Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

bbb786619b...cd.exe

windows7-x64

10

bbb786619b...cd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/03/2024, 16:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bbb786619b7371680726d89dc2b5bccd.exe

  • Size

    512KB

  • MD5

    bbb786619b7371680726d89dc2b5bccd

  • SHA1

    ee1d8db853cb3e977816a9f5d08b392faa06c232

  • SHA256

    ec424e4137803921bb6a96ecf2c5105f84571b8e72866d7f9692bdaec8979850

  • SHA512

    08349691205d42db82c5beae31ad654132087849ac63e56b8c702d052bc3dcd7cacdf189d7a6549add572928bc0039f64d5209a7fd87eed86eafe12299198b7d

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6j:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5W

Score
10/10
evasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 14 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 13 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bbb786619b7371680726d89dc2b5bccd.exe
    "C:\Users\Admin\AppData\Local\Temp\bbb786619b7371680726d89dc2b5bccd.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\Windows\SysWOW64\ichevcwmvc.exe
      ichevcwmvc.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4032
      • C:\Windows\SysWOW64\nqwclbvq.exe
        C:\Windows\system32\nqwclbvq.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1980
    • C:\Windows\SysWOW64\stggqcnsamxicsm.exe
      stggqcnsamxicsm.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4580
    • C:\Windows\SysWOW64\nqwclbvq.exe
      nqwclbvq.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3772
    • C:\Windows\SysWOW64\sliksfxzokyrd.exe
      sliksfxzokyrd.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3900
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:456
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3908 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1136

