asyncrat | c2b9108a7aedcb313f9df0d16cf1c52e9de3cae6afab5829f8c533924850efb7

Analysis

max time kernel
12s
max time network
153s
platform
windows10_x64
resource
win10v20201028
submitted
15-03-2021 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PO_21031566AF_pdf.jar
Size

477KB
MD5

0d5327616ab7b563c34ef9a5ab1892d6
SHA1

403df150f0a5ae27c837a6a70ed993a6633889b0
SHA256

c2b9108a7aedcb313f9df0d16cf1c52e9de3cae6afab5829f8c533924850efb7
SHA512

6790cbdc75999ae65ae1353fa529459d5240945ef86dadfe5aa6c55cd8e13c33bcdf1fb35fa627267ae0797c1caa2f86106b0f9336b25572fafac7e3f6891f6e

Score

10^/10

asyncrat ratty evasion persistence rat trojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.7B

chongmei33.publicvm.com:2703

chongmei33.publicvm.com:49703

chongmei33.publicvm.com:49746

185.165.153.116:2703

185.165.153.116:49703

185.165.153.116:49746

54.37.36.116:2703

54.37.36.116:49703

54.37.36.116:49746

185.244.30.92:2703

185.244.30.92:49703

185.244.30.92:49746

dongreg202020.duckdns.org:2703

dongreg202020.duckdns.org:49703

dongreg202020.duckdns.org:49746

178.33.222.241:2703

178.33.222.241:49703

178.33.222.241:49746

rahim321.duckdns.org:2703

rahim321.duckdns.org:49703

Mutex

AsyncMutex_6SI8OkPnk

Attributes

aes_key
hGScKRB0VrlS4WpFo0N7AmnZQApV4qsi
anti_detection
false
autorun
false
bdos
false
delay
FEB
host
chongmei33.publicvm.com,185.165.153.116,54.37.36.116,185.244.30.92,dongreg202020.duckdns.org,178.33.222.241,rahim321.duckdns.org,79.134.225.92,37.120.208.36,178.33.222.243,87.98.245.48
hwid
3
install_file
install_folder
%AppData%
mutex
AsyncMutex_6SI8OkPnk
pastebin_config
null
port
2703,49703,49746
version
0.5.7B

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat
Ratty
Ratty is an open source Java Remote Access Tool.
trojan rat ratty

Ratty Rat Payload 2 IoCs

resource	yara_rule
behavioral2/files/0x000100000001ab7b-11.dat	family_ratty
behavioral2/files/0x000200000001ab7e-18.dat	family_ratty

Turns off Windows Defender SpyNet reporting 2 TTPs
evasion

Disabling Security Tools
T1089

Modify Registry
T1112
Windows security bypass 2 TTPs
evasion trojan

Disabling Security Tools
T1089

Modify Registry
T1112

Async RAT payload 2 IoCs

rat

resource	yara_rule
behavioral2/memory/7932-894-0x0000000000400000-0x0000000000412000-memory.dmp	asyncrat
behavioral2/memory/7932-896-0x000000000040C91E-mapping.dmp	asyncrat

Detect jar appended to MSI 2 IoCs

resource	yara_rule
behavioral2/files/0x000100000001ab7b-11.dat	jar_in_msi
behavioral2/files/0x000200000001ab7e-18.dat	jar_in_msi

Nirsoft 6 IoCs

resource	yara_rule
behavioral2/files/0x000100000001ab87-24.dat	Nirsoft
behavioral2/files/0x000100000001ab87-25.dat	Nirsoft
behavioral2/files/0x000100000001ab87-27.dat	Nirsoft
behavioral2/files/0x000100000001ab8d-597.dat	Nirsoft
behavioral2/files/0x000100000001ab8d-613.dat	Nirsoft
behavioral2/files/0x000100000001ab8d-620.dat	Nirsoft

Executes dropped EXE 4 IoCs

pid	Process
3372	oq1N.exe
188	AdvancedRun.exe
416	AdvancedRun.exe
972	jVAPsorbdr.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IxVhFD18YESB.jar	javaw.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe	oq1N.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe	oq1N.exe

Loads dropped DLL 1 IoCs

pid	Process
1984	javaw.exe

Windows security modification 2 TTPs 12 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Real-Time Protection	oq1N.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	oq1N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Spynet	oq1N.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Spynet\SpyNetReporting = "0"	oq1N.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent = "0"	oq1N.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	oq1N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions	oq1N.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\oq1N.exe = "0"	oq1N.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe = "0"	oq1N.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe = "0"	oq1N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Exclusions\Paths	oq1N.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	oq1N.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run	REG.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\IxVhFD18YESB.jar = "C:\\Users\\Admin\\AppData\\Roaming\\IxVhFD18YESB.jar"	REG.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
8348	3372	WerFault.exe	77
9272	972	WerFault.exe	106

