Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 06:39 UTC

General

  • Target

    1C24TVT_00005055.pdf.jar

  • Size

    400KB

  • MD5

    0b6fbf92570074872a27c7c770e0df63

  • SHA1

    8e59ba98c196cd3c490ceffbadb3bacf5380d3fe

  • SHA256

    3546d4fa8249cfe559f61262d4914a3808ac7d9239d97ac91d57ef86c858b937

  • SHA512

    bae3b3ceef3d16386ef829d206cd94dd7c2e690d078720bbb5f1c57809569b2f6dd953764c1b8219558bfe7ae5df763fc4ccf7c789d90f562af545c03838f38f

  • SSDEEP

    12288:ujJmHTO5wfXjD5cnv7n3J3ijc3tP9iNSj:utiTO5OiL5fP9Q+

Malware Config

Signatures

  • STRRAT

    STRRAT is a remote access tool than can steal credentials and log keystrokes.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\1C24TVT_00005055.pdf.jar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Program Files\Java\jre-1.8\bin\java.exe
      "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\1C24TVT_00005055.pdf.jar"
      2⤵
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4940
      • C:\Windows\SYSTEM32\cmd.exe
        cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\1C24TVT_00005055.pdf.jar"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:5100
        • C:\Windows\system32\schtasks.exe
          schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\1C24TVT_00005055.pdf.jar"
          4⤵
          • Scheduled Task/Job: Scheduled Task
          PID:4712
      • C:\Program Files\Java\jre-1.8\bin\java.exe
        "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\1C24TVT_00005055.pdf.jar"
        3⤵
        • Loads dropped DLL
        PID:4804

Network

  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    DNS
    github.com
    java.exe
    Remote address:
    8.8.8.8:53
    Request
    github.com
    IN A
    Response
    github.com
    IN A
    20.26.156.215
  • flag-us
    DNS
    repo1.maven.org
    java.exe
    Remote address:
    8.8.8.8:53
    Request
    repo1.maven.org
    IN A
    Response
    repo1.maven.org
    IN CNAME
    dualstack.sonatype.map.fastly.net
    dualstack.sonatype.map.fastly.net
    IN A
    199.232.192.209
    dualstack.sonatype.map.fastly.net
    IN A
    199.232.196.209
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=2860685A7CC86825264A7C9F7DEF6970; domain=.bing.com; expires=Sun, 17-Aug-2025 06:39:34 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 25E9BDF1DFBA4421A85B4261777B5C9D Ref B: LON04EDGE0622 Ref C: 2024-07-23T06:39:34Z
    date: Tue, 23 Jul 2024 06:39:34 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2860685A7CC86825264A7C9F7DEF6970
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=ILdroKaG72LaM8vGVP0BvouoNiIeufyW5U3lYbxW35g; domain=.bing.com; expires=Sun, 17-Aug-2025 06:39:34 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E7997E87BDF84A62BC9D4FB140110B70 Ref B: LON04EDGE0622 Ref C: 2024-07-23T06:39:34Z
    date: Tue, 23 Jul 2024 06:39:34 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=2860685A7CC86825264A7C9F7DEF6970; MSPTC=ILdroKaG72LaM8vGVP0BvouoNiIeufyW5U3lYbxW35g
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2D7CA59278B14CA79B83C84BD488FDD8 Ref B: LON04EDGE0622 Ref C: 2024-07-23T06:39:34Z
    date: Tue, 23 Jul 2024 06:39:34 GMT
  • flag-us
    DNS
    objects.githubusercontent.com
    java.exe
    Remote address:
    8.8.8.8:53
    Request
    objects.githubusercontent.com
    IN A
    Response
    objects.githubusercontent.com
    IN A
    185.199.110.133
    objects.githubusercontent.com
    IN A
    185.199.109.133
    objects.githubusercontent.com
    IN A
    185.199.111.133
    objects.githubusercontent.com
    IN A
    185.199.108.133
  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.192.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.192.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    215.156.26.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    215.156.26.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.110.199.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.110.199.185.in-addr.arpa
    IN PTR
    Response
    133.110.199.185.in-addr.arpa
    IN PTR
    cdn-185-199-110-133githubcom
  • flag-us
    DNS
    21.ip.gl.ply.gg
    java.exe
    Remote address:
    8.8.8.8:53
    Request
    21.ip.gl.ply.gg
    IN A
    Response
    21.ip.gl.ply.gg
    IN A
    147.185.221.21
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    192.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    192.142.123.92.in-addr.arpa
    IN PTR
    Response
    192.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-192deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
  • flag-us
    DNS
    138.201.86.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.201.86.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388045_10YSQ8K0BZLEAZQJ2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388045_10YSQ8K0BZLEAZQJ2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 706510
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 70ABCD52CED547A19AB6CD72C45E5001 Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:09Z
    date: Tue, 23 Jul 2024 06:40:08 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 432445
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 92B1378DFE414917B92009FD40D1BC76 Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:09Z
    date: Tue, 23 Jul 2024 06:40:08 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 645633
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 436564E77FAD4B228824AEAC42B09041 Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:09Z
    date: Tue, 23 Jul 2024 06:40:08 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388044_1386ER2SMV9FN565Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388044_1386ER2SMV9FN565Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 574268
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7F2230D665214B12ADF62EBE43DC06FE Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:09Z
    date: Tue, 23 Jul 2024 06:40:08 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 679925
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 57723D0B0FB44902AFD3E9637588681E Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:09Z
    date: Tue, 23 Jul 2024 06:40:08 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 797704
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EC2579CC9C8840B88F217D546EE8E320 Ref B: LON04EDGE1016 Ref C: 2024-07-23T06:40:10Z
    date: Tue, 23 Jul 2024 06:40:09 GMT
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
    Response
    73.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-73deploystaticakamaitechnologiescom
  • flag-us
    DNS
    73.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.144.22.2.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    43.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.229.111.52.in-addr.arpa
    IN PTR
    Response
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=
    tls, http2
    2.0kB
    9.3kB
    21
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=109c185d7f4a417a83f650594349bb80&localId=w:29030E6B-39D2-65A0-5B93-B1D2300B7E50&deviceId=6825836757756773&anid=

