gh0strat | ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

Analysis

max time kernel
150s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
09-05-2022 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

589.exe
Size

216KB
MD5

a824640862ea34979abb4d80f2ee07b1
SHA1

529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed
SHA256

ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21
SHA512

99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Score

10^/10

gh0strat rat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/812-55-0x0000000010000000-0x0000000010033000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat

Executes dropped EXE 64 IoCs

Processes:

nyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exe

pid	process
1852	nyrtuc.exe
1164	nyrtuc.exe
1076	nyrtuc.exe
1636	nyrtuc.exe
948	nyrtuc.exe
1508	nyrtuc.exe
1452	nyrtuc.exe
1948	nyrtuc.exe
2004	nyrtuc.exe
1900	nyrtuc.exe
1792	nyrtuc.exe
1616	nyrtuc.exe
524	nyrtuc.exe
1028	nyrtuc.exe
1644	nyrtuc.exe
932	nyrtuc.exe
1204	nyrtuc.exe
1368	nyrtuc.exe
1956	nyrtuc.exe
988	nyrtuc.exe
1764	nyrtuc.exe
1996	nyrtuc.exe
1724	nyrtuc.exe
1096	nyrtuc.exe
1556	nyrtuc.exe
2040	nyrtuc.exe
1896	nyrtuc.exe
436	nyrtuc.exe
1840	nyrtuc.exe
868	nyrtuc.exe
1676	nyrtuc.exe
1628	nyrtuc.exe
1208	nyrtuc.exe
1996	nyrtuc.exe
1784	nyrtuc.exe
1096	nyrtuc.exe
892	nyrtuc.exe
1388	nyrtuc.exe
1564	nyrtuc.exe
436	nyrtuc.exe
1196	nyrtuc.exe
868	nyrtuc.exe
976	nyrtuc.exe
1628	nyrtuc.exe
2044	nyrtuc.exe
1996	nyrtuc.exe
1572	nyrtuc.exe
1096	nyrtuc.exe
1116	nyrtuc.exe
316	nyrtuc.exe
1368	nyrtuc.exe
1508	nyrtuc.exe
1736	nyrtuc.exe
1524	nyrtuc.exe
2000	nyrtuc.exe
1588	nyrtuc.exe
2036	nyrtuc.exe
956	nyrtuc.exe
1940	nyrtuc.exe
1708	nyrtuc.exe
1928	nyrtuc.exe
1908	nyrtuc.exe
900	nyrtuc.exe
988	nyrtuc.exe

Deletes itself 1 IoCs

Processes:

WScript.exe

pid process

956 WScript.exe
Drops file in Windows directory 2 IoCs

Processes:

589.exe

description ioc process

File created C:\Windows\nyrtuc.exe 589.exe
File opened for modification C:\Windows\nyrtuc.exe 589.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
956	WScript.exe

