Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

cb58bf8100...4b.exe

windows7-x64

8

cb58bf8100...4b.exe

windows10-2004-x64

10

$_12_/Ufar...en.ps1

windows7-x64

3

$_12_/Ufar...en.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    31s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/10/2024, 02:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_12_/Ufarligheden.ps1

  • Size

    53KB

  • MD5

    81af4fd82b47873584f160fb4228293a

  • SHA1

    656b56b51ec006f0dd660a92a8d270d52ae4fb8d

  • SHA256

    f639169cb559cd1866363100feb43da1b170b708623f45b12c0a706e01561ab6

  • SHA512

    caa807605ec4b51dc27a2e2a5db33818cebc082c84893d6ea0b588a5d1a4bb80f49ce3d5dae96a1baaa25a64420a2455237ae3b1ee8e3765cb99987f775af406

  • SSDEEP

    768:RjrAVpqj8lMfQwOJ0dACRcJPBYIsp8+mIrOvpk7bql3p3ruLcuIxAPTa7uGAoeW9:RvYA8aYYIsp8+5YMOtU3hPTa7eo

Score
8/10
executionpersistence

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 5 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\$_12_\Ufarligheden.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:436
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:532
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4788
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4384
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:860
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2512
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5052
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:412
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3584
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3560
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:216
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:428
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:4008
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
          PID:2584
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4764
          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
            1⤵
              PID:800
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
                PID:2296
              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                1⤵
                  PID:2544
                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                  1⤵
                    PID:4884
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:5000
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4168
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:3464
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4536
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:4344
                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                              1⤵
                                PID:4880
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:216
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:1424
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:780
                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                      1⤵
                                        PID:4220
                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                        1⤵
                                          PID:3904
                                        • C:\Windows\explorer.exe
                                          explorer.exe
                                          1⤵
                                            PID:3200
                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                            1⤵
                                              PID:896
                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                              1⤵
                                                PID:3976
                                              • C:\Windows\explorer.exe
                                                explorer.exe
                                                1⤵
                                                  PID:3352
                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                  1⤵
                                                    PID:452
                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                    1⤵
                                                      PID:1564
                                                    • C:\Windows\explorer.exe
                                                      explorer.exe
                                                      1⤵
                                                        PID:1680
                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                        1⤵
                                                          PID:1720
                                                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                          1⤵
                                                            PID:4740
                                                          • C:\Windows\explorer.exe
                                                            explorer.exe
                                                            1⤵
                                                              PID:4780
                                                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                              1⤵
                                                                PID:2040
                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                1⤵
                                                                  PID:3904
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                    PID:3008
                                                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                    1⤵
                                                                      PID:5076
                                                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                      1⤵
                                                                        PID:3668
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:5024
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4136
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:1892
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:3280
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:3496
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                    PID:4336
                                                                                  • C:\Windows\explorer.exe
                                                                                    explorer.exe
                                                                                    1⤵
                                                                                      PID:4996
                                                                                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                      1⤵
                                                                                        PID:4084
                                                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                        1⤵
                                                                                          PID:1296
                                                                                        • C:\Windows\explorer.exe
                                                                                          explorer.exe
                                                                                          1⤵
                                                                                            PID:2304
                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                            1⤵
                                                                                              PID:4548
                                                                                            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                              1⤵
                                                                                                PID:3020
                                                                                              • C:\Windows\explorer.exe
                                                                                                explorer.exe
                                                                                                1⤵
                                                                                                  PID:1772
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                  1⤵
                                                                                                    PID:756
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:2216