    HTTP Response

    204
  • 199.232.192.209:443
    repo1.maven.org
    tls
    java.exe
    29.9kB
    1.6MB
    622
    1124
  • 199.232.192.209:443
    repo1.maven.org
    tls
    java.exe
    50.7kB
    2.8MB
    1055
    1991
  • 199.232.192.209:443
    repo1.maven.org
    tls
    java.exe
    77.9kB
    4.5MB
    1664
    3203
  • 20.26.156.215:443
    github.com
    tls
    java.exe
    1.4kB
    8.2kB
    16
    15
  • 185.199.110.133:443
    objects.githubusercontent.com
    tls
    java.exe
    15.1kB
    822.0kB
    303
    598
  • 147.185.221.21:5271
    21.ip.gl.ply.gg
    java.exe
    260 B
    5
  • 147.185.221.21:5271
    21.ip.gl.ply.gg
    java.exe
    260 B
    5
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    139.3kB
    4.0MB
    2892
    2887

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388045_10YSQ8K0BZLEAZQJ2&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301308_1V23M6H7DG8T3CRA5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388044_1386ER2SMV9FN565Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301717_1QD8K4REPRL31N6EW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 147.185.221.21:5271
    21.ip.gl.ply.gg
    java.exe
    260 B
    5
  • 147.185.221.21:5271
    21.ip.gl.ply.gg
    java.exe
    260 B
    5
  • 147.185.221.21:5271
    21.ip.gl.ply.gg
    java.exe
    260 B
    5
  • 147.185.221.21:5271
    21.ip.gl.ply.gg
    java.exe
    260 B
    5
  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    151 B
    1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    github.com
    dns
    java.exe
    56 B
    72 B
    1
    1

    DNS Request

    github.com

    DNS Response

    20.26.156.215

  • 8.8.8.8:53
    repo1.maven.org
    dns
    java.exe
    61 B
    140 B
    1
    1

    DNS Request

    repo1.maven.org

    DNS Response

    199.232.192.209
    199.232.196.209

  • 8.8.8.8:53
    objects.githubusercontent.com
    dns
    java.exe
    75 B
    139 B
    1
    1

    DNS Request

    objects.githubusercontent.com

    DNS Response

    185.199.110.133
    185.199.109.133
    185.199.111.133
    185.199.108.133

  • 8.8.8.8:53
    75.159.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    75.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
    143 B
    1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    209.192.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    209.192.232.199.in-addr.arpa

  • 8.8.8.8:53
    215.156.26.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    215.156.26.20.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    133.110.199.185.in-addr.arpa
    dns
    74 B
    118 B
    1
    1