    Network

    • flag-us
      DNS
      2.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      2.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      173.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      173.178.17.96.in-addr.arpa
      IN PTR
      Response
      173.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-173deploystaticakamaitechnologiescom
    • flag-us
      DNS
      41.110.16.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      41.110.16.96.in-addr.arpa
      IN PTR
      Response
      41.110.16.96.in-addr.arpa
      IN PTR
      a96-16-110-41deploystaticakamaitechnologiescom
    • flag-us
      DNS
      175.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      175.178.17.96.in-addr.arpa
      IN PTR
      Response
      175.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-175deploystaticakamaitechnologiescom
    • flag-us
      DNS
      149.220.183.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.220.183.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.a-0001.a-msedge.net
      g-bing-com.a-0001.a-msedge.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=323B9133FCAE60320A59850FFD4E610B; domain=.bing.com; expires=Wed, 02-Apr-2025 16:25:56 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 6316C32006574B6AA7DD18D5C56E01E4 Ref B: LON04EDGE1010 Ref C: 2024-03-08T16:25:56Z
      date: Fri, 08 Mar 2024 16:25:56 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=323B9133FCAE60320A59850FFD4E610B
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=7ROAVWh1O2Jx24Mkqe9YefYVMkBKVYkQYpgO53HI6K4; domain=.bing.com; expires=Wed, 02-Apr-2025 16:25:56 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 071FD2DD831B435CBD2355C736ACC1AC Ref B: LON04EDGE1010 Ref C: 2024-03-08T16:25:56Z
      date: Fri, 08 Mar 2024 16:25:56 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
      Remote address:
      204.79.197.200:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=323B9133FCAE60320A59850FFD4E610B; MSPTC=7ROAVWh1O2Jx24Mkqe9YefYVMkBKVYkQYpgO53HI6K4
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 3647798DEB8C4AAD9C3555B1AC660E7A Ref B: LON04EDGE1010 Ref C: 2024-03-08T16:25:56Z
      date: Fri, 08 Mar 2024 16:25:56 GMT
    • flag-us
      DNS
      200.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.197.79.204.in-addr.arpa
      IN PTR
      Response
      200.197.79.204.in-addr.arpa
      IN PTR
      a-0001a-msedgenet
    • flag-us
      DNS
      97.32.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.32.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      103.169.127.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      103.169.127.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      56.126.166.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      56.126.166.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      104.246.116.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      104.246.116.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      140.71.91.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      140.71.91.104.in-addr.arpa
      IN PTR
      Response
      140.71.91.104.in-addr.arpa
      IN PTR
      a104-91-71-140deploystaticakamaitechnologiescom
    • flag-us
      DNS
      28.118.140.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      28.118.140.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      232.168.11.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      232.168.11.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      177.178.17.96.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      177.178.17.96.in-addr.arpa
      IN PTR
      Response
      177.178.17.96.in-addr.arpa
      IN PTR
      a96-17-178-177deploystaticakamaitechnologiescom
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      57.169.31.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      57.169.31.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      123.10.44.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      123.10.44.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      tse1.mm.bing.net
      Remote address:
      8.8.8.8:53
      Request
      tse1.mm.bing.net
      IN A
      Response
      tse1.mm.bing.net
      IN CNAME
      mm-mm.bing.net.trafficmanager.net
      mm-mm.bing.net.trafficmanager.net
      IN CNAME
      dual-a-0001.a-msedge.net
      dual-a-0001.a-msedge.net
      IN A
      204.79.197.200
      dual-a-0001.a-msedge.net
      IN A
      13.107.21.200
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301273_1ROIHU6FASJOW5JNQ&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301273_1ROIHU6FASJOW5JNQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 174803
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 77985F25B9D24EE98728ACAC72758FAB Ref B: LON04EDGE0707 Ref C: 2024-03-08T16:27:57Z
      date: Fri, 08 Mar 2024 16:27:56 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 576858
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 4A5F3409978B44A3BE107F3121691395 Ref B: LON04EDGE0707 Ref C: 2024-03-08T16:27:57Z
      date: Fri, 08 Mar 2024 16:27:56 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301454_12LN3IPS70E59IPEE&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301454_12LN3IPS70E59IPEE&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 362402
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: BED98BAACC5E445A9FB7007A0B87C496 Ref B: LON04EDGE0707 Ref C: 2024-03-08T16:27:57Z
      date: Fri, 08 Mar 2024 16:27:56 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301021_1D3N1Y6R7IJFN8TBU&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301021_1D3N1Y6R7IJFN8TBU&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 367610
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 15D42116C81B4896A6D139CF5C3071CC Ref B: LON04EDGE0707 Ref C: 2024-03-08T16:27:57Z
      date: Fri, 08 Mar 2024 16:27:56 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239317301682_1B11K51A57M6DT1OI&pid=21.2&w=1080&h=1920&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239317301682_1B11K51A57M6DT1OI&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 497934
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 7F635D0EA67B473CB0058D6E1ED2B33D Ref B: LON04EDGE0707 Ref C: 2024-03-08T16:27:57Z
      date: Fri, 08 Mar 2024 16:27:56 GMT
    • flag-us
      GET
      https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&w=1920&h=1080&c=4
      Remote address:
      204.79.197.200:443
      Request
      GET /th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
      host: tse1.mm.bing.net
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-length: 132331
      content-type: image/jpeg
      x-cache: TCP_HIT
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 17B5B9548333481F864DD1A489BB0798 Ref B: LON04EDGE0707 Ref C: 2024-03-08T16:27:59Z
      date: Fri, 08 Mar 2024 16:27:58 GMT
    • 142.250.187.234:443
      46 B
       40 B
       1
      1
    • 204.79.197.200:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=
      tls, http2
      2.0kB
       9.2kB
       21
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

      HTTP Response

      204
    • 13.107.253.64:443
      46 B
       40 B
       1
      1
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 204.79.197.200:443
      https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&w=1920&h=1080&c=4
      tls, http2
      78.1kB
       2.2MB
       1602
      1596

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301273_1ROIHU6FASJOW5JNQ&pid=21.2&w=1920&h=1080&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301454_12LN3IPS70E59IPEE&pid=21.2&w=1080&h=1920&c=4

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301021_1D3N1Y6R7IJFN8TBU&pid=21.2&w=1920&h=1080&c=4

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239317301682_1B11K51A57M6DT1OI&pid=21.2&w=1080&h=1920&c=4

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Response

      200

      HTTP Request

      GET https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&w=1920&h=1080&c=4

      HTTP Response

      200
    • 204.79.197.200:443
      tse1.mm.bing.net
      tls, http2
      1.2kB
       8.1kB
       16
      14
    • 8.8.8.8:53
      2.159.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      2.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      9.228.82.20.in-addr.arpa