                                                                                                    Network

                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      8.8.8.8.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      8.8.8.8.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                      8.8.8.8.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      dnsgoogle
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      209.205.72.20.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      209.205.72.20.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      79.190.18.2.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      79.190.18.2.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                      79.190.18.2.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      a2-18-190-79deploystaticakamaitechnologiescom
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      133.32.126.40.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      133.32.126.40.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      95.221.229.192.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      95.221.229.192.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      196.249.167.52.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      196.249.167.52.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      58.55.71.13.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      58.55.71.13.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      g.bing.com
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      g.bing.com
                                                                                                      IN A
                                                                                                      Response
                                                                                                      g.bing.com
                                                                                                      IN CNAME
                                                                                                      g-bing-com.ax-0001.ax-msedge.net
                                                                                                      g-bing-com.ax-0001.ax-msedge.net
                                                                                                      IN CNAME
                                                                                                      ax-0001.ax-msedge.net
                                                                                                      ax-0001.ax-msedge.net
                                                                                                      IN A
                                                                                                      150.171.27.10
                                                                                                      ax-0001.ax-msedge.net
                                                                                                      IN A
                                                                                                      150.171.28.10
                                                                                                    • flag-us
                                                                                                      GET
                                                                                                      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6ffa70ed9de46288426158ed6e26e3f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
                                                                                                      Remote address:
                                                                                                      150.171.27.10:443
                                                                                                      Request
                                                                                                      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6ffa70ed9de46288426158ed6e26e3f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
                                                                                                      host: g.bing.com
                                                                                                      accept-encoding: gzip, deflate
                                                                                                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                      Response
                                                                                                      HTTP/2.0 204
                                                                                                      cache-control: no-cache, must-revalidate
                                                                                                      pragma: no-cache
                                                                                                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                      set-cookie: MUID=3B3AF4B4A54E61443597E190A44860F5; domain=.bing.com; expires=Thu, 20-Nov-2025 02:40:10 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                      access-control-allow-origin: *
                                                                                                      x-cache: CONFIG_NOCACHE
                                                                                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                      x-msedge-ref: Ref A: FF70B7C0FBE545BCB329C3D71EDEE67A Ref B: LON601060108060 Ref C: 2024-10-26T02:40:10Z
                                                                                                      date: Sat, 26 Oct 2024 02:40:09 GMT
                                                                                                    • flag-us
                                                                                                      GET
                                                                                                      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f6ffa70ed9de46288426158ed6e26e3f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
                                                                                                      Remote address:
                                                                                                      150.171.27.10:443
                                                                                                      Request
                                                                                                      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f6ffa70ed9de46288426158ed6e26e3f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
                                                                                                      host: g.bing.com
                                                                                                      accept-encoding: gzip, deflate
                                                                                                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                      cookie: MUID=3B3AF4B4A54E61443597E190A44860F5
                                                                                                      Response
                                                                                                      HTTP/2.0 204
                                                                                                      cache-control: no-cache, must-revalidate
                                                                                                      pragma: no-cache
                                                                                                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                      set-cookie: MSPTC=96_e1YGCt6AzeiMAkwk0vTcKpEJkCuJYalmMHKLyDdo; domain=.bing.com; expires=Thu, 20-Nov-2025 02:40:10 GMT; path=/; Partitioned; secure; SameSite=None
                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                      access-control-allow-origin: *
                                                                                                      x-cache: CONFIG_NOCACHE
                                                                                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                      x-msedge-ref: Ref A: 69EFF00B62BF46ECB572EC294171F2AC Ref B: LON601060108060 Ref C: 2024-10-26T02:40:10Z
                                                                                                      date: Sat, 26 Oct 2024 02:40:09 GMT
                                                                                                    • flag-us
                                                                                                      GET
                                                                                                      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6ffa70ed9de46288426158ed6e26e3f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
                                                                                                      Remote address:
                                                                                                      150.171.27.10:443
                                                                                                      Request
                                                                                                      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6ffa70ed9de46288426158ed6e26e3f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid= HTTP/2.0
                                                                                                      host: g.bing.com
                                                                                                      accept-encoding: gzip, deflate
                                                                                                      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                                                                                      cookie: MUID=3B3AF4B4A54E61443597E190A44860F5; MSPTC=96_e1YGCt6AzeiMAkwk0vTcKpEJkCuJYalmMHKLyDdo
                                                                                                      Response
                                                                                                      HTTP/2.0 204
                                                                                                      cache-control: no-cache, must-revalidate
                                                                                                      pragma: no-cache
                                                                                                      expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                      access-control-allow-origin: *
                                                                                                      x-cache: CONFIG_NOCACHE
                                                                                                      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                      x-msedge-ref: Ref A: 719720241A4445BF9D69EA101FC0B37C Ref B: LON601060108060 Ref C: 2024-10-26T02:40:10Z
                                                                                                      date: Sat, 26 Oct 2024 02:40:10 GMT
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      50.23.12.20.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      50.23.12.20.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      15.164.165.52.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      15.164.165.52.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      172.214.232.199.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      172.214.232.199.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      43.229.111.52.in-addr.arpa
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      43.229.111.52.in-addr.arpa
                                                                                                      IN PTR
                                                                                                      Response
                                                                                                    • flag-us
                                                                                                      DNS
                                                                                                      tse1.mm.bing.net
                                                                                                      Remote address:
                                                                                                      8.8.8.8:53
                                                                                                      Request
                                                                                                      tse1.mm.bing.net
                                                                                                      IN A
                                                                                                      Response
                                                                                                      tse1.mm.bing.net
                                                                                                      IN CNAME
                                                                                                      mm-mm.bing.net.trafficmanager.net
                                                                                                      mm-mm.bing.net.trafficmanager.net
                                                                                                      IN CNAME
                                                                                                      ax-0001.ax-msedge.net
                                                                                                      ax-0001.ax-msedge.net
                                                                                                      IN A
                                                                                                      150.171.27.10
                                                                                                      ax-0001.ax-msedge.net
                                                                                                      IN A
                                                                                                      150.171.28.10
                                                                                                    • 150.171.27.10:443
                                                                                                      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6ffa70ed9de46288426158ed6e26e3f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=
                                                                                                      tls, http2
                                                                                                      2.0kB
                                                                                                       9.3kB
                                                                                                       22
                                                                                                      18