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
8324	timeout.exe
7428	timeout.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings	java.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	javaw.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	javaw.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
980	REG.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
188	AdvancedRun.exe
188	AdvancedRun.exe
188	AdvancedRun.exe
188	AdvancedRun.exe
416	AdvancedRun.exe
416	AdvancedRun.exe
416	AdvancedRun.exe
416	AdvancedRun.exe
984	powershell.exe
984	powershell.exe
1836	powershell.exe
1836	powershell.exe
2060	powershell.exe
2060	powershell.exe
3764	powershell.exe
3764	powershell.exe
376	powershell.exe
376	powershell.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3372	oq1N.exe
Token: SeDebugPrivilege	188	AdvancedRun.exe
Token: SeImpersonatePrivilege	188	AdvancedRun.exe
Token: SeDebugPrivilege	416	AdvancedRun.exe
Token: SeImpersonatePrivilege	416	AdvancedRun.exe
Token: SeDebugPrivilege	984	powershell.exe
Token: SeDebugPrivilege	1836	powershell.exe
Token: SeDebugPrivilege	2060	powershell.exe
Token: SeDebugPrivilege	3764	powershell.exe
Token: SeDebugPrivilege	376	powershell.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1144	java.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe
1984	javaw.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 3372	1144	java.exe	77
PID 1144 wrote to memory of 3372	1144	java.exe	77
PID 1144 wrote to memory of 3372	1144	java.exe	77
PID 1144 wrote to memory of 1984	1144	java.exe	78
PID 1144 wrote to memory of 1984	1144	java.exe	78
PID 1984 wrote to memory of 980	1984	javaw.exe	79
PID 1984 wrote to memory of 980	1984	javaw.exe	79
PID 1984 wrote to memory of 1520	1984	javaw.exe	81
PID 1984 wrote to memory of 1520	1984	javaw.exe	81
PID 1984 wrote to memory of 804	1984	javaw.exe	84
PID 1984 wrote to memory of 804	1984	javaw.exe	84
PID 3372 wrote to memory of 188	3372	oq1N.exe	85
PID 3372 wrote to memory of 188	3372	oq1N.exe	85
PID 3372 wrote to memory of 188	3372	oq1N.exe	85
PID 188 wrote to memory of 416	188	AdvancedRun.exe	86
PID 188 wrote to memory of 416	188	AdvancedRun.exe	86
PID 188 wrote to memory of 416	188	AdvancedRun.exe	86
PID 3372 wrote to memory of 1836	3372	oq1N.exe	90
PID 3372 wrote to memory of 1836	3372	oq1N.exe	90
PID 3372 wrote to memory of 1836	3372	oq1N.exe	90
PID 3372 wrote to memory of 984	3372	oq1N.exe	92
PID 3372 wrote to memory of 984	3372	oq1N.exe	92
PID 3372 wrote to memory of 984	3372	oq1N.exe	92
PID 3372 wrote to memory of 2060	3372	oq1N.exe	94
PID 3372 wrote to memory of 2060	3372	oq1N.exe	94
PID 3372 wrote to memory of 2060	3372	oq1N.exe	94
PID 3372 wrote to memory of 3764	3372	oq1N.exe	96
PID 3372 wrote to memory of 3764	3372	oq1N.exe	96
PID 3372 wrote to memory of 3764	3372	oq1N.exe	96
PID 3372 wrote to memory of 376	3372	oq1N.exe	107
PID 3372 wrote to memory of 376	3372	oq1N.exe	107
PID 3372 wrote to memory of 376	3372	oq1N.exe	107
PID 3372 wrote to memory of 972	3372	oq1N.exe	106
PID 3372 wrote to memory of 972	3372	oq1N.exe	106
PID 3372 wrote to memory of 972	3372	oq1N.exe	106
PID 3372 wrote to memory of 4140	3372	oq1N.exe	105
PID 3372 wrote to memory of 4140	3372	oq1N.exe	105
PID 3372 wrote to memory of 4140	3372	oq1N.exe	105
PID 3372 wrote to memory of 4220	3372	oq1N.exe	99
PID 3372 wrote to memory of 4220	3372	oq1N.exe	99
PID 3372 wrote to memory of 4220	3372	oq1N.exe	99
PID 3372 wrote to memory of 4316	3372	oq1N.exe	103
PID 3372 wrote to memory of 4316	3372	oq1N.exe	103
PID 3372 wrote to memory of 4316	3372	oq1N.exe	103

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1158

pid	Process
1520	attrib.exe
804	attrib.exe

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\PO_21031566AF_pdf.jar
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Users\Admin\oq1N.exe
  C:\Users\Admin\oq1N.exe
  2⤵
  - Executes dropped EXE
  - Drops startup file
  - Windows security modification
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3372
- - C:\Users\Admin\AppData\Local\Temp\4787e1b6-47c6-4178-90a9-613d0fc83d9a\AdvancedRun.exe
    "C:\Users\Admin\AppData\Local\Temp\4787e1b6-47c6-4178-90a9-613d0fc83d9a\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\4787e1b6-47c6-4178-90a9-613d0fc83d9a\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:188
  - - C:\Users\Admin\AppData\Local\Temp\4787e1b6-47c6-4178-90a9-613d0fc83d9a\AdvancedRun.exe
      "C:\Users\Admin\AppData\Local\Temp\4787e1b6-47c6-4178-90a9-613d0fc83d9a\AdvancedRun.exe" /SpecialRun 4101d8 188
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:416
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1836
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:984
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2060
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3764
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    PID:4220
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:4316
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:4140
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe"
    3⤵
    - Executes dropped EXE
    PID:972
  - - C:\Users\Admin\AppData\Local\Temp\4278ac30-0173-40fb-ac21-37a32ca7ef79\AdvancedRun.exe
      "C:\Users\Admin\AppData\Local\Temp\4278ac30-0173-40fb-ac21-37a32ca7ef79\AdvancedRun.exe" /EXEFilename "C:\Users\Admin\AppData\Local\Temp\4278ac30-0173-40fb-ac21-37a32ca7ef79\test.bat" /WindowState ""0"" /PriorityClass ""32"" /CommandLine "" /StartDirectory "" /RunAs 8 /Run
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\4278ac30-0173-40fb-ac21-37a32ca7ef79\AdvancedRun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4278ac30-0173-40fb-ac21-37a32ca7ef79\AdvancedRun.exe" /SpecialRun 4101d8 7148
        5⤵
        
        PID:6188
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:6704
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:6620
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:7000
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:4044
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:6056
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:7308
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:7404
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:7456
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:908
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:7920
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:7016
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:4540
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:7340
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:2036
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:8608
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:8656
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:8732
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:9076
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:9144
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:9112
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:7644
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:5248
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:5316
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:8780
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:5756
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:5880
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:9652
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:9672
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:9708
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:9396
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe" -Force
      4⤵
      PID:9488
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
      4⤵
      PID:8956
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c timeout 1
      4⤵
      PID:9412
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        5⤵
        Delays execution with timeout.exe
        
        PID:8324
  - - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jVAPsorbdr.exe"
      4⤵
      PID:9300
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 2128
      4⤵
      Program crash
      PID:9272
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:376
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:4544
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    PID:4008
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:4664
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:4340
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    PID:4912
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:4108
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:5196
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    PID:5252
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:5320
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:6096
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    PID:6136
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:4760
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:5600
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    PID:5652
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:5776
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:5348
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    PID:6116
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:5708
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:6808
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    PID:6824
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:6868
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:6728
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    PID:6600
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:6684
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:7776
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\oq1N.exe" -Force
    3⤵
    PID:7816
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\Documents\MDQFAmWIBzGkRBgoGDgjMoTajtClJ\svchost.exe" -Force
    3⤵
    PID:7860
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c timeout 1
    3⤵
    PID:3000
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 1
      4⤵
      Delays execution with timeout.exe
      PID:7428
- - C:\Users\Admin\oq1N.exe
    "C:\Users\Admin\oq1N.exe"
    3⤵
    PID:4772
- - C:\Users\Admin\oq1N.exe
    "C:\Users\Admin\oq1N.exe"
    3⤵
    PID:7932
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 2200
    3⤵
    - Program crash
    PID:8348
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\IxVhFD18YESB.jar"
  2⤵
  - Drops startup file
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1984
- - C:\Windows\SYSTEM32\REG.exe
    REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "IxVhFD18YESB.jar" /d "C:\Users\Admin\AppData\Roaming\IxVhFD18YESB.jar" /f
    3⤵
    - Adds Run key to start application
    - Modifies registry key
    PID:980
- - C:\Windows\SYSTEM32\attrib.exe
    attrib +H C:\Users\Admin\AppData\Roaming\IxVhFD18YESB.jar
    3⤵
    - Views/modifies file attributes
    PID:1520
- - C:\Windows\SYSTEM32\attrib.exe
    attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IxVhFD18YESB.jar
    3⤵
    - Views/modifies file attributes
    PID:804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/376-279-0x000000007F370000-0x000000007F371000-memory.dmp