description	ioc	process
File created	C:\Windows\nyrtuc.exe	589.exe
File opened for modification	C:\Windows\nyrtuc.exe	589.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2044	1852	WerFault.exe	nyrtuc.exe
1940	1076	WerFault.exe	nyrtuc.exe
1020	948	WerFault.exe	nyrtuc.exe
1956	1452	WerFault.exe	nyrtuc.exe
1904	2004	WerFault.exe	nyrtuc.exe
1236	1792	WerFault.exe	nyrtuc.exe
1572	524	WerFault.exe	nyrtuc.exe
1504	1644	WerFault.exe	nyrtuc.exe
576	1204	WerFault.exe	nyrtuc.exe
112	1956	WerFault.exe	nyrtuc.exe
848	1764	WerFault.exe	nyrtuc.exe
1360	1724	WerFault.exe	nyrtuc.exe
1172	1556	WerFault.exe	nyrtuc.exe
1020	1896	WerFault.exe	nyrtuc.exe
1056	1840	WerFault.exe	nyrtuc.exe
1768	1676	WerFault.exe	nyrtuc.exe
896	1208	WerFault.exe	nyrtuc.exe
524	1784	WerFault.exe	nyrtuc.exe
1504	892	WerFault.exe	nyrtuc.exe
576	1564	WerFault.exe	nyrtuc.exe
280	1196	WerFault.exe	nyrtuc.exe
1748	976	WerFault.exe	nyrtuc.exe
1156	2044	WerFault.exe	nyrtuc.exe
1500	1572	WerFault.exe	nyrtuc.exe
948	1116	WerFault.exe	nyrtuc.exe
2016	1368	WerFault.exe	nyrtuc.exe
1676	1736	WerFault.exe	nyrtuc.exe
1208	2000	WerFault.exe	nyrtuc.exe
1616	2036	WerFault.exe	nyrtuc.exe
892	1940	WerFault.exe	nyrtuc.exe
1180	1928	WerFault.exe	nyrtuc.exe
1508	900	WerFault.exe	nyrtuc.exe
2020	2012	WerFault.exe	nyrtuc.exe
1532	976	WerFault.exe	nyrtuc.exe
1756	1792	WerFault.exe	nyrtuc.exe
2024	1784	WerFault.exe	nyrtuc.exe
860	1504	WerFault.exe	nyrtuc.exe
1008	1180	WerFault.exe	nyrtuc.exe
984	436	WerFault.exe	nyrtuc.exe
1828	1524	WerFault.exe	nyrtuc.exe
1156	896	WerFault.exe	nyrtuc.exe
1272	1360	WerFault.exe	nyrtuc.exe
1188	2040	WerFault.exe	nyrtuc.exe
1056	1356	WerFault.exe	nyrtuc.exe
900	1440	WerFault.exe	nyrtuc.exe
868	1660	WerFault.exe	nyrtuc.exe
1532	1720	WerFault.exe	nyrtuc.exe
2000	528	WerFault.exe	nyrtuc.exe
1616	1920	WerFault.exe	nyrtuc.exe
1096	892	WerFault.exe	nyrtuc.exe
1564	1240	WerFault.exe	nyrtuc.exe
900	316	WerFault.exe	nyrtuc.exe
1768	1764	WerFault.exe	nyrtuc.exe
1324	1852	WerFault.exe	nyrtuc.exe
1836	1996	WerFault.exe	nyrtuc.exe
1548	1380	WerFault.exe	nyrtuc.exe
1924	1896	WerFault.exe	nyrtuc.exe
1356	1600	WerFault.exe	nyrtuc.exe
1552	1984	WerFault.exe	nyrtuc.exe
868	1948	WerFault.exe	nyrtuc.exe
1532	988	WerFault.exe	nyrtuc.exe
1336	1956	WerFault.exe	nyrtuc.exe
1572	1624	WerFault.exe	nyrtuc.exe
1504	1980	WerFault.exe	nyrtuc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

nyrtuc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	nyrtuc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	nyrtuc.exe

Modifies data under HKEY_USERS 6 IoCs

Processes:

nyrtuc.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum	nyrtuc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	nyrtuc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	nyrtuc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie	nyrtuc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum	nyrtuc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum\Version = "7"	nyrtuc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