    DNS Request

    133.110.199.185.in-addr.arpa

  • 8.8.8.8:53
    21.ip.gl.ply.gg
    dns
    java.exe
    61 B
    77 B
    1
    1

    DNS Request

    21.ip.gl.ply.gg

    DNS Response

    147.185.221.21

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    192.142.123.92.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    192.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    124 B
    170 B
    2
    1

    DNS Request

    tse1.mm.bing.net

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    138.201.86.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    138.201.86.20.in-addr.arpa

  • 8.8.8.8:53
    73.144.22.2.in-addr.arpa
    dns
    140 B
    133 B
    2
    1

    DNS Request

    73.144.22.2.in-addr.arpa

    DNS Request

    73.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    43.229.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    43.229.111.52.in-addr.arpa

  • 8.8.8.8:53

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

    Filesize

    46B

    MD5

    a113adc5713700d36befc14670b1969d

    SHA1

    211f18d976ae217a9536b807155f8e75d99058db

    SHA256

    7be184d46bf2471bc384cd1337fd9647311eda1d2089a7861795c40fa976e9db

    SHA512

    91e6600085f151ef839401fc7b23ee23a3318054d03af9cfb292ce82615532c7b62e721a8dfe9b86f17303be5740c881278b63fd800f91e7c6210187d4fdb484

  • C:\Users\Admin\1C24TVT_00005055.pdf.jar

    Filesize

    400KB

    MD5

    0b6fbf92570074872a27c7c770e0df63

    SHA1

    8e59ba98c196cd3c490ceffbadb3bacf5380d3fe

    SHA256

    3546d4fa8249cfe559f61262d4914a3808ac7d9239d97ac91d57ef86c858b937

    SHA512

    bae3b3ceef3d16386ef829d206cd94dd7c2e690d078720bbb5f1c57809569b2f6dd953764c1b8219558bfe7ae5df763fc4ccf7c789d90f562af545c03838f38f

  • C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna6284557707520174982.dll

    Filesize

    241KB

    MD5

    e02979ecd43bcc9061eb2b494ab5af50

    SHA1

    3122ac0e751660f646c73b10c4f79685aa65c545

    SHA256

    a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a

    SHA512

    1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

  • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2636447293-1148739154-93880854-1000\83aa4cc77f591dfc2374580bbd95f6ba_1d0c136d-d77c-4455-9382-3336e2df950b

    Filesize

    45B

    MD5

    c8366ae350e7019aefc9d1e6e6a498c6

    SHA1

    5731d8a3e6568a5f2dfbbc87e3db9637df280b61

    SHA256

    11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

    SHA512

    33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

  • C:\Users\Admin\lib\jna-5.5.0.jar

    Filesize

    1.4MB

    MD5

    acfb5b5fd9ee10bf69497792fd469f85

    SHA1

    0e0845217c4907822403912ad6828d8e0b256208

    SHA256

    b308faebfe4ed409de8410e0a632d164b2126b035f6eacff968d3908cafb4d9e

    SHA512

    e52575f58a195ceb3bd16b9740eadf5bc5b1d4d63c0734e8e5fd1d1776aa2d068d2e4c7173b83803f95f72c0a6759ae1c9b65773c734250d4cfcdf47a19f82aa

  • C:\Users\Admin\lib\jna-platform-5.5.0.jar

    Filesize

    2.6MB

    MD5

    2f4a99c2758e72ee2b59a73586a2322f

    SHA1

    af38e7c4d0fc73c23ecd785443705bfdee5b90bf

    SHA256

    24d81621f82ac29fcdd9a74116031f5907a2343158e616f4573bbfa2434ae0d5

    SHA512

    b860459a0d3bf7ccb600a03aa1d2ac0358619ee89b2b96ed723541e182b6fdab53aefef7992acb4e03fca67aa47cbe3907b1e6060a60b57ed96c4e00c35c7494

  • C:\Users\Admin\lib\sqlite-jdbc-3.14.2.1.jar

    Filesize

    4.1MB

    MD5

    b33387e15ab150a7bf560abdc73c3bec

    SHA1

    66b8075784131f578ef893fd7674273f709b9a4c

    SHA256

    2eae3dea1c3dde6104c49f9601074b6038ff6abcf3be23f4b56f6720a4f6a491

    SHA512

    25cfb0d6ce35d0bcb18527d3aa12c63ecb2d9c1b8b78805d1306e516c13480b79bb0d74730aa93bd1752f9ac2da9fdd51781c48844cea2fd52a06c62852c8279