Filesize
4KB

Download
memory/376-89-0x0000000006A80000-0x0000000006A81000-memory.dmp

Filesize
4KB

Download
memory/376-91-0x0000000006A82000-0x0000000006A83000-memory.dmp

Filesize
4KB

Download
memory/376-311-0x0000000006A83000-0x0000000006A84000-memory.dmp

Filesize
4KB

Download
memory/376-64-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/908-852-0x0000000006652000-0x0000000006653000-memory.dmp

Filesize
4KB

Download
memory/908-1595-0x000000007E4B0000-0x000000007E4B1000-memory.dmp

Filesize
4KB

Download
memory/908-1080-0x0000000006653000-0x0000000006654000-memory.dmp

Filesize
4KB

Download
memory/908-816-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/908-1082-0x0000000006654000-0x0000000006656000-memory.dmp

Filesize
8KB

Download
memory/908-839-0x0000000006650000-0x0000000006651000-memory.dmp

Filesize
4KB

Download
memory/972-564-0x0000000005180000-0x0000000005181000-memory.dmp

Filesize
4KB

Download
memory/972-47-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/984-36-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/984-46-0x0000000007050000-0x0000000007051000-memory.dmp

Filesize
4KB

Download
memory/984-122-0x0000000007FB0000-0x0000000007FB1000-memory.dmp

Filesize
4KB

Download
memory/984-120-0x0000000006DF0000-0x0000000006DF1000-memory.dmp

Filesize
4KB

Download
memory/984-291-0x0000000006A13000-0x0000000006A14000-memory.dmp

Filesize
4KB

Download
memory/984-167-0x0000000008DB0000-0x0000000008DE3000-memory.dmp

Filesize
204KB

Download
memory/984-173-0x000000007F020000-0x000000007F021000-memory.dmp

Filesize
4KB

Download
memory/984-40-0x00000000042B0000-0x00000000042B1000-memory.dmp

Filesize
4KB

Download
memory/984-58-0x0000000006A12000-0x0000000006A13000-memory.dmp

Filesize
4KB

Download
memory/984-216-0x0000000008A50000-0x0000000008A51000-memory.dmp

Filesize
4KB

Download
memory/984-127-0x0000000007DB0000-0x0000000007DB1000-memory.dmp

Filesize
4KB

Download
memory/984-51-0x0000000006A10000-0x0000000006A11000-memory.dmp

Filesize
4KB

Download
memory/984-223-0x0000000008EE0000-0x0000000008EE1000-memory.dmp

Filesize
4KB

Download
memory/984-262-0x0000000009070000-0x0000000009071000-memory.dmp

Filesize
4KB

Download
memory/1144-2-0x00000000027D0000-0x0000000002A40000-memory.dmp

Filesize
2.4MB

Download
memory/1836-236-0x000000007E730000-0x000000007E731000-memory.dmp

Filesize
4KB

Download
memory/1836-295-0x0000000006E73000-0x0000000006E74000-memory.dmp

Filesize
4KB

Download
memory/1836-37-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/1836-61-0x0000000006E72000-0x0000000006E73000-memory.dmp

Filesize
4KB

Download
memory/1836-82-0x0000000007C80000-0x0000000007C81000-memory.dmp

Filesize
4KB

Download
memory/1836-52-0x0000000006E70000-0x0000000006E71000-memory.dmp

Filesize
4KB

Download
memory/1836-73-0x0000000007320000-0x0000000007321000-memory.dmp

Filesize
4KB

Download
memory/1836-80-0x00000000073C0000-0x00000000073C1000-memory.dmp

Filesize
4KB

Download
memory/1836-77-0x0000000007C10000-0x0000000007C11000-memory.dmp

Filesize
4KB

Download
memory/1984-30-0x0000000003480000-0x0000000003490000-memory.dmp

Filesize
64KB

Download
memory/1984-31-0x0000000003490000-0x00000000034A0000-memory.dmp

Filesize
64KB

Download
memory/1984-29-0x0000000003470000-0x0000000003480000-memory.dmp

Filesize
64KB

Download
memory/1984-28-0x0000000003460000-0x0000000003470000-memory.dmp

Filesize
64KB

Download
memory/1984-13-0x00000000031F0000-0x0000000003460000-memory.dmp

Filesize
2.4MB

Download
memory/2036-923-0x0000000004592000-0x0000000004593000-memory.dmp

Filesize
4KB

Download
memory/2036-1686-0x000000007E480000-0x000000007E481000-memory.dmp

Filesize
4KB

Download
memory/2036-1146-0x0000000004594000-0x0000000004596000-memory.dmp

Filesize
8KB

Download
memory/2036-1145-0x0000000004593000-0x0000000004594000-memory.dmp

Filesize
4KB

Download
memory/2036-941-0x0000000004590000-0x0000000004591000-memory.dmp

Filesize
4KB

Download
memory/2036-903-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/2060-63-0x0000000006420000-0x0000000006421000-memory.dmp

Filesize
4KB

Download
memory/2060-1238-0x0000000000850000-0x0000000000851000-memory.dmp

Filesize
4KB

Download
memory/2060-1258-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2060-186-0x000000007EBC0000-0x000000007EBC1000-memory.dmp

Filesize
4KB

Download
memory/2060-44-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/2060-274-0x0000000006423000-0x0000000006424000-memory.dmp

Filesize
4KB

Download
memory/2060-55-0x0000000006422000-0x0000000006423000-memory.dmp

Filesize
4KB

Download
memory/3372-10-0x00000000049F0000-0x00000000049F1000-memory.dmp

Filesize
4KB

Download
memory/3372-62-0x0000000007F70000-0x0000000007F71000-memory.dmp

Filesize
4KB

Download
memory/3372-15-0x0000000004B00000-0x0000000004B01000-memory.dmp

Filesize
4KB

Download
memory/3372-7-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/3372-6-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/3372-20-0x0000000004480000-0x00000000044FE000-memory.dmp

Filesize
504KB

Download
memory/3372-21-0x00000000081F0000-0x00000000081F1000-memory.dmp

Filesize
4KB

Download
memory/3372-22-0x0000000007CF0000-0x0000000007CF1000-memory.dmp

Filesize
4KB

Download
memory/3764-85-0x0000000004860000-0x0000000004861000-memory.dmp

Filesize
4KB

Download
memory/3764-59-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/3764-179-0x000000007E8D0000-0x000000007E8D1000-memory.dmp