                                                                                                      HTTP Request

                                                                                                      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6ffa70ed9de46288426158ed6e26e3f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

                                                                                                      HTTP Response

                                                                                                      204

                                                                                                      HTTP Request

                                                                                                      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f6ffa70ed9de46288426158ed6e26e3f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

                                                                                                      HTTP Response

                                                                                                      204

                                                                                                      HTTP Request

                                                                                                      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f6ffa70ed9de46288426158ed6e26e3f&localId=w:E8C31A05-90CA-DE8F-A29D-2E3C02D092EA&deviceId=6966572651686081&anid=

                                                                                                      HTTP Response

                                                                                                      204
                                                                                                    • 150.171.27.10:443
                                                                                                      tse1.mm.bing.net
                                                                                                      tls
                                                                                                      125.9kB
                                                                                                       3.6MB
                                                                                                       2620
                                                                                                      2615
                                                                                                    • 150.171.27.10:443
                                                                                                      tse1.mm.bing.net
                                                                                                      tls
                                                                                                      1.2kB
                                                                                                       6.9kB
                                                                                                       15
                                                                                                      13
                                                                                                    • 150.171.27.10:443
                                                                                                      tse1.mm.bing.net
                                                                                                      tls
                                                                                                      1.2kB
                                                                                                       6.9kB
                                                                                                       15
                                                                                                      13
                                                                                                    • 150.171.27.10:443
                                                                                                      tse1.mm.bing.net
                                                                                                      tls
                                                                                                      1.2kB
                                                                                                       6.9kB
                                                                                                       15
                                                                                                      13
                                                                                                    • 150.171.27.10:443
                                                                                                      tse1.mm.bing.net
                                                                                                      tls
                                                                                                      1.2kB
                                                                                                       6.9kB
                                                                                                       15
                                                                                                      13
                                                                                                    • 8.8.8.8:53
                                                                                                      8.8.8.8.in-addr.arpa
                                                                                                      dns
                                                                                                      66 B
                                                                                                       90 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      8.8.8.8.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      209.205.72.20.in-addr.arpa
                                                                                                      dns
                                                                                                      72 B
                                                                                                       158 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      209.205.72.20.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      79.190.18.2.in-addr.arpa
                                                                                                      dns
                                                                                                      70 B
                                                                                                       133 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      79.190.18.2.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      133.32.126.40.in-addr.arpa
                                                                                                      dns
                                                                                                      72 B
                                                                                                       158 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      133.32.126.40.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      95.221.229.192.in-addr.arpa
                                                                                                      dns
                                                                                                      73 B
                                                                                                       144 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      95.221.229.192.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      196.249.167.52.in-addr.arpa
                                                                                                      dns
                                                                                                      73 B
                                                                                                       147 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      196.249.167.52.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      58.55.71.13.in-addr.arpa
                                                                                                      dns
                                                                                                      70 B
                                                                                                       144 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      58.55.71.13.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      g.bing.com
                                                                                                      dns
                                                                                                      56 B
                                                                                                       148 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      g.bing.com

                                                                                                      DNS Response

                                                                                                      150.171.27.10
                                                                                                      150.171.28.10

                                                                                                    • 8.8.8.8:53
                                                                                                      50.23.12.20.in-addr.arpa
                                                                                                      dns
                                                                                                      70 B
                                                                                                       156 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      50.23.12.20.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      15.164.165.52.in-addr.arpa
                                                                                                      dns
                                                                                                      72 B
                                                                                                       146 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      15.164.165.52.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      172.214.232.199.in-addr.arpa
                                                                                                      dns
                                                                                                      74 B
                                                                                                       128 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      172.214.232.199.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      43.229.111.52.in-addr.arpa
                                                                                                      dns
                                                                                                      72 B
                                                                                                       158 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      43.229.111.52.in-addr.arpa

                                                                                                    • 8.8.8.8:53
                                                                                                      tse1.mm.bing.net
                                                                                                      dns
                                                                                                      62 B
                                                                                                       170 B
                                                                                                       1
                                                                                                      1

