Overview

overview

8

Static

static

1

بهجت �... ..mp4

windows11-21h2-x64

8

بهجت �... ..mp4

macos-10.15-amd64

4

Resubmissions

02/05/2024, 19:13 UTC

240502-xw2mzseb6s 8

02/05/2024, 19:06 UTC

240502-xr2gesea9w 8

02/05/2024, 19:03 UTC

240502-xqgqmaea7w 10

02/05/2024, 18:59 UTC

240502-xndwysga69 6

Analysis

  • max time kernel
    1782s
  • max time network
    1457s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02/05/2024, 19:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    بهجت صابر - من ميدان الكسميات ..mp4

  • Size

    1.9MB

  • MD5

    60134762845141c1071ba1134fa5d712

  • SHA1

    5f93f2ac13f1d2f4de8418b768b7953709c643a6

  • SHA256

    8f76628c5258074c8a43a644bab240c1b6b5d73851831580b328e4f5bec90687

  • SHA512

    2a6951e6601d515c1d84f3d5d81d27866b3df1999f65b341ca1021521a8584182dabfbac342cc68ef159a6e41c42459d5f3d479ed5653f465d51cf7a8391f33d

  • SSDEEP

    49152:54lDV2ACQ8GSpLt9ndqqgtqgtaKOWOHxomZjmQ8Z3:6lDV2ACJpvndPEqghOW0NjmJZ

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Drops desktop.ini file(s) 8 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 6 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\بهجت صابر - من ميدان الكسميات ..mp4"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\بهجت صابر - من ميدان الكسميات ..mp4"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1780
      • C:\Windows\SysWOW64\unregmp2.exe
        C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1636
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
          4⤵
          • Modifies Installed Components in the registry
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          PID:1556
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\بهجت صابر - من ميدان الكسميات ..mp4"
        3⤵
        • Drops desktop.ini file(s)
        • Enumerates connected drives
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:5068
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4576
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:3372
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2944
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:4696
    • C:\Windows\System32\oobe\UserOOBEBroker.exe
      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      PID:3500
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
      1⤵
        PID:5080
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
        1⤵
        • Drops file in Windows directory
        PID:1508
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E0
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3048