    • 8.8.8.8:53
      173.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      173.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      41.110.16.96.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      41.110.16.96.in-addr.arpa

    • 8.8.8.8:53
      175.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      175.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      149.220.183.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      149.220.183.52.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       158 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.200
      13.107.21.200

    • 8.8.8.8:53
      200.197.79.204.in-addr.arpa
      dns
      73 B
       106 B
       1
      1

      DNS Request

      200.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      97.32.109.52.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      97.32.109.52.in-addr.arpa

    • 8.8.8.8:53
      103.169.127.40.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      103.169.127.40.in-addr.arpa

    • 8.8.8.8:53
      56.126.166.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      56.126.166.20.in-addr.arpa

    • 8.8.8.8:53
      104.246.116.51.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      104.246.116.51.in-addr.arpa

    • 8.8.8.8:53
      140.71.91.104.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      140.71.91.104.in-addr.arpa

    • 8.8.8.8:53
      28.118.140.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      28.118.140.52.in-addr.arpa

    • 8.8.8.8:53
      232.168.11.51.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      232.168.11.51.in-addr.arpa

    • 8.8.8.8:53
      177.178.17.96.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      177.178.17.96.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      57.169.31.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      57.169.31.20.in-addr.arpa

    • 8.8.8.8:53
      123.10.44.20.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      123.10.44.20.in-addr.arpa

    • 8.8.8.8:53
      tse1.mm.bing.net
      dns
      62 B
       173 B
       1
      1

      DNS Request

      tse1.mm.bing.net

      DNS Response

      204.79.197.200
      13.107.21.200

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
      Filesize

      512KB

      MD5

      e2343dd2da9f4215036ffe65a946f19c

      SHA1

      def900781047a71022d276fcb7852f70de96d8bd

      SHA256

      4e849920a216a6c74f42c6df1db53e6183b2f3199f6ca274dd98f46baef8a411

      SHA512

      fb9013f83501bfb919012f78ae2ce188263767f3ac9de9aa150024cc0f7a33d0633efae74990b56ba955a447f0ad2b40b903a37ab6c6d35a48f34457e786dd61

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
      Filesize

      239B

      MD5

      12b138a5a40ffb88d1850866bf2959cd

      SHA1

      57001ba2de61329118440de3e9f8a81074cb28a2

      SHA256

      9def83813762ad0c5f6fdd68707d43b7ccd26633b2123254272180d76bc3faaf

      SHA512

      9f69865a791d09dec41df24d68ad2ab8292d1b5beeca8324ba02feba71a66f1ca4bb44954e760c0037c8db1ac00d71581cab4c77acbc3fb741940b17ccc444eb

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
      Filesize

      3KB

      MD5

      0d3507e232482dbac3a13fd780b7837b

      SHA1

      822f1a5f5e14257cfc393c6ac720e3498fe1b592

      SHA256

      e9d55d3aecdd3af841c4502137727c365d50cd344c8c73979ec8f32e97170b90

      SHA512

      1fc6b24f37cc91a393fb771580dfd0cb9e2d201d49006ff0979adceca403cc2434114419cd9ee29dfd9c6c6a622d83998e19392ae4682dc9eb14c61bd88b6118

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
      Filesize

      3KB

      MD5

      a8d568aa91e8e8380d1addfc62d93eda

      SHA1

      acc0dd67b62330622aae992c2befed78d096db84

      SHA256

      cf38e406f229a2289ee9df75fa393b5f6df6541a79a41581b9d34d013a28422c

      SHA512

      85a6f84e82979cd830c8765e64dcb2745767b626bd84ff25fb827d4d9468e0d71615ac96755a57a0b55586b78a2b065d2d4a1f0fd7d78357aa00a06d090e530b

      Download Submit

    • C:\Users\Admin\Documents\CopyTest.doc.exe
      Filesize

      512KB

      MD5

      92eeaea39f977f1602536000520bef54

      SHA1

      79ff33c6278a1b13e1a932820036fa2b376cce29

      SHA256

      005a2df9e4afd56531db150b8193dac8edde0482b643ea0811c852f17ac087d2

      SHA512

      602b7978be78cced8235b761e1cce2b9b9e8fff590908605a9fd319dde83cb1f4932914026a8455d22d46c7a26b1dbda019740af281a00b24a96bc594ff46953