Filesize
4KB

Download
memory/3764-327-0x0000000004863000-0x0000000004864000-memory.dmp

Filesize
4KB

Download
memory/3764-90-0x0000000004862000-0x0000000004863000-memory.dmp

Filesize
4KB

Download
memory/4008-540-0x0000000006EB3000-0x0000000006EB4000-memory.dmp

Filesize
4KB

Download
memory/4008-148-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4008-158-0x0000000006EB2000-0x0000000006EB3000-memory.dmp

Filesize
4KB

Download
memory/4008-162-0x0000000006EB0000-0x0000000006EB1000-memory.dmp

Filesize
4KB

Download
memory/4008-463-0x000000007ECC0000-0x000000007ECC1000-memory.dmp

Filesize
4KB

Download
memory/4044-1375-0x000000007EBD0000-0x000000007EBD1000-memory.dmp

Filesize
4KB

Download
memory/4044-919-0x0000000006C04000-0x0000000006C06000-memory.dmp

Filesize
8KB

Download
memory/4044-681-0x0000000006C00000-0x0000000006C01000-memory.dmp

Filesize
4KB

Download
memory/4044-908-0x0000000006C03000-0x0000000006C04000-memory.dmp

Filesize
4KB

Download
memory/4044-657-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4044-672-0x0000000006C02000-0x0000000006C03000-memory.dmp

Filesize
4KB

Download
memory/4108-434-0x0000000006F93000-0x0000000006F94000-memory.dmp

Filesize
4KB

Download
memory/4108-436-0x0000000006F94000-0x0000000006F96000-memory.dmp

Filesize
8KB

Download
memory/4108-232-0x0000000006F90000-0x0000000006F91000-memory.dmp

Filesize
4KB

Download
memory/4108-192-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4108-1381-0x000000007EC40000-0x000000007EC41000-memory.dmp

Filesize
4KB

Download
memory/4108-226-0x0000000006F92000-0x0000000006F93000-memory.dmp

Filesize
4KB

Download
memory/4140-219-0x000000007EC20000-0x000000007EC21000-memory.dmp

Filesize
4KB

Download
memory/4140-282-0x00000000072A3000-0x00000000072A4000-memory.dmp

Filesize
4KB

Download
memory/4140-99-0x00000000072A2000-0x00000000072A3000-memory.dmp

Filesize
4KB

Download
memory/4140-67-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4140-93-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/4220-100-0x0000000004D22000-0x0000000004D23000-memory.dmp

Filesize
4KB

Download
memory/4220-96-0x0000000004D20000-0x0000000004D21000-memory.dmp

Filesize
4KB

Download
memory/4220-269-0x000000007EE80000-0x000000007EE81000-memory.dmp

Filesize
4KB

Download
memory/4220-70-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4220-298-0x0000000004D23000-0x0000000004D24000-memory.dmp

Filesize
4KB

Download
memory/4316-75-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4316-102-0x00000000044C0000-0x00000000044C1000-memory.dmp

Filesize
4KB

Download
memory/4316-288-0x000000007F8E0000-0x000000007F8E1000-memory.dmp

Filesize
4KB

Download
memory/4316-87-0x00000000044C2000-0x00000000044C3000-memory.dmp

Filesize
4KB

Download
memory/4316-315-0x00000000044C3000-0x00000000044C4000-memory.dmp

Filesize
4KB

Download
memory/4340-483-0x000000007F440000-0x000000007F441000-memory.dmp

Filesize
4KB

Download
memory/4340-166-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4340-191-0x0000000004C80000-0x0000000004C81000-memory.dmp

Filesize
4KB

Download
memory/4340-206-0x0000000004C82000-0x0000000004C83000-memory.dmp

Filesize
4KB

Download
memory/4340-550-0x0000000004C83000-0x0000000004C84000-memory.dmp

Filesize
4KB

Download
memory/4540-1709-0x000000007E3F0000-0x000000007E3F1000-memory.dmp

Filesize
4KB

Download
memory/4540-1162-0x00000000066F4000-0x00000000066F6000-memory.dmp

Filesize
8KB

Download
memory/4540-936-0x00000000066F0000-0x00000000066F1000-memory.dmp

Filesize
4KB

Download
memory/4540-895-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4540-913-0x00000000066F2000-0x00000000066F3000-memory.dmp

Filesize
4KB

Download
memory/4540-1157-0x00000000066F3000-0x00000000066F4000-memory.dmp

Filesize
4KB

Download
memory/4544-151-0x00000000076E0000-0x00000000076E1000-memory.dmp

Filesize
4KB

Download
memory/4544-147-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4544-154-0x00000000076E2000-0x00000000076E3000-memory.dmp

Filesize
4KB

Download
memory/4544-445-0x000000007E950000-0x000000007E951000-memory.dmp

Filesize
4KB

Download
memory/4544-523-0x00000000076E3000-0x00000000076E4000-memory.dmp

Filesize
4KB

Download
memory/4664-156-0x0000000000A30000-0x0000000000A31000-memory.dmp

Filesize
4KB

Download
memory/4664-150-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4664-542-0x0000000000A33000-0x0000000000A34000-memory.dmp

Filesize
4KB

Download
memory/4664-161-0x0000000000A32000-0x0000000000A33000-memory.dmp

Filesize
4KB

Download
memory/4664-497-0x000000007F3D0000-0x000000007F3D1000-memory.dmp

Filesize
4KB

Download
memory/4760-551-0x0000000007304000-0x0000000007306000-memory.dmp

Filesize
8KB

Download
memory/4760-1667-0x000000007EF30000-0x000000007EF31000-memory.dmp

Filesize
4KB

Download
memory/4760-549-0x0000000007303000-0x0000000007304000-memory.dmp

Filesize
4KB

Download
memory/4760-360-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4760-376-0x0000000007300000-0x0000000007301000-memory.dmp

Filesize
4KB

Download
memory/4760-371-0x0000000007302000-0x0000000007303000-memory.dmp

Filesize
4KB

Download
memory/4912-431-0x00000000065F3000-0x00000000065F4000-memory.dmp

Filesize
4KB

Download
memory/4912-176-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/4912-213-0x00000000065F2000-0x00000000065F3000-memory.dmp

Filesize
4KB

Download
memory/4912-1430-0x000000007E4A0000-0x000000007E4A1000-memory.dmp

Filesize
4KB

Download
memory/4912-433-0x00000000065F4000-0x00000000065F6000-memory.dmp

Filesize
8KB

Download
memory/4912-200-0x00000000065F0000-0x00000000065F1000-memory.dmp

Filesize
4KB

Download
memory/5196-307-0x00000000070E0000-0x00000000070E1000-memory.dmp

Filesize
4KB

Download
memory/5196-324-0x00000000070E2000-0x00000000070E3000-memory.dmp

Filesize
4KB

Download
memory/5196-490-0x00000000070E3000-0x00000000070E4000-memory.dmp

Filesize
4KB

Download
memory/5196-493-0x00000000070E4000-0x00000000070E6000-memory.dmp

Filesize
8KB

Download
memory/5196-1502-0x000000007F060000-0x000000007F061000-memory.dmp

Filesize
4KB

Download
memory/5196-285-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5248-1242-0x0000000004DB3000-0x0000000004DB4000-memory.dmp