      Network

      • flag-us
        DNS
        79.190.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        79.190.18.2.in-addr.arpa
        IN PTR
        Response
        79.190.18.2.in-addr.arpa
        IN PTR
        a2-18-190-79deploystaticakamaitechnologiescom
      • flag-us
        DNS
        r.bing.com
        Remote address:
        8.8.8.8:53
        Request
        r.bing.com
        IN A
        Response
        r.bing.com
        IN CNAME
        p-static.bing.trafficmanager.net
        p-static.bing.trafficmanager.net
        IN CNAME
        r.bing.com.edgekey.net
        r.bing.com.edgekey.net
        IN CNAME
        e86303.dscx.akamaiedge.net
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.57
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.115
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.193
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.99
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.104
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.88
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.97
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.75
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.192
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        210.143.182.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        210.143.182.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        23.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        arc.msn.com
        Remote address:
        8.8.8.8:53
        Request
        arc.msn.com
        IN A
        Response
        arc.msn.com
        IN CNAME
        arc.trafficmanager.net
        arc.trafficmanager.net
        IN CNAME
        iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
        iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
        IN A
        20.223.35.26
      • flag-us
        DNS
        ctldl.windowsupdate.com
        Remote address:
        8.8.8.8:53
        Request
        ctldl.windowsupdate.com
        IN A
        Response
        ctldl.windowsupdate.com
        IN CNAME
        ctldl.windowsupdate.com.delivery.microsoft.com
        ctldl.windowsupdate.com.delivery.microsoft.com
        IN CNAME
        wu-b-net.trafficmanager.net
        wu-b-net.trafficmanager.net
        IN CNAME
        download.windowsupdate.com.edgesuite.net
        download.windowsupdate.com.edgesuite.net
        IN CNAME
        a767.dspw65.akamai.net
        a767.dspw65.akamai.net
        IN A
        2.18.190.79
        a767.dspw65.akamai.net
        IN A
        2.18.190.77
      • flag-us
        DNS
        26.35.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        26.35.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        cxcs.microsoft.net
        Remote address:
        8.8.8.8:53
        Request
        cxcs.microsoft.net
        IN A
        Response
        cxcs.microsoft.net
        IN CNAME
        cxcs.microsoft.net.edgekey.net
        cxcs.microsoft.net.edgekey.net
        IN CNAME
        e3230.b.akamaiedge.net
        e3230.b.akamaiedge.net
        IN A
        104.68.66.114
      • flag-us
        DNS
        155.61.62.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        155.61.62.23.in-addr.arpa
        IN PTR
        Response
        155.61.62.23.in-addr.arpa
        IN PTR
        a23-62-61-155deploystaticakamaitechnologiescom
      • flag-us
        DNS
        self.events.data.microsoft.com
        Remote address:
        8.8.8.8:53
        Request
        self.events.data.microsoft.com
        IN A
        Response
        self.events.data.microsoft.com
        IN CNAME
        self-events-data.trafficmanager.net
        self-events-data.trafficmanager.net
        IN CNAME
        onedscolprdcus02.centralus.cloudapp.azure.com
        onedscolprdcus02.centralus.cloudapp.azure.com
        IN A
        20.44.10.122
      • flag-us
        DNS
        c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa
        Remote address:
        8.8.8.8:53
        Request
        c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa
        IN PTR
        Response
      • flag-us
        DNS
        settings-win.data.microsoft.com
        Remote address:
        8.8.8.8:53
        Request
        settings-win.data.microsoft.com
        IN A
        Response
        settings-win.data.microsoft.com
        IN CNAME
        atm-settingsfe-prod-geo2.trafficmanager.net
        atm-settingsfe-prod-geo2.trafficmanager.net
        IN CNAME
        settings-prod-uks-2.uksouth.cloudapp.azure.com
        settings-prod-uks-2.uksouth.cloudapp.azure.com
        IN A
        20.49.150.241
      • flag-us
        DNS
        241.150.49.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        241.150.49.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        ctldl.windowsupdate.com
        Remote address:
        8.8.8.8:53
        Request
        ctldl.windowsupdate.com
        IN A
        Response
        ctldl.windowsupdate.com
        IN CNAME
        ctldl.windowsupdate.com.delivery.microsoft.com
        ctldl.windowsupdate.com.delivery.microsoft.com
        IN CNAME
        wu-b-net.trafficmanager.net
        wu-b-net.trafficmanager.net
        IN CNAME
        download.windowsupdate.com.edgesuite.net
        download.windowsupdate.com.edgesuite.net
        IN CNAME
        a767.dspw65.akamai.net
        a767.dspw65.akamai.net
        IN A
        2.18.190.79
        a767.dspw65.akamai.net
        IN A
        2.18.190.77
      • flag-us
        DNS
        musicmatch-ssl.xboxlive.com
        Remote address:
        8.8.8.8:53
        Request
        musicmatch-ssl.xboxlive.com
        IN A
        Response
        musicmatch-ssl.xboxlive.com
        IN CNAME
        musicmatch-ssl.xboxlive.com.edgekey.net
        musicmatch-ssl.xboxlive.com.edgekey.net
        IN CNAME
        e87.dspb.akamaiedge.net
        e87.dspb.akamaiedge.net
        IN A
        2.21.16.10
      • flag-us
        DNS
        10.16.21.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        10.16.21.2.in-addr.arpa
        IN PTR
        Response
        10.16.21.2.in-addr.arpa
        IN PTR
        a2-21-16-10deploystaticakamaitechnologiescom
      • flag-us
        DNS
        login.live.com
        Remote address:
        8.8.8.8:53
        Request
        login.live.com
        IN A
        Response
        login.live.com
        IN CNAME
        login.msa.msidentity.com
        login.msa.msidentity.com
        IN CNAME
        www.tm.lg.prod.aadmsa.trafficmanager.net
        www.tm.lg.prod.aadmsa.trafficmanager.net
        IN CNAME
        prdv4a.aadg.msidentity.com
        prdv4a.aadg.msidentity.com
        IN CNAME
        www.tm.v4.a.prd.aadg.trafficmanager.net
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.71
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        40.126.31.67
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.68
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.64
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        40.126.31.69
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.2
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        20.190.159.0
        www.tm.v4.a.prd.aadg.trafficmanager.net
        IN A
        40.126.31.73
      • flag-us
        DNS
        arc.msn.com
        Remote address:
        8.8.8.8:53
        Request
        arc.msn.com