      Download Submit

    • C:\Windows\SysWOW64\ichevcwmvc.exe
      Filesize

      512KB

      MD5

      ff433177142e057298a4213fae33a97d

      SHA1

      6240e7e03a3983c944a8812b93c53acdf6d164cf

      SHA256

      66a711ce2c099a0fd822441e68c3c381c6855d8a2183b82763d13f1c77db72b6

      SHA512

      b74605c15c8a4e1cac8bb4704c579aca56642e00765a3dbb6181d66fec856b0acc4b2520ff0cfba665887d1d800cf4b088b7b4aff6adbed71e72d0c384ac916d

      Download Submit

    • C:\Windows\SysWOW64\nqwclbvq.exe
      Filesize

      448KB

      MD5

      9728739f509ce0f3b3b073c945c208bf

      SHA1

      31bf207a650a7f1bbb8e90552891f1a6f4e4783b

      SHA256

      f252517c755af447fe73347dd23cd133e28c7a203d01382306a195c8ddda3dba

      SHA512

      76e963f4d1b88528ebbdbc375372889efffba4768f6a99bccce4c1faa730e9515f93fa74bd10bb61c0034f2ceb9ef85ee8234f9d13df183ffc7e163ae3dd38e7

      Download Submit

    • C:\Windows\SysWOW64\nqwclbvq.exe
      Filesize

      128KB

      MD5

      33be84de0fa03c6883fec2ead970e3ba

      SHA1

      dbe35ed4343779aa93200c24966ccb805e18f223

      SHA256

      ef0f2733bf476c4dc632a27627cb24681d552719aafcc969eec5db1a90996887

      SHA512

      3e93ab8677009d404503e243038ae323b1bc55af56c8c53bd3d44f5313ed4383c987ccb1f1f0e86111fc36db67c7b1b76de4eb4b1c6742baadffd70d7dc6c093

      Download Submit

    • C:\Windows\SysWOW64\nqwclbvq.exe
      Filesize

      512KB

      MD5

      3048173708bc1378bbdc4827254de155

      SHA1

      cd4f0eb9a3282c0b8affec760517d6b7e7d02307

      SHA256

      77edc9a4cbde1c843281d9188998f9fb55d36a43d620a96bd5951babd4fdbc37

      SHA512

      4489b5e42d81e830dcfdf10bf4737cb4292cb99ba96b2dca7af4d94f1a13cfc150c3d7fda6407ed65569882ac7ba198c8f6da930dbc8b0700743d903ea641a32

      Download Submit

    • C:\Windows\SysWOW64\sliksfxzokyrd.exe
      Filesize

      512KB

      MD5

      4a2bc3b2a70737b7403702d0a18cc48d

      SHA1

      e6beed59dca45b1b9d6ba64e1c7ab84ece0b9854

      SHA256

      7365c956b0f3ba1bcf0dc6fd27f58cf3efdd94d2a4b2c0498cfaf33c8d580729

      SHA512

      00cf9a08a79cba2ee1f49338e19f094568b085d2cf571c443eb13c177ad6e8d621b784d219cea93d21a078d8b0560a7a95a1557a1fad801d7a1ae63a473ad585

      Download Submit

    • C:\Windows\SysWOW64\stggqcnsamxicsm.exe
      Filesize

      320KB

      MD5

      40eccbf82b7b8fc916befc4f91646a41

      SHA1

      9b26728b4c732bfeb504f70ab523d90def972d37

      SHA256

      1dc118e41bf637830be03d9bfe6d57960cf8dc9dbe9c8302a78e3406285bbaaa

      SHA512

      4714d4a188098bfac7feb042ef4c6f0236e826c335c740df7f47d60f0e70d50c5eeaf73e1b94afb0408bd8c6b5ef6fa9d49577a6ac214ce115f4b6db0b341cdf