                                                                                                      DNS Request

                                                                                                      tse1.mm.bing.net

                                                                                                      DNS Response

                                                                                                      150.171.27.10
                                                                                                      150.171.28.10

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                      Filesize

                                                                                                      471B

                                                                                                      MD5

                                                                                                      510dd14c4da57074904ab3760c0d999d

                                                                                                      SHA1

                                                                                                      887f37d2cf053118279acaf6c051ef54973f0027

                                                                                                      SHA256

                                                                                                      4faed0cfb3c0d29215bf5f5ffa601292a5660bb4c49b659f8c4def2521e0844c

                                                                                                      SHA512

                                                                                                      b85675112f4b12cea146e616056cc59b34570d65d57538ed1c001dc76d4901756e2b85743504f7ba0037c01c10172b069b3a6992e470288b807961a2d4cfc6d3

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04
                                                                                                      Filesize

                                                                                                      412B

                                                                                                      MD5

                                                                                                      d6636ae9c788bcbd67d9a3dd789e871e

                                                                                                      SHA1

                                                                                                      d99622701bcb82a38c87debf03df1d8205e7398a

                                                                                                      SHA256

                                                                                                      42adc42599a91940ac0e446a50e0acda3d7db80075d4a3f6adc6ffdea8f1f989

                                                                                                      SHA512

                                                                                                      9b18a07ebb6ab81455b50b44e14dad40a87c265cb5c3b2b9763a4c8f28fbce3a06bc431e9ceb32bd3616ab76c90cd9a67b1ac1206d9ea22ddaf389cf0530cf90

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      0e73eb7f62702d55fde5a426254c372e

                                                                                                      SHA1

                                                                                                      bfcc4a97268f68c6fcf81fcca0094ffee48b9bd8

                                                                                                      SHA256

                                                                                                      a190457e5b95197333ffa62962a98331f8fad90037d5af5997b43e138aea55f1

                                                                                                      SHA512

                                                                                                      e3d7e1fb74145913b3d26e353e528d2bab66b14a89780a9875bb4d0ab1146ffc38086df1bd0600548d194f164698def8ac3f6e5cab5173d04ba1c3ee4b517b6f

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133743839987749062.txt
                                                                                                      Filesize

                                                                                                      75KB

                                                                                                      MD5

                                                                                                      c89a3fafade8e64909dabbcbf9962835

                                                                                                      SHA1

                                                                                                      8eef915df2b8361f7285f3b83c71b28a2d4794b6

                                                                                                      SHA256

                                                                                                      d6a43f3735ca21e6e5d09653ea1ad33b5c06122346e831a878a0332b52cd2916

                                                                                                      SHA512

                                                                                                      692e907ecdc2c26af877258e3ca19fdc6df2b97902a737c0a78c0c81171603669337f941d485cdb475bf20cb016cb3b4ae0302df096811c270f2c96b58364357

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\2CFNWDLC\microsoft.windows[1].xml
                                                                                                      Filesize

                                                                                                      97B

                                                                                                      MD5

                                                                                                      539db492f33fccee9be530dd0bf34a46

                                                                                                      SHA1

                                                                                                      650b2a3583d6c9499b4ed73e9a5dca37f342a50e

                                                                                                      SHA256

                                                                                                      f6d425aad05b46e77b53e5737c85f4ceab6531e773ea87eb985754be5ec19999

                                                                                                      SHA512

                                                                                                      9328f2fa286b4a9ca6ae57ddd9fca0b1140e5f68a5e143fd8ae6ea212a1af5d7b6b2289c324fa9480ca8d2e6d3b0cf7115611a56a3a161c5ad2f988f6ae62a0a

                                                                                                      Download Submit

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oykbmmmh.l5j.ps1
                                                                                                      Filesize

                                                                                                      60B

                                                                                                      MD5

                                                                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                                                                      SHA1

                                                                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                      SHA256

                                                                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                      SHA512

                                                                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                      Download Submit

                                                                                                    • memory/216-182-0x00000000042E0000-0x00000000042E1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/412-49-0x0000024CB6F20000-0x0000024CB6F40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/412-60-0x0000024CB7330000-0x0000024CB7350000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/412-38-0x0000024CB6F60000-0x0000024CB6F80000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/436-25-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-16-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-15-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-14-0x000001DF32740000-0x000001DF32764000-memory.dmp