        IN A
        Response
        arc.msn.com
        IN CNAME
        arc.trafficmanager.net
        arc.trafficmanager.net
        IN CNAME
        iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
        iris-de-prod-azsc-v2-neu-b.northeurope.cloudapp.azure.com
        IN A
        20.223.36.55
      • flag-us
        DNS
        71.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        71.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        www.bing.com
        Remote address:
        8.8.8.8:53
        Request
        www.bing.com
        IN A
        Response
        www.bing.com
        IN CNAME
        wwwprod.www-bing-com.akadns.net
        wwwprod.www-bing-com.akadns.net
        IN CNAME
        www.bing.com.edgekey.net
        www.bing.com.edgekey.net
        IN CNAME
        e86303.dscx.akamaiedge.net
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.113
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.75
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.57
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.89
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.97
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.88
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.193
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.72
        e86303.dscx.akamaiedge.net
        IN A
        23.62.61.56
      • flag-us
        DNS
        55.36.223.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        55.36.223.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        ris.api.iris.microsoft.com
        Remote address:
        8.8.8.8:53
        Request
        ris.api.iris.microsoft.com
        IN A
        Response
        ris.api.iris.microsoft.com
        IN CNAME
        ris-prod.trafficmanager.net
        ris-prod.trafficmanager.net
        IN CNAME
        asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
        asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
        IN A
        20.234.120.54
      • flag-us
        DNS
        54.120.234.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        54.120.234.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        ris.api.iris.microsoft.com
        Remote address:
        8.8.8.8:53
        Request
        ris.api.iris.microsoft.com
        IN A
        Response
        ris.api.iris.microsoft.com
        IN CNAME
        ris-prod.trafficmanager.net
        ris-prod.trafficmanager.net
        IN CNAME
        asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
        asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com
        IN A
        20.234.120.54
      • flag-us
        DNS
        113.61.62.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        113.61.62.23.in-addr.arpa
        IN PTR
        Response
        113.61.62.23.in-addr.arpa
        IN PTR
        a23-62-61-113deploystaticakamaitechnologiescom
      • flag-us
        DNS
        arc.msn.com
        Remote address:
        8.8.8.8:53
        Request
        arc.msn.com
        IN A
        Response
        arc.msn.com
        IN CNAME
        arc.trafficmanager.net
        arc.trafficmanager.net
        IN CNAME
        iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
        iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
        IN A
        20.223.35.26
      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        dual-a-0001.a-msedge.net
        dual-a-0001.a-msedge.net
        IN A
        204.79.197.200
        dual-a-0001.a-msedge.net
        IN A
        13.107.21.200
      • flag-us
        DNS
        200.197.79.204.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        200.197.79.204.in-addr.arpa
        IN PTR
        Response
        200.197.79.204.in-addr.arpa
        IN PTR
        a-0001a-msedgenet
      • flag-us
        DNS
        arc.msn.com
        Remote address:
        8.8.8.8:53
        Request
        arc.msn.com
        IN A
        Response
        arc.msn.com
        IN CNAME
        arc.trafficmanager.net
        arc.trafficmanager.net
        IN CNAME
        iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
        iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com
        IN A
        20.223.35.26
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 442324
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 2234B3449D294D0E8147DFB0BF78DB09 Ref B: LON04EDGE0816 Ref C: 2024-05-02T19:37:08Z
        date: Thu, 02 May 2024 19:37:07 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 394521
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 9CF6C017B1E94F44BDF599BC54D4C36F Ref B: LON04EDGE0816 Ref C: 2024-05-02T19:37:08Z
        date: Thu, 02 May 2024 19:37:07 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 664406
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 07C3D4919DE841A8AF53C39E55914321 Ref B: LON04EDGE0816 Ref C: 2024-05-02T19:37:08Z
        date: Thu, 02 May 2024 19:37:08 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 496166
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: ADC5ED6939144C339584AA07F3819E6D Ref B: LON04EDGE0816 Ref C: 2024-05-02T19:37:08Z
        date: Thu, 02 May 2024 19:37:08 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 682798
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 1065A82BAFF049ED966D8FBACEAAA23E Ref B: LON04EDGE0816 Ref C: 2024-05-02T19:37:08Z
        date: Thu, 02 May 2024 19:37:08 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        204.79.197.200:443
        Request
        GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 496229
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 9269EBBD101D4717ACDBB0151F8CD8D2 Ref B: LON04EDGE0816 Ref C: 2024-05-02T19:37:09Z
        date: Thu, 02 May 2024 19:37:08 GMT
      • 2.18.66.81:443
        www.bing.com
        tls
        33.9kB
         219.2kB
         235
        217
      • 23.62.61.57:443
        r.bing.com
        tls
        56.8kB
         1.6MB
         1183
        1166
      • 23.62.61.57:443
        r.bing.com
        tls
        1.2kB
         5.2kB
         16
        13
      • 23.62.61.57:443
        r.bing.com
        tls
        1.2kB
         5.2kB
         16
        13
      • 23.62.61.57:443
        r.bing.com
        tls
        1.2kB
         5.2kB
         16
        13
      • 23.62.61.57:443
        r.bing.com
        tls
        1.2kB
         5.2kB
         16
        13
      • 23.62.61.57:443
        r.bing.com
        tls
        1.2kB
         5.2kB
         16
        13
      • 52.182.143.210:443
        browser.pipe.aria.microsoft.com
        tls
        3.3kB
         7.5kB
         20
        14
      • 104.68.66.114:443
        cxcs.microsoft.net
        tls
        1.4kB
         7.4kB
         19
        16
      • 23.62.61.155:443
        www.bing.com
        tls
        2.0kB
         6.5kB
         20
        14
      • 2.21.16.10:443
        musicmatch-ssl.xboxlive.com
        tls
        wmplayer.exe
        3.5kB
         6.5kB
         17
        15
      • 23.62.61.113:443
        www.bing.com
        tls
        1.4kB
         11.6kB
         16
        17
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.1kB
         13
        14
      • 204.79.197.200:443
        https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        tls, http2
        52.0kB
         3.3MB
         1058
        2392