Filesize
4KB

Download
memory/5248-1243-0x0000000004DB4000-0x0000000004DB6000-memory.dmp

Filesize
8KB

Download
memory/5248-1835-0x000000007F980000-0x000000007F981000-memory.dmp

Filesize
4KB

Download
memory/5248-1095-0x0000000004DB2000-0x0000000004DB3000-memory.dmp

Filesize
4KB

Download
memory/5248-1083-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

Filesize
4KB

Download
memory/5248-1062-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5252-323-0x0000000004722000-0x0000000004723000-memory.dmp

Filesize
4KB

Download
memory/5252-1501-0x000000007EB50000-0x000000007EB51000-memory.dmp

Filesize
4KB

Download
memory/5252-487-0x0000000004724000-0x0000000004726000-memory.dmp

Filesize
8KB

Download
memory/5252-286-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5252-300-0x0000000004720000-0x0000000004721000-memory.dmp

Filesize
4KB

Download
memory/5252-479-0x0000000004723000-0x0000000004724000-memory.dmp

Filesize
4KB

Download
memory/5316-1066-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5316-1097-0x00000000041B0000-0x00000000041B1000-memory.dmp

Filesize
4KB

Download
memory/5316-1261-0x00000000041B3000-0x00000000041B4000-memory.dmp

Filesize
4KB

Download
memory/5316-1098-0x00000000041B2000-0x00000000041B3000-memory.dmp

Filesize
4KB

Download
memory/5316-1879-0x000000007F990000-0x000000007F991000-memory.dmp

Filesize
4KB

Download
memory/5316-1262-0x00000000041B4000-0x00000000041B6000-memory.dmp

Filesize
8KB

Download
memory/5320-319-0x00000000070E2000-0x00000000070E3000-memory.dmp

Filesize
4KB

Download
memory/5320-513-0x00000000070E3000-0x00000000070E4000-memory.dmp

Filesize
4KB

Download
memory/5320-519-0x00000000070E4000-0x00000000070E6000-memory.dmp

Filesize
8KB

Download
memory/5320-296-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5320-325-0x00000000070E0000-0x00000000070E1000-memory.dmp

Filesize
4KB

Download
memory/5320-1532-0x000000007EDD0000-0x000000007EDD1000-memory.dmp

Filesize
4KB

Download
memory/5348-521-0x0000000004252000-0x0000000004253000-memory.dmp

Filesize
4KB

Download
memory/5348-505-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5348-520-0x0000000004250000-0x0000000004251000-memory.dmp

Filesize
4KB

Download
memory/5348-622-0x0000000004254000-0x0000000004256000-memory.dmp

Filesize
8KB

Download
memory/5348-1346-0x000000007E8A0000-0x000000007E8A1000-memory.dmp

Filesize
4KB

Download
memory/5348-601-0x0000000004253000-0x0000000004254000-memory.dmp

Filesize
4KB

Download
memory/5600-1737-0x000000007EA70000-0x000000007EA71000-memory.dmp

Filesize
4KB

Download
memory/5600-394-0x00000000049B0000-0x00000000049B1000-memory.dmp

Filesize
4KB

Download
memory/5600-562-0x00000000049B4000-0x00000000049B6000-memory.dmp

Filesize
8KB

Download
memory/5600-408-0x00000000049B2000-0x00000000049B3000-memory.dmp

Filesize
4KB

Download
memory/5600-561-0x00000000049B3000-0x00000000049B4000-memory.dmp

Filesize
4KB

Download
memory/5600-381-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5652-566-0x0000000006D53000-0x0000000006D54000-memory.dmp

Filesize
4KB

Download
memory/5652-1784-0x000000007EF80000-0x000000007EF81000-memory.dmp

Filesize
4KB

Download
memory/5652-399-0x0000000006D52000-0x0000000006D53000-memory.dmp

Filesize
4KB

Download
memory/5652-567-0x0000000006D54000-0x0000000006D56000-memory.dmp

Filesize
8KB

Download
memory/5652-384-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5652-412-0x0000000006D50000-0x0000000006D51000-memory.dmp

Filesize
4KB

Download
memory/5708-619-0x0000000006AF3000-0x0000000006AF4000-memory.dmp

Filesize
4KB

Download
memory/5708-515-0x0000000006AF0000-0x0000000006AF1000-memory.dmp

Filesize
4KB

Download
memory/5708-510-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5708-621-0x0000000006AF4000-0x0000000006AF6000-memory.dmp

Filesize
8KB

Download
memory/5708-525-0x0000000006AF2000-0x0000000006AF3000-memory.dmp

Filesize
4KB

Download
memory/5756-1885-0x000000007F710000-0x000000007F711000-memory.dmp

Filesize
4KB

Download
memory/5756-1119-0x0000000007052000-0x0000000007053000-memory.dmp

Filesize
4KB

Download
memory/5756-1104-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5756-1117-0x0000000007050000-0x0000000007051000-memory.dmp

Filesize
4KB

Download
memory/5756-1263-0x0000000007053000-0x0000000007054000-memory.dmp

Filesize
4KB

Download
memory/5756-1264-0x0000000007054000-0x0000000007056000-memory.dmp

Filesize
8KB

Download
memory/5776-404-0x0000000006F72000-0x0000000006F73000-memory.dmp

Filesize
4KB

Download
memory/5776-1789-0x000000007EB90000-0x000000007EB91000-memory.dmp

Filesize
4KB

Download
memory/5776-572-0x0000000006F74000-0x0000000006F76000-memory.dmp

Filesize
8KB

Download
memory/5776-387-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/5776-569-0x0000000006F73000-0x0000000006F74000-memory.dmp

Filesize
4KB

Download
memory/5776-411-0x0000000006F70000-0x0000000006F71000-memory.dmp

Filesize
4KB

Download
memory/5880-1116-0x00000000072D0000-0x00000000072D1000-memory.dmp

Filesize
4KB

Download
memory/5880-1275-0x00000000072D4000-0x00000000072D6000-memory.dmp

Filesize
8KB

Download
memory/5880-1274-0x00000000072D3000-0x00000000072D4000-memory.dmp

Filesize
4KB

Download
memory/5880-1120-0x00000000072D2000-0x00000000072D3000-memory.dmp

Filesize
4KB

Download
memory/5880-1105-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6056-663-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6056-921-0x0000000004ED3000-0x0000000004ED4000-memory.dmp