      Download Submit

    • C:\Windows\SysWOW64\stggqcnsamxicsm.exe
      Filesize

      512KB

      MD5

      2cc79ecac808188703441dde45e5ce10

      SHA1

      1e7933f514d6409fad947744eb6d3dd409c82bcb

      SHA256

      8a11fabfb7e6d1d9024ccd00909dfd14b0ad6969d711d7d8983268319beed01c

      SHA512

      01ecae66aaa9b45421246bef4ce62c4389e5f4e8096383dace5fb537408e56b9f550f5d40068419c4323b6a5bb018f3605239ebe415e71eca0817776741976a8

      Download Submit

    • C:\Windows\mydoc.rtf
      Filesize

      223B

      MD5

      06604e5941c126e2e7be02c5cd9f62ec

      SHA1

      4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

      SHA256

      85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

      SHA512

      803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

      Download Submit

    • \??\c:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
      Filesize

      512KB

      MD5

      f6a580fde25e003862be2e7f8e9cc277

      SHA1

      685b042110e9d99001cf0afb13bffdae8283d2ac

      SHA256

      8781edd881e302a2a9cec77ee571a64453b1ac30e23b64ad148edc7f28c4e761

      SHA512

      00fdc83a925506189c8f663ee48bb47852b4e6ca19cf6fa4482a4e2d12c97df786f8b6773cc5ec82d542dc76e5aea75e74f72a0d27e1f388c14ab7cafe8f4ef1

      Download Submit

    • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
      Filesize

      512KB

      MD5

      d3248f9e4dfacfa619e575e08d3bcb79

      SHA1

      49c77dac8b790461c66b6310d9adb4102efbdc4b

      SHA256

      34a61a7378af783b82b16a7698d800e7385b61675f790a44680a0a9096b131ac

      SHA512

      7d330c6adf0a93b821d4385b6e026638c37c9e07d5902bc080a7c3d6ad3e80898d0d82dc63121996e63fb449b559a157ca391a7522adbd36412679f12448222b

      Download Submit

    • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
      Filesize

      256KB

      MD5

      a6912481eb039ab8ce8e65eefa5ac57b

      SHA1

      5859f27fff5ebd524ebd24615ab41f86fba46f02

      SHA256

      660f3560eeba127d97ee2570ed1c2dacd357f42f6136589ecedd2aa3004dccb4

      SHA512

      8f3bd0fa20db122cacaaeb9cba2d755db7a1d51371da190ea9337429d514ebde3336cd55f2db82358e06fe8f7906f50cb1799cb494875e3e38f478640697db40

      Download Submit

    • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
      Filesize

      369KB

      MD5

      3c5c486fbdd0aea642584f27e2fcd8cc

      SHA1

      7562d442732a2ca5955dd4ba6ebabd6b2a665b25

      SHA256

      8d6fa60fd7c048f959f37ccfd586cc912ec20b4f9384e2e61efa4b60e70035de

      SHA512

      9978ac9b4390ce55be803b3f9711e8d5eb48df461685aeb0233bed5ba616b752f69ab1a51acefbb2b227c44ed1924d7bba3c39e02cc9f2e56bcc234efa2bc7c3

      Download Submit

    • memory/456-38-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-39-0x00007FFD1F2D0000-0x00007FFD1F2E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-48-0x00007FFD1CD90000-0x00007FFD1CDA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-43-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-42-0x00007FFD1F2D0000-0x00007FFD1F2E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-40-0x00007FFD1F2D0000-0x00007FFD1F2E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-94-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-80-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-81-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-41-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-47-0x00007FFD1CD90000-0x00007FFD1CDA0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-44-0x00007FFD1F2D0000-0x00007FFD1F2E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-129-0x00007FFD1F2D0000-0x00007FFD1F2E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-136-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-46-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-45-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-37-0x00007FFD1F2D0000-0x00007FFD1F2E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-130-0x00007FFD1F2D0000-0x00007FFD1F2E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-131-0x00007FFD1F2D0000-0x00007FFD1F2E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-133-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-132-0x00007FFD1F2D0000-0x00007FFD1F2E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/456-134-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/456-135-0x00007FFD5F250000-0x00007FFD5F445000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/620-0-0x0000000000400000-0x0000000000496000-memory.dmp

      Filesize

      600KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.