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.1kB
         13
        14
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.1kB
         8.1kB
         11
        13
      • 204.79.197.200:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         8.1kB
         14
        14
      • 8.8.8.8:53
        79.190.18.2.in-addr.arpa
        dns
        1.8kB
         4.8kB
         25
        25

        DNS Request

        79.190.18.2.in-addr.arpa

        DNS Request

        r.bing.com

        DNS Response

        23.62.61.57
        23.62.61.115
        23.62.61.193
        23.62.61.99
        23.62.61.104
        23.62.61.88
        23.62.61.97
        23.62.61.75
        23.62.61.192

        DNS Request

        95.221.229.192.in-addr.arpa

        DNS Request

        210.143.182.52.in-addr.arpa

        DNS Request

        23.236.111.52.in-addr.arpa

        DNS Request

        arc.msn.com

        DNS Response

        20.223.35.26

        DNS Request

        ctldl.windowsupdate.com

        DNS Response

        2.18.190.79
        2.18.190.77

        DNS Request

        26.35.223.20.in-addr.arpa

        DNS Request

        cxcs.microsoft.net

        DNS Response

        104.68.66.114

        DNS Request

        155.61.62.23.in-addr.arpa

        DNS Request

        self.events.data.microsoft.com

        DNS Response

        20.44.10.122

        DNS Request

        c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa

        DNS Request

        settings-win.data.microsoft.com

        DNS Response

        20.49.150.241

        DNS Request

        241.150.49.20.in-addr.arpa

        DNS Request

        ctldl.windowsupdate.com

        DNS Response

        2.18.190.79
        2.18.190.77

        DNS Request

        musicmatch-ssl.xboxlive.com

        DNS Response

        2.21.16.10

        DNS Request

        10.16.21.2.in-addr.arpa

        DNS Request

        login.live.com

        DNS Response

        20.190.159.71
        40.126.31.67
        20.190.159.68
        20.190.159.64
        40.126.31.69
        20.190.159.2
        20.190.159.0
        40.126.31.73

        DNS Request

        arc.msn.com

        DNS Response

        20.223.36.55

        DNS Request

        71.159.190.20.in-addr.arpa

        DNS Request

        www.bing.com

        DNS Response

        23.62.61.113
        23.62.61.75
        23.62.61.57
        23.62.61.89
        23.62.61.97
        23.62.61.88
        23.62.61.193
        23.62.61.72
        23.62.61.56