Filesize
4KB

Download
memory/6056-931-0x0000000004ED4000-0x0000000004ED6000-memory.dmp

Filesize
8KB

Download
memory/6056-687-0x0000000004ED0000-0x0000000004ED1000-memory.dmp

Filesize
4KB

Download
memory/6056-674-0x0000000004ED2000-0x0000000004ED3000-memory.dmp

Filesize
4KB

Download
memory/6096-545-0x0000000006C93000-0x0000000006C94000-memory.dmp

Filesize
4KB

Download
memory/6096-367-0x0000000006C90000-0x0000000006C91000-memory.dmp

Filesize
4KB

Download
memory/6096-373-0x0000000006C92000-0x0000000006C93000-memory.dmp

Filesize
4KB

Download
memory/6096-1641-0x000000007F830000-0x000000007F831000-memory.dmp

Filesize
4KB

Download
memory/6096-546-0x0000000006C94000-0x0000000006C96000-memory.dmp

Filesize
8KB

Download
memory/6096-357-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6116-509-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6116-615-0x00000000047D4000-0x00000000047D6000-memory.dmp

Filesize
8KB

Download
memory/6116-522-0x00000000047D0000-0x00000000047D1000-memory.dmp

Filesize
4KB

Download
memory/6116-518-0x00000000047D2000-0x00000000047D3000-memory.dmp

Filesize
4KB

Download
memory/6116-1349-0x000000007EFF0000-0x000000007EFF1000-memory.dmp

Filesize
4KB

Download
memory/6116-611-0x00000000047D3000-0x00000000047D4000-memory.dmp

Filesize
4KB

Download
memory/6136-548-0x0000000006794000-0x0000000006796000-memory.dmp

Filesize
8KB

Download
memory/6136-1663-0x000000007EA20000-0x000000007EA21000-memory.dmp

Filesize
4KB

Download
memory/6136-369-0x0000000006790000-0x0000000006791000-memory.dmp

Filesize
4KB

Download
memory/6136-547-0x0000000006793000-0x0000000006794000-memory.dmp

Filesize
4KB

Download
memory/6136-358-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6136-375-0x0000000006792000-0x0000000006793000-memory.dmp

Filesize
4KB

Download
memory/6600-645-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6600-925-0x00000000070B3000-0x00000000070B4000-memory.dmp

Filesize
4KB

Download
memory/6600-680-0x00000000070B2000-0x00000000070B3000-memory.dmp

Filesize
4KB

Download
memory/6600-658-0x00000000070B0000-0x00000000070B1000-memory.dmp

Filesize
4KB

Download
memory/6600-1418-0x000000007F4E0000-0x000000007F4E1000-memory.dmp

Filesize
4KB

Download
memory/6600-927-0x00000000070B4000-0x00000000070B6000-memory.dmp

Filesize
8KB

Download
memory/6620-938-0x0000000004904000-0x0000000004906000-memory.dmp

Filesize
8KB

Download
memory/6620-679-0x0000000004902000-0x0000000004903000-memory.dmp

Filesize
4KB

Download
memory/6620-937-0x0000000004903000-0x0000000004904000-memory.dmp

Filesize
4KB

Download
memory/6620-1378-0x000000007F4A0000-0x000000007F4A1000-memory.dmp

Filesize
4KB

Download
memory/6620-644-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6620-677-0x0000000004900000-0x0000000004901000-memory.dmp

Filesize
4KB

Download
memory/6684-640-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6684-647-0x00000000066D0000-0x00000000066D1000-memory.dmp

Filesize
4KB

Download
memory/6684-1351-0x000000007F210000-0x000000007F211000-memory.dmp

Filesize
4KB

Download
memory/6684-849-0x00000000066D3000-0x00000000066D4000-memory.dmp

Filesize
4KB

Download
memory/6684-651-0x00000000066D2000-0x00000000066D3000-memory.dmp

Filesize
4KB

Download
memory/6684-861-0x00000000066D4000-0x00000000066D6000-memory.dmp

Filesize
8KB

Download
memory/6704-860-0x0000000004AB4000-0x0000000004AB6000-memory.dmp

Filesize
8KB

Download
memory/6704-1353-0x000000007F720000-0x000000007F721000-memory.dmp

Filesize
4KB

Download
memory/6704-641-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6704-654-0x0000000004AB2000-0x0000000004AB3000-memory.dmp

Filesize
4KB

Download
memory/6704-858-0x0000000004AB3000-0x0000000004AB4000-memory.dmp

Filesize
4KB

Download
memory/6704-675-0x0000000004AB0000-0x0000000004AB1000-memory.dmp

Filesize
4KB

Download
memory/6728-870-0x0000000006FA4000-0x0000000006FA6000-memory.dmp

Filesize
8KB

Download
memory/6728-650-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6728-1373-0x000000007E980000-0x000000007E981000-memory.dmp

Filesize
4KB

Download
memory/6728-661-0x0000000006FA0000-0x0000000006FA1000-memory.dmp

Filesize
4KB

Download
memory/6728-667-0x0000000006FA2000-0x0000000006FA3000-memory.dmp

Filesize
4KB

Download
memory/6728-867-0x0000000006FA3000-0x0000000006FA4000-memory.dmp

Filesize
4KB

Download
memory/6808-693-0x0000000006B34000-0x0000000006B36000-memory.dmp

Filesize
8KB

Download
memory/6808-606-0x0000000006B32000-0x0000000006B33000-memory.dmp

Filesize
4KB

Download
memory/6808-691-0x0000000006B33000-0x0000000006B34000-memory.dmp

Filesize
4KB

Download
memory/6808-580-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6808-602-0x0000000006B30000-0x0000000006B31000-memory.dmp

Filesize
4KB

Download
memory/6808-1462-0x000000007F360000-0x000000007F361000-memory.dmp

Filesize
4KB

Download
memory/6824-582-0x0000000004770000-0x0000000004771000-memory.dmp

Filesize
4KB

Download
memory/6824-683-0x0000000004774000-0x0000000004776000-memory.dmp

Filesize
8KB

Download
memory/6824-682-0x0000000004773000-0x0000000004774000-memory.dmp

Filesize
4KB

Download
memory/6824-600-0x0000000004772000-0x0000000004773000-memory.dmp

Filesize
4KB

Download
memory/6824-579-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6824-1433-0x000000007EE70000-0x000000007EE71000-memory.dmp

Filesize
4KB

Download
memory/6868-696-0x0000000007093000-0x0000000007094000-memory.dmp

Filesize
4KB

Download
memory/6868-1464-0x000000007E9E0000-0x000000007E9E1000-memory.dmp

Filesize
4KB

Download
memory/6868-584-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/6868-699-0x0000000007094000-0x0000000007096000-memory.dmp