  • C:\Users\Admin\lib\system-hook-3.5.jar

    Filesize

    772KB

    MD5

    e1aa38a1e78a76a6de73efae136cdb3a

    SHA1

    c463da71871f780b2e2e5dba115d43953b537daf

    SHA256

    2ddda8af6faef8bde46acf43ec546603180bcf8dcb2e5591fff8ac9cd30b5609

    SHA512

    fee16fe9364926ec337e52f551fd62ed81984808a847de2fd68ff29b6c5da0dcc04ef6d8977f0fe675662a7d2ea1065cdcdd2a5259446226a7c7c5516bd7d60d

  • memory/2196-110-0x0000021180490000-0x00000211804A0000-memory.dmp

    Filesize

    64KB

  • memory/2196-184-0x00000211802D0000-0x00000211802E0000-memory.dmp

    Filesize

    64KB

  • memory/2196-21-0x00000211802A0000-0x00000211802B0000-memory.dmp

    Filesize

    64KB

  • memory/2196-23-0x00000211802C0000-0x00000211802D0000-memory.dmp

    Filesize

    64KB

  • memory/2196-26-0x00000211802D0000-0x00000211802E0000-memory.dmp

    Filesize

    64KB

  • memory/2196-27-0x00000211802E0000-0x00000211802F0000-memory.dmp

    Filesize

    64KB

  • memory/2196-29-0x00000211802F0000-0x0000021180300000-memory.dmp

    Filesize

    64KB

  • memory/2196-36-0x0000021180000000-0x0000021180270000-memory.dmp

    Filesize

    2.4MB

  • memory/2196-37-0x0000021180320000-0x0000021180330000-memory.dmp

    Filesize

    64KB

  • memory/2196-35-0x0000021180310000-0x0000021180320000-memory.dmp

    Filesize

    64KB

  • memory/2196-43-0x0000021180350000-0x0000021180360000-memory.dmp

    Filesize

    64KB

  • memory/2196-42-0x0000021180340000-0x0000021180350000-memory.dmp

    Filesize

    64KB

  • memory/2196-41-0x0000021180330000-0x0000021180340000-memory.dmp

    Filesize

    64KB

  • memory/2196-33-0x0000021180300000-0x0000021180310000-memory.dmp

    Filesize

    64KB

  • memory/2196-47-0x0000021180370000-0x0000021180380000-memory.dmp

    Filesize

    64KB

  • memory/2196-46-0x0000021180360000-0x0000021180370000-memory.dmp

    Filesize

    64KB

  • memory/2196-45-0x0000021180270000-0x0000021180280000-memory.dmp

    Filesize

    64KB

  • memory/2196-55-0x0000021180380000-0x0000021180390000-memory.dmp

    Filesize

    64KB

  • memory/2196-54-0x0000021180280000-0x0000021180290000-memory.dmp

    Filesize

    64KB

  • memory/2196-57-0x0000021180290000-0x00000211802A0000-memory.dmp

    Filesize

    64KB

  • memory/2196-58-0x0000021180390000-0x00000211803A0000-memory.dmp

    Filesize

    64KB

  • memory/2196-61-0x00000211802A0000-0x00000211802B0000-memory.dmp

    Filesize

    64KB

  • memory/2196-64-0x00000211803B0000-0x00000211803C0000-memory.dmp

    Filesize

    64KB

  • memory/2196-63-0x00000211803A0000-0x00000211803B0000-memory.dmp

    Filesize

    64KB

  • memory/2196-59-0x00000211FFE00000-0x00000211FFE01000-memory.dmp

    Filesize

    4KB

  • memory/2196-62-0x00000211802B0000-0x00000211802C0000-memory.dmp

    Filesize

    64KB

  • memory/2196-70-0x00000211803D0000-0x00000211803E0000-memory.dmp

    Filesize

    64KB

  • memory/2196-73-0x00000211803E0000-0x00000211803F0000-memory.dmp

    Filesize

    64KB

  • memory/2196-72-0x00000211802E0000-0x00000211802F0000-memory.dmp

    Filesize

    64KB

  • memory/2196-71-0x00000211802D0000-0x00000211802E0000-memory.dmp

    Filesize

    64KB

  • memory/2196-79-0x0000021180400000-0x0000021180410000-memory.dmp

    Filesize

    64KB

  • memory/2196-78-0x00000211803F0000-0x0000021180400000-memory.dmp

    Filesize

    64KB

  • memory/2196-77-0x0000021180310000-0x0000021180320000-memory.dmp

    Filesize

    64KB