        DNS Request

        55.36.223.20.in-addr.arpa

        DNS Request

        ris.api.iris.microsoft.com

        DNS Response

        20.234.120.54

        DNS Request

        54.120.234.20.in-addr.arpa

        DNS Request

        ris.api.iris.microsoft.com

        DNS Response

        20.234.120.54

      • 8.8.8.8:53
        113.61.62.23.in-addr.arpa
        dns
        320 B
         764 B
         5
        5

        DNS Request

        113.61.62.23.in-addr.arpa

        DNS Request

        arc.msn.com

        DNS Response

        20.223.35.26

        DNS Request

        tse1.mm.bing.net

        DNS Response

        204.79.197.200
        13.107.21.200

        DNS Request

        200.197.79.204.in-addr.arpa

        DNS Request

        arc.msn.com

        DNS Response

        20.223.35.26

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
        Filesize

        64KB

        MD5

        066f6e5acfff197d12b550ef7d452d41

        SHA1

        aaa8cfa5a56519594490d069f31a42a15ca515a2

        SHA256

        cac3a8354c7766b4ce0900bf4d8097bf372ec405a6af4bba63a6d92132932a30

        SHA512

        21c3985bdc883b7c0fcdfb660a577eb03870943d9e812a24726158b6c06cc36b00425fdeafddcb099fddd1488173280563f7241c9589e69d04d1eb1b5daa786b

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
        Filesize

        1024KB

        MD5

        7dfdfb1f03c657f0df9706537d063bd2

        SHA1

        39e5007c2a6ae60b810781765f79167f9da286ff

        SHA256

        01fa38bd13520872e5a87a056139d91741a2e37ad986b87d611d12c9398dc7fb

        SHA512

        29d32610187353c1a20a24c69d099a1fa517d08a5f9104f2e13deb73c033e07de19e4aab9032e1da9c5bcba67b885ad900a36b3df8673a000a7886bd2448368b

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
        Filesize

        68KB

        MD5

        b7a41a175192a6d304522a2087a6663f

        SHA1

        195e470fc09b61284a94ff9324ee18c630a13dc8

        SHA256

        8f4d60ad612d507412c4034c5ee826dbf538a1cc783c2a7525c38194c02e3cfd

        SHA512

        401080b38530733b80399d247acb5e5f3da689a0b00ba0d5f23bc28bcead528ec891306df4506d49d23f3f19a4a994e4e2c3643f29b2903ea40bcf1b2c10240f

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
        Filesize

        9KB

        MD5

        7050d5ae8acfbe560fa11073fef8185d

        SHA1

        5bc38e77ff06785fe0aec5a345c4ccd15752560e

        SHA256

        cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

        SHA512

        a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
        Filesize

        1KB

        MD5

        fee6b9cc73cf0e019a3b28871beb4e88

        SHA1

        06db0e4bed3c0deff9b45f0127b6b4eb32f2ad1a

        SHA256

        276fba2c8667b806a1aed279d9902614a5dcc2d93a9e201a9f5410c67280c1c0

        SHA512

        cde2e4103cde367108b4b569fb208bdc403739c85881bd07810d88d0dfbbb652ae87197a32f02ca178dac784c16df65e5099055cb7d90148b6cfd2ae3057c927

        Download Submit

      • memory/5068-49-0x0000000003CE0000-0x0000000003CF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-48-0x0000000003CE0000-0x0000000003CF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-46-0x0000000003CE0000-0x0000000003CF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-47-0x0000000003CE0000-0x0000000003CF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-50-0x0000000005C50000-0x0000000005C60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-51-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-54-0x0000000003CE0000-0x0000000003CF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-53-0x0000000003CE0000-0x0000000003CF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-52-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-55-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-64-0x000000000BD50000-0x000000000BD60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-68-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-71-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-72-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-73-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-74-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-75-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-77-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-76-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-78-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-80-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-81-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-82-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-83-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-84-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-85-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-86-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-87-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-90-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-89-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-91-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-88-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-95-0x000000000BD50000-0x000000000BD60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-94-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-93-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-92-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-96-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-101-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-103-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-102-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-106-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-105-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-104-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-100-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-99-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-98-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-97-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-107-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-109-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-108-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-112-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-111-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-110-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-119-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-120-0x000000000BD50000-0x000000000BD60000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-118-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-117-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-116-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-121-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-115-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-114-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-113-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-122-0x000000000C1A0000-0x000000000C1B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5068-123-0x0000000007F30000-0x0000000007F40000-memory.dmp

        Filesize

        64KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.