Filesize
8KB

Download
memory/6868-610-0x0000000007092000-0x0000000007093000-memory.dmp

Filesize
4KB

Download
memory/6868-608-0x0000000007090000-0x0000000007091000-memory.dmp

Filesize
4KB

Download
memory/7000-664-0x0000000007070000-0x0000000007071000-memory.dmp

Filesize
4KB

Download
memory/7000-932-0x0000000007073000-0x0000000007074000-memory.dmp

Filesize
4KB

Download
memory/7000-653-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7000-670-0x0000000007072000-0x0000000007073000-memory.dmp

Filesize
4KB

Download
memory/7000-934-0x0000000007074000-0x0000000007076000-memory.dmp

Filesize
8KB

Download
memory/7000-1422-0x000000007F340000-0x000000007F341000-memory.dmp

Filesize
4KB

Download
memory/7016-1638-0x000000007E960000-0x000000007E961000-memory.dmp

Filesize
4KB

Download
memory/7016-846-0x0000000000A42000-0x0000000000A43000-memory.dmp

Filesize
4KB

Download
memory/7016-853-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/7016-826-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7016-1112-0x0000000000A43000-0x0000000000A44000-memory.dmp

Filesize
4KB

Download
memory/7016-1113-0x0000000000A44000-0x0000000000A46000-memory.dmp

Filesize
8KB

Download
memory/7308-1072-0x0000000004AD3000-0x0000000004AD4000-memory.dmp

Filesize
4KB

Download
memory/7308-811-0x0000000004AD2000-0x0000000004AD3000-memory.dmp

Filesize
4KB

Download
memory/7308-799-0x0000000004AD0000-0x0000000004AD1000-memory.dmp

Filesize
4KB

Download
memory/7308-1073-0x0000000004AD4000-0x0000000004AD6000-memory.dmp

Filesize
8KB

Download
memory/7308-794-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7308-1603-0x000000007EB80000-0x000000007EB81000-memory.dmp

Filesize
4KB

Download
memory/7340-1171-0x0000000006C33000-0x0000000006C34000-memory.dmp

Filesize
4KB

Download
memory/7340-939-0x0000000006C30000-0x0000000006C31000-memory.dmp

Filesize
4KB

Download
memory/7340-897-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7340-916-0x0000000006C32000-0x0000000006C33000-memory.dmp

Filesize
4KB

Download
memory/7340-1175-0x0000000006C34000-0x0000000006C36000-memory.dmp

Filesize
8KB

Download
memory/7340-1715-0x000000007F2B0000-0x000000007F2B1000-memory.dmp

Filesize
4KB

Download
memory/7404-815-0x0000000006CA2000-0x0000000006CA3000-memory.dmp

Filesize
4KB

Download
memory/7404-1074-0x0000000006CA3000-0x0000000006CA4000-memory.dmp

Filesize
4KB

Download
memory/7404-797-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7404-812-0x0000000006CA0000-0x0000000006CA1000-memory.dmp

Filesize
4KB

Download
memory/7404-1591-0x000000007E9B0000-0x000000007E9B1000-memory.dmp

Filesize
4KB

Download
memory/7404-1075-0x0000000006CA4000-0x0000000006CA6000-memory.dmp

Filesize
8KB

Download
memory/7456-817-0x0000000007552000-0x0000000007553000-memory.dmp

Filesize
4KB

Download
memory/7456-814-0x0000000007550000-0x0000000007551000-memory.dmp

Filesize
4KB

Download
memory/7456-1076-0x0000000007553000-0x0000000007554000-memory.dmp

Filesize
4KB

Download
memory/7456-800-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7456-1078-0x0000000007554000-0x0000000007556000-memory.dmp

Filesize
8KB

Download
memory/7456-1608-0x000000007F220000-0x000000007F221000-memory.dmp

Filesize
4KB

Download
memory/7644-1063-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7644-1096-0x0000000004CE2000-0x0000000004CE3000-memory.dmp

Filesize
4KB

Download
memory/7644-1882-0x000000007F260000-0x000000007F261000-memory.dmp

Filesize
4KB

Download
memory/7644-1252-0x0000000004CE3000-0x0000000004CE4000-memory.dmp

Filesize
4KB

Download
memory/7644-1253-0x0000000004CE4000-0x0000000004CE6000-memory.dmp

Filesize
8KB

Download
memory/7644-1092-0x0000000004CE0000-0x0000000004CE1000-memory.dmp

Filesize
4KB

Download
memory/7776-762-0x0000000007160000-0x0000000007161000-memory.dmp

Filesize
4KB

Download
memory/7776-1498-0x000000007E8F0000-0x000000007E8F1000-memory.dmp

Filesize
4KB

Download
memory/7776-763-0x0000000007162000-0x0000000007163000-memory.dmp

Filesize
4KB

Download
memory/7776-751-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7776-1018-0x0000000007164000-0x0000000007166000-memory.dmp

Filesize
8KB

Download
memory/7776-1016-0x0000000007163000-0x0000000007164000-memory.dmp

Filesize
4KB

Download
memory/7816-768-0x0000000007022000-0x0000000007023000-memory.dmp

Filesize
4KB

Download
memory/7816-1052-0x0000000007024000-0x0000000007026000-memory.dmp

Filesize
8KB

Download
memory/7816-765-0x0000000007020000-0x0000000007021000-memory.dmp

Filesize
4KB

Download
memory/7816-1528-0x000000007EAA0000-0x000000007EAA1000-memory.dmp

Filesize
4KB

Download
memory/7816-1049-0x0000000007023000-0x0000000007024000-memory.dmp

Filesize
4KB

Download
memory/7816-752-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7860-1055-0x0000000006E74000-0x0000000006E76000-memory.dmp

Filesize
8KB

Download
memory/7860-754-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7860-769-0x0000000006E72000-0x0000000006E73000-memory.dmp

Filesize
4KB

Download
memory/7860-766-0x0000000006E70000-0x0000000006E71000-memory.dmp

Filesize
4KB

Download
memory/7860-1053-0x0000000006E73000-0x0000000006E74000-memory.dmp

Filesize
4KB

Download
memory/7920-819-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7920-841-0x00000000067E0000-0x00000000067E1000-memory.dmp

Filesize
4KB

Download
memory/7920-855-0x00000000067E2000-0x00000000067E3000-memory.dmp

Filesize
4KB

Download
memory/7920-1084-0x00000000067E3000-0x00000000067E4000-memory.dmp

Filesize
4KB

Download
memory/7920-1599-0x000000007EAC0000-0x000000007EAC1000-memory.dmp

Filesize
4KB

Download
memory/7920-1089-0x00000000067E4000-0x00000000067E6000-memory.dmp

Filesize
8KB

Download
memory/7932-900-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/7932-955-0x0000000005760000-0x0000000005761000-memory.dmp

Filesize
4KB

Download
memory/7932-894-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/8348-930-0x0000000004DC0000-0x0000000004DC1000-memory.dmp

