a99931184b9f25260c09b6a

    SHA256

    6a50900e6f8240b9d342601a23d447c8a57693ba54611427ba2276d0a9d39522

    SHA512

    9f5ea753bdb2d6512b082064cdb440a7d539594943a9f009d3861a04bef3a6b06d25d39a539c7dfdb42eebf2da19326aeeb1ba3e098c0a1ea73b1b9772eca15a

    Download Submit

  • C:\Windows\SysWOW64\wqtzurnwhibrrtj.exe
    Filesize

    46KB

    MD5

    78b26a21ffc5e8dd9cbfab320d10d0a8

    SHA1

    90dae6cb79f75118918685d5c0a02a65a48de820

    SHA256

    cc936b7028a506fa760ceaa4369e1178ade0e79114b09f766592027021ca1607

    SHA512

    bf8bc14028bdcd3b09e71321de198d05cbabf27e850976260a8452083df45730aed98de8c43406d4bfcdcae07e7133f940d679008054e8c773ed8f69eccd757a

    Download Submit

  • C:\Windows\SysWOW64\wqtzurnwhibrrtj.exe
    Filesize

    131KB

    MD5

    cd0ef21e3cea98f9806b9a4087aea48c

    SHA1

    f869016dba463d8e30c10ee0c65615b30249898d

    SHA256

    c0a118af8ae2e46cb15517398d30997bde23d28aaab6cbf7f602f6858584e34d

    SHA512

    c262654d69d8cc2d29fa1ac88b071ebc773c19b4436a37fdf6904a7525dfe7f5f92d4a287adbad154e5b51ef17587906a35231678368f4dac2fe7922633ff3b2

    Download Submit

  • C:\Windows\SysWOW64\wqtzurnwhibrrtj.exe
    Filesize

    199KB

    MD5

    e7501b78874eafa9eb7c7d9694602d71

    SHA1

    43bf8790f238872a03518ab49f5b29a35d95f91a

    SHA256

    3b5835774ca744f60de5729ca1d23c2f4377f5d72ef5bbfabd5a14fd8fdd752e

    SHA512

    bfa2acd2bd804c47a890ae2a1f7367d7bd9876a71dcc6120d9b2fbba292a63e5af8913d25022935a8b61e925fb90f14e16fe679882ccc2562857a9e2d2e9bb59

    Download Submit

  • C:\Windows\SysWOW64\wuofgpwr.exe
    Filesize

    97KB

    MD5

    8f5f07fc16166a74bd5f7d8aa330026c

    SHA1

    1dee45ab58b5c96207eb41fae663af0ec3e61be0

    SHA256

    8ba80c8ed67ea9990ea4c82b5d9ef8a74350fbfe0675f903388bf17c56d30450

    SHA512

    7a11e546304a00543143759101e4211c2b73ef395678bd9dfb03fa80a4fb259ce4bfd087651be11c0c9bac2e71cd3f8f79133b51fb4006a7ec5902a9b10aa8a7

    Download Submit

  • C:\Windows\SysWOW64\wuofgpwr.exe
    Filesize

    37KB

    MD5

    a7c2eb2f173500a117961030503493ab

    SHA1

    c6d3cb35921890e7d98c975a2622174e6f845722

    SHA256

    84cc286464b2bfbeaa0cf1182ceef85cdeb504715b9af8f2fc579d579eb787cc

    SHA512

    70ce72d6140c77060514692b5a14543219749835bf124e5fa556e9559ac8ed44679fee114052064e272b27bb66ff85e69630e8f70f75433d9444ca3b998cb45f

    Download Submit

  • C:\Windows\SysWOW64\wuofgpwr.exe
    Filesize

    329KB

    MD5

    21761281b0e41efa5938fb34bb2a15d5

    SHA1

    1f4cbdbcae61d80593de6ff91f70fbeba87d9b16

    SHA256

    738c6f9f7d408f564fd2218347317eefa9e1c69e4a83d4503cb6c82dadd66104

    SHA512

    c6c89e6a18cbfad5f372d3f13f90d2953ef9e25de1f86ea8a07de9383040280f9ab2483f0941c394b2a240c83338865bae11c8372f19903fedeaade963b4dc07

    Download Submit

  • C:\Windows\mydoc.rtf
    Filesize

    223B

    MD5

    06604e5941c126e2e7be02c5cd9f62ec

    SHA1

    4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

    SHA256

    85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

    SHA512

    803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    512KB

    MD5

    6eec5c61aa9b7676b335769d8c5664b8

    SHA1

    d1fa0c6f4b55347011004ae837f528f5b36a35ab

    SHA256

    fd994d3f575da504c69bb930df05f54f61e16e634f6a3c76d70dd52324f7fdef

    SHA512

    f23327e5bec42f86886ff95707a0bfceac96b8b7d3e93958fb9031c9e090a5e39b45ad84957f8cf335432b7886abb0f74c59c74bc4ea562f1ee73c283508351c

    Download Submit

  • memory/4424-0-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download

  • memory/5092-39-0x00007FF98BE10000-0x00007FF98BE20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-41-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-35-0x00007FF98BE10000-0x00007FF98BE20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-46-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-47-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-48-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-49-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-50-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-51-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-53-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-52-0x00007FF989A90000-0x00007FF989AA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-54-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-56-0x00007FF989A90000-0x00007FF989AA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-55-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-40-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-37-0x00007FF98BE10000-0x00007FF98BE20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-43-0x00007FF98BE10000-0x00007FF98BE20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-45-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-44-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-42-0x00007FF98BE10000-0x00007FF98BE20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-38-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-36-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-112-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-113-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-114-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-136-0x00007FF98BE10000-0x00007FF98BE20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-137-0x00007FF98BE10000-0x00007FF98BE20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-138-0x00007FF98BE10000-0x00007FF98BE20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-140-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-139-0x00007FF98BE10000-0x00007FF98BE20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5092-142-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5092-141-0x00007FF9CBD90000-0x00007FF9CBF85000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.