  • memory/2196-76-0x00000211802F0000-0x0000021180300000-memory.dmp

    Filesize

    64KB

  • memory/2196-68-0x00000211802C0000-0x00000211802D0000-memory.dmp

    Filesize

    64KB

  • memory/2196-69-0x00000211803C0000-0x00000211803D0000-memory.dmp

    Filesize

    64KB

  • memory/2196-83-0x0000021180300000-0x0000021180310000-memory.dmp

    Filesize

    64KB

  • memory/2196-84-0x0000021180410000-0x0000021180420000-memory.dmp

    Filesize

    64KB

  • memory/2196-89-0x0000021180420000-0x0000021180430000-memory.dmp

    Filesize

    64KB

  • memory/2196-88-0x0000021180330000-0x0000021180340000-memory.dmp

    Filesize

    64KB

  • memory/2196-87-0x0000021180320000-0x0000021180330000-memory.dmp

    Filesize

    64KB

  • memory/2196-94-0x0000021180430000-0x0000021180440000-memory.dmp

    Filesize

    64KB

  • memory/2196-93-0x0000021180350000-0x0000021180360000-memory.dmp

    Filesize

    64KB

  • memory/2196-92-0x0000021180340000-0x0000021180350000-memory.dmp

    Filesize

    64KB

  • memory/2196-98-0x0000021180360000-0x0000021180370000-memory.dmp

    Filesize

    64KB

  • memory/2196-99-0x0000021180370000-0x0000021180380000-memory.dmp

    Filesize

    64KB

  • memory/2196-101-0x0000021180450000-0x0000021180460000-memory.dmp

    Filesize

    64KB

  • memory/2196-100-0x0000021180440000-0x0000021180450000-memory.dmp

    Filesize

    64KB

  • memory/2196-106-0x0000021180380000-0x0000021180390000-memory.dmp

    Filesize

    64KB

  • memory/2196-17-0x0000021180290000-0x00000211802A0000-memory.dmp

    Filesize

    64KB

  • memory/2196-109-0x0000021180480000-0x0000021180490000-memory.dmp

    Filesize

    64KB

  • memory/2196-108-0x0000021180470000-0x0000021180480000-memory.dmp

    Filesize

    64KB

  • memory/2196-22-0x00000211802B0000-0x00000211802C0000-memory.dmp

    Filesize

    64KB

  • memory/2196-107-0x0000021180460000-0x0000021180470000-memory.dmp

    Filesize

    64KB

  • memory/2196-123-0x00000211FFE00000-0x00000211FFE01000-memory.dmp

    Filesize

    4KB

  • memory/2196-121-0x00000211803A0000-0x00000211803B0000-memory.dmp

    Filesize

    64KB

  • memory/2196-120-0x00000211804B0000-0x00000211804C0000-memory.dmp

    Filesize

    64KB

  • memory/2196-119-0x00000211804A0000-0x00000211804B0000-memory.dmp

    Filesize

    64KB

  • memory/2196-118-0x0000021180390000-0x00000211803A0000-memory.dmp

    Filesize

    64KB

  • memory/2196-122-0x00000211803B0000-0x00000211803C0000-memory.dmp

    Filesize

    64KB

  • memory/2196-127-0x00000211804C0000-0x00000211804D0000-memory.dmp

    Filesize

    64KB

  • memory/2196-126-0x00000211803D0000-0x00000211803E0000-memory.dmp

    Filesize

    64KB

  • memory/2196-125-0x00000211803C0000-0x00000211803D0000-memory.dmp

    Filesize

    64KB

  • memory/2196-130-0x00000211804D0000-0x00000211804E0000-memory.dmp

    Filesize

    64KB

  • memory/2196-129-0x00000211803E0000-0x00000211803F0000-memory.dmp

    Filesize

    64KB

  • memory/2196-132-0x00000211803F0000-0x0000021180400000-memory.dmp

    Filesize

    64KB

  • memory/2196-133-0x0000021180400000-0x0000021180410000-memory.dmp

    Filesize

    64KB

  • memory/2196-136-0x00000211FFE00000-0x00000211FFE01000-memory.dmp

    Filesize

    4KB

  • memory/2196-135-0x00000211804E0000-0x00000211804F0000-memory.dmp

    Filesize

    64KB

  • memory/2196-138-0x00000211804F0000-0x0000021180500000-memory.dmp

    Filesize

    64KB