Filesize
4KB

Download
memory/8608-1722-0x000000007EF90000-0x000000007EF91000-memory.dmp

Filesize
4KB

Download
memory/8608-1176-0x0000000006AB3000-0x0000000006AB4000-memory.dmp

Filesize
4KB

Download
memory/8608-971-0x0000000006AB2000-0x0000000006AB3000-memory.dmp

Filesize
4KB

Download
memory/8608-961-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/8608-1178-0x0000000006AB4000-0x0000000006AB6000-memory.dmp

Filesize
8KB

Download
memory/8608-969-0x0000000006AB0000-0x0000000006AB1000-memory.dmp

Filesize
4KB

Download
memory/8656-1193-0x00000000048A3000-0x00000000048A4000-memory.dmp

Filesize
4KB

Download
memory/8656-963-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/8656-978-0x00000000048A0000-0x00000000048A1000-memory.dmp

Filesize
4KB

Download
memory/8656-1195-0x00000000048A4000-0x00000000048A6000-memory.dmp

Filesize
8KB

Download
memory/8656-1730-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/8656-975-0x00000000048A2000-0x00000000048A3000-memory.dmp

Filesize
4KB

Download
memory/8732-1172-0x0000000004B63000-0x0000000004B64000-memory.dmp

Filesize
4KB

Download
memory/8732-965-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/8732-1742-0x000000007E930000-0x000000007E931000-memory.dmp

Filesize
4KB

Download
memory/8732-974-0x0000000004B60000-0x0000000004B61000-memory.dmp

Filesize
4KB

Download
memory/8732-977-0x0000000004B62000-0x0000000004B63000-memory.dmp

Filesize
4KB

Download
memory/8732-1173-0x0000000004B64000-0x0000000004B66000-memory.dmp

Filesize
8KB

Download
memory/8780-1271-0x00000000048E3000-0x00000000048E4000-memory.dmp

Filesize
4KB

Download
memory/8780-1273-0x00000000048E4000-0x00000000048E6000-memory.dmp

Filesize
8KB

Download
memory/8780-1103-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/8780-1114-0x00000000048E0000-0x00000000048E1000-memory.dmp

Filesize
4KB

Download
memory/8780-1118-0x00000000048E2000-0x00000000048E3000-memory.dmp

Filesize
4KB

Download
memory/8956-1340-0x0000000004A44000-0x0000000004A46000-memory.dmp

Filesize
8KB

Download
memory/8956-1337-0x0000000004A43000-0x0000000004A44000-memory.dmp

Filesize
4KB

Download
memory/8956-1215-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/8956-1225-0x0000000004A40000-0x0000000004A41000-memory.dmp

Filesize
4KB

Download
memory/8956-1227-0x0000000004A42000-0x0000000004A43000-memory.dmp

Filesize
4KB

Download
memory/9076-1196-0x0000000003463000-0x0000000003464000-memory.dmp

Filesize
4KB

Download
memory/9076-980-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/9076-1780-0x000000007F5A0000-0x000000007F5A1000-memory.dmp

Filesize
4KB

Download
memory/9076-1203-0x0000000003464000-0x0000000003466000-memory.dmp

Filesize
8KB

Download
memory/9076-991-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/9076-1001-0x0000000003462000-0x0000000003463000-memory.dmp

Filesize
4KB

Download
memory/9112-981-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/9112-985-0x0000000007120000-0x0000000007121000-memory.dmp

Filesize
4KB

Download
memory/9112-1200-0x0000000007123000-0x0000000007124000-memory.dmp

Filesize
4KB

Download
memory/9112-1202-0x0000000007124000-0x0000000007126000-memory.dmp

Filesize
8KB

Download
memory/9112-998-0x0000000007122000-0x0000000007123000-memory.dmp

Filesize
4KB

Download
memory/9144-1003-0x0000000004F42000-0x0000000004F43000-memory.dmp

Filesize
4KB

Download
memory/9144-1786-0x000000007F8F0000-0x000000007F8F1000-memory.dmp

Filesize
4KB

Download
memory/9144-1197-0x0000000004F43000-0x0000000004F44000-memory.dmp

Filesize
4KB

Download
memory/9144-988-0x0000000004F40000-0x0000000004F41000-memory.dmp

Filesize
4KB

Download
memory/9144-1201-0x0000000004F44000-0x0000000004F46000-memory.dmp

Filesize
8KB

Download
memory/9144-982-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/9272-1282-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

Filesize
4KB

Download
memory/9300-1277-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/9300-1343-0x00000000013D0000-0x00000000013D1000-memory.dmp

Filesize
4KB

Download
memory/9396-1213-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/9396-1310-0x00000000067A4000-0x00000000067A6000-memory.dmp

Filesize
8KB

Download
memory/9396-1223-0x00000000067A2000-0x00000000067A3000-memory.dmp

Filesize
4KB

Download
memory/9396-1222-0x00000000067A0000-0x00000000067A1000-memory.dmp

Filesize
4KB

Download
memory/9396-1309-0x00000000067A3000-0x00000000067A4000-memory.dmp

Filesize
4KB

Download
memory/9488-1228-0x0000000004FE2000-0x0000000004FE3000-memory.dmp

Filesize
4KB

Download
memory/9488-1214-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/9488-1224-0x0000000004FE0000-0x0000000004FE1000-memory.dmp

Filesize
4KB

Download
memory/9488-1308-0x0000000004FE4000-0x0000000004FE6000-memory.dmp

Filesize
8KB

Download
memory/9488-1306-0x0000000004FE3000-0x0000000004FE4000-memory.dmp

Filesize
4KB

Download
memory/9652-1286-0x00000000072A4000-0x00000000072A6000-memory.dmp

Filesize
8KB

Download
memory/9652-1153-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/9652-1284-0x00000000072A3000-0x00000000072A4000-memory.dmp

Filesize
4KB

Download
memory/9652-1164-0x00000000072A2000-0x00000000072A3000-memory.dmp

Filesize
4KB

Download
memory/9652-1179-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/9672-1155-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/9672-1170-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/9672-1169-0x00000000072A2000-0x00000000072A3000-memory.dmp

Filesize
4KB

Download
memory/9672-1290-0x00000000072A3000-0x00000000072A4000-memory.dmp

Filesize
4KB

Download
memory/9672-1291-0x00000000072A4000-0x00000000072A6000-memory.dmp

Filesize
8KB

Download
memory/9708-1160-0x0000000006E90000-0x0000000006E91000-memory.dmp

Filesize
4KB

Download
memory/9708-1154-0x0000000073A80000-0x000000007416E000-memory.dmp

Filesize
6.9MB

Download
memory/9708-1167-0x0000000006E92000-0x0000000006E93000-memory.dmp

Filesize
4KB

Download
memory/9708-1288-0x0000000006E93000-0x0000000006E94000-memory.dmp

Filesize
4KB

Download
memory/9708-1289-0x0000000006E94000-0x0000000006E96000-memory.dmp

Filesize
8KB

Download