                                                                                                      Filesize

                                                                                                      144KB

                                                                                                      Download

                                                                                                    • memory/436-13-0x000001DF32740000-0x000001DF3276A000-memory.dmp

                                                                                                      Filesize

                                                                                                      168KB

                                                                                                      Download

                                                                                                    • memory/436-26-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-6-0x000001DF31940000-0x000001DF31962000-memory.dmp

                                                                                                      Filesize

                                                                                                      136KB

                                                                                                      Download

                                                                                                    • memory/436-23-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-22-0x00007FFC72ED3000-0x00007FFC72ED5000-memory.dmp

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      Download

                                                                                                    • memory/436-24-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-12-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-11-0x00007FFC72ED0000-0x00007FFC73991000-memory.dmp

                                                                                                      Filesize

                                                                                                      10.8MB

                                                                                                      Download

                                                                                                    • memory/436-0-0x00007FFC72ED3000-0x00007FFC72ED5000-memory.dmp

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      Download

                                                                                                    • memory/780-902-0x0000000004B60000-0x0000000004B61000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/800-330-0x000002406B200000-0x000002406B300000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/800-344-0x000002406C300000-0x000002406C320000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/800-362-0x000002406C710000-0x000002406C730000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/800-335-0x000002406C340000-0x000002406C360000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/800-331-0x000002406B200000-0x000002406B300000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1564-1232-0x0000025FFE700000-0x0000025FFE720000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1564-1200-0x0000025FFE340000-0x0000025FFE360000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1564-1212-0x0000025FFE300000-0x0000025FFE320000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/1564-1197-0x0000025FFD200000-0x0000025FFD300000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1564-1195-0x0000025FFD200000-0x0000025FFD300000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/1680-1345-0x0000000002130000-0x0000000002131000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/2296-480-0x0000000004360000-0x0000000004361000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/2512-32-0x0000000004160000-0x0000000004161000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/2584-329-0x0000000002500000-0x0000000002501000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3008-1629-0x0000000004C50000-0x0000000004C51000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3200-1048-0x0000000004580000-0x0000000004581000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3352-1193-0x00000000041A0000-0x00000000041A1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/3464-623-0x0000021C32A60000-0x0000021C32A80000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3464-632-0x0000021C32A20000-0x0000021C32A40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3464-640-0x0000021C32E30000-0x0000021C32E50000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3668-1632-0x000002DD3E000000-0x000002DD3E100000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/3904-1498-0x000002A6BE700000-0x000002A6BE800000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/3904-1496-0x000002A6BE700000-0x000002A6BE800000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/3904-1501-0x000002A6BFA40000-0x000002A6BFA60000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3904-1509-0x000002A6BFA00000-0x000002A6BFA20000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3904-910-0x000001DA03580000-0x000001DA035A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3904-938-0x000001DA03950000-0x000001DA03970000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3904-923-0x000001DA03540000-0x000001DA03560000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3904-1521-0x000002A6BFE00000-0x000002A6BFE20000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3976-1067-0x000001CDB9E70000-0x000001CDB9E90000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3976-1056-0x000001CDB9EB0000-0x000001CDB9ED0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/3976-1087-0x000001CDBA480000-0x000001CDBA4A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4008-184-0x0000022321C00000-0x0000022321D00000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/4008-190-0x0000022322B30000-0x0000022322B50000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4008-208-0x0000022323100000-0x0000022323120000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4008-198-0x0000022322AF0000-0x0000022322B10000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4536-756-0x0000000004D20000-0x0000000004D21000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4740-1347-0x000002EF4BB70000-0x000002EF4BC70000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/4740-1352-0x000002EF4CAD0000-0x000002EF4CAF0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4740-1370-0x000002EF4CA90000-0x000002EF4CAB0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4740-1375-0x000002EF4D0A0000-0x000002EF4D0C0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4780-1494-0x00000000048E0000-0x00000000048E1000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    • memory/4880-763-0x0000020E99080000-0x0000020E990A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4880-788-0x0000020E99450000-0x0000020E99470000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4880-776-0x0000020E99040000-0x0000020E99060000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4884-493-0x000002794C820000-0x000002794C840000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4884-482-0x000002794B700000-0x000002794B800000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/4884-487-0x000002794C860000-0x000002794C880000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4884-504-0x000002794CC20000-0x000002794CC40000-memory.dmp

                                                                                                      Filesize

                                                                                                      128KB

                                                                                                      Download

                                                                                                    • memory/4884-483-0x000002794B700000-0x000002794B800000-memory.dmp

                                                                                                      Filesize

                                                                                                      1024KB

                                                                                                      Download

                                                                                                    • memory/5000-616-0x0000000004C90000-0x0000000004C91000-memory.dmp

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      Download

                                                                                                    We care about your privacy.

                                                                                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.