  • memory/2196-137-0x0000021180410000-0x0000021180420000-memory.dmp

    Filesize

    64KB

  • memory/2196-141-0x0000021180420000-0x0000021180430000-memory.dmp

    Filesize

    64KB

  • memory/2196-142-0x0000021180500000-0x0000021180510000-memory.dmp

    Filesize

    64KB

  • memory/2196-144-0x0000021180430000-0x0000021180440000-memory.dmp

    Filesize

    64KB

  • memory/2196-145-0x0000021180510000-0x0000021180520000-memory.dmp

    Filesize

    64KB

  • memory/2196-147-0x0000021180440000-0x0000021180450000-memory.dmp

    Filesize

    64KB

  • memory/2196-149-0x0000021180520000-0x0000021180530000-memory.dmp

    Filesize

    64KB

  • memory/2196-148-0x0000021180450000-0x0000021180460000-memory.dmp

    Filesize

    64KB

  • memory/2196-151-0x00000211FFE00000-0x00000211FFE01000-memory.dmp

    Filesize

    4KB

  • memory/2196-159-0x0000021180490000-0x00000211804A0000-memory.dmp

    Filesize

    64KB

  • memory/2196-160-0x0000021180530000-0x0000021180540000-memory.dmp

    Filesize

    64KB

  • memory/2196-158-0x0000021180480000-0x0000021180490000-memory.dmp

    Filesize

    64KB

  • memory/2196-157-0x0000021180470000-0x0000021180480000-memory.dmp

    Filesize

    64KB

  • memory/2196-156-0x0000021180460000-0x0000021180470000-memory.dmp

    Filesize

    64KB

  • memory/2196-161-0x0000021180540000-0x0000021180550000-memory.dmp

    Filesize

    64KB

  • memory/2196-165-0x00000211804A0000-0x00000211804B0000-memory.dmp

    Filesize

    64KB

  • memory/2196-166-0x0000021180550000-0x0000021180560000-memory.dmp

    Filesize

    64KB

  • memory/2196-169-0x00000211FFE00000-0x00000211FFE01000-memory.dmp

    Filesize

    4KB

  • memory/2196-173-0x00000211804B0000-0x00000211804C0000-memory.dmp

    Filesize

    64KB

  • memory/2196-175-0x00000211FFE00000-0x00000211FFE01000-memory.dmp

    Filesize

    4KB

  • memory/2196-177-0x00000211FFE00000-0x00000211FFE01000-memory.dmp

    Filesize

    4KB

  • memory/2196-179-0x0000021180270000-0x0000021180280000-memory.dmp

    Filesize

    64KB

  • memory/2196-178-0x0000021180280000-0x0000021180290000-memory.dmp

    Filesize

    64KB

  • memory/2196-187-0x0000021180300000-0x0000021180310000-memory.dmp

    Filesize

    64KB

  • memory/2196-186-0x00000211802F0000-0x0000021180300000-memory.dmp

    Filesize

    64KB

  • memory/2196-185-0x00000211802E0000-0x00000211802F0000-memory.dmp

    Filesize

    64KB

  • memory/2196-116-0x00000211FFE00000-0x00000211FFE01000-memory.dmp

    Filesize

    4KB

  • memory/2196-14-0x0000021180270000-0x0000021180280000-memory.dmp

    Filesize

    64KB

  • memory/2196-183-0x00000211802B0000-0x00000211802C0000-memory.dmp

    Filesize

    64KB

  • memory/2196-182-0x00000211802A0000-0x00000211802B0000-memory.dmp

    Filesize

    64KB

  • memory/2196-181-0x0000021180290000-0x00000211802A0000-memory.dmp

    Filesize

    64KB

  • memory/2196-180-0x0000021180000000-0x0000021180270000-memory.dmp

    Filesize

    2.4MB

  • memory/2196-2-0x0000021180000000-0x0000021180270000-memory.dmp

    Filesize

    2.4MB

  • memory/2196-15-0x0000021180280000-0x0000021180290000-memory.dmp

    Filesize

    64KB

  • memory/2196-11-0x00000211FFE00000-0x00000211FFE01000-memory.dmp

    Filesize

    4KB

  • memory/4804-330-0x000001298DFB0000-0x000001298DFB1000-memory.dmp

    Filesize

    4KB

  • memory/4940-233-0x0000020AA71E0000-0x0000020AA71E1000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.