nyrtuc.exe

pid	process
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

589.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exe

description	pid	process	target process
PID 812 wrote to memory of 956	812	589.exe	WScript.exe
PID 812 wrote to memory of 956	812	589.exe	WScript.exe
PID 812 wrote to memory of 956	812	589.exe	WScript.exe
PID 812 wrote to memory of 956	812	589.exe	WScript.exe
PID 1852 wrote to memory of 1164	1852	nyrtuc.exe	nyrtuc.exe
PID 1852 wrote to memory of 1164	1852	nyrtuc.exe	nyrtuc.exe
PID 1852 wrote to memory of 1164	1852	nyrtuc.exe	nyrtuc.exe
PID 1852 wrote to memory of 1164	1852	nyrtuc.exe	nyrtuc.exe
PID 1852 wrote to memory of 2044	1852	nyrtuc.exe	WerFault.exe
PID 1852 wrote to memory of 2044	1852	nyrtuc.exe	WerFault.exe
PID 1852 wrote to memory of 2044	1852	nyrtuc.exe	WerFault.exe
PID 1852 wrote to memory of 2044	1852	nyrtuc.exe	WerFault.exe
PID 1076 wrote to memory of 1636	1076	nyrtuc.exe	nyrtuc.exe
PID 1076 wrote to memory of 1636	1076	nyrtuc.exe	nyrtuc.exe
PID 1076 wrote to memory of 1636	1076	nyrtuc.exe	nyrtuc.exe
PID 1076 wrote to memory of 1636	1076	nyrtuc.exe	nyrtuc.exe
PID 1076 wrote to memory of 1940	1076	nyrtuc.exe	WerFault.exe
PID 1076 wrote to memory of 1940	1076	nyrtuc.exe	WerFault.exe
PID 1076 wrote to memory of 1940	1076	nyrtuc.exe	WerFault.exe
PID 1076 wrote to memory of 1940	1076	nyrtuc.exe	WerFault.exe
PID 948 wrote to memory of 1508	948	nyrtuc.exe	nyrtuc.exe
PID 948 wrote to memory of 1508	948	nyrtuc.exe	nyrtuc.exe
PID 948 wrote to memory of 1508	948	nyrtuc.exe	nyrtuc.exe
PID 948 wrote to memory of 1508	948	nyrtuc.exe	nyrtuc.exe
PID 948 wrote to memory of 1020	948	nyrtuc.exe	WerFault.exe
PID 948 wrote to memory of 1020	948	nyrtuc.exe	WerFault.exe
PID 948 wrote to memory of 1020	948	nyrtuc.exe	WerFault.exe
PID 948 wrote to memory of 1020	948	nyrtuc.exe	WerFault.exe
PID 1452 wrote to memory of 1948	1452	nyrtuc.exe	nyrtuc.exe
PID 1452 wrote to memory of 1948	1452	nyrtuc.exe	nyrtuc.exe
PID 1452 wrote to memory of 1948	1452	nyrtuc.exe	nyrtuc.exe
PID 1452 wrote to memory of 1948	1452	nyrtuc.exe	nyrtuc.exe
PID 1452 wrote to memory of 1956	1452	nyrtuc.exe	WerFault.exe
PID 1452 wrote to memory of 1956	1452	nyrtuc.exe	WerFault.exe
PID 1452 wrote to memory of 1956	1452	nyrtuc.exe	WerFault.exe
PID 1452 wrote to memory of 1956	1452	nyrtuc.exe	WerFault.exe
PID 2004 wrote to memory of 1900	2004	nyrtuc.exe	nyrtuc.exe
PID 2004 wrote to memory of 1900	2004	nyrtuc.exe	nyrtuc.exe
PID 2004 wrote to memory of 1900	2004	nyrtuc.exe	nyrtuc.exe
PID 2004 wrote to memory of 1900	2004	nyrtuc.exe	nyrtuc.exe
PID 2004 wrote to memory of 1904	2004	nyrtuc.exe	WerFault.exe
PID 2004 wrote to memory of 1904	2004	nyrtuc.exe	WerFault.exe
PID 2004 wrote to memory of 1904	2004	nyrtuc.exe	WerFault.exe
PID 2004 wrote to memory of 1904	2004	nyrtuc.exe	WerFault.exe
PID 1792 wrote to memory of 1616	1792	nyrtuc.exe	nyrtuc.exe
PID 1792 wrote to memory of 1616	1792	nyrtuc.exe	nyrtuc.exe
PID 1792 wrote to memory of 1616	1792	nyrtuc.exe	nyrtuc.exe
PID 1792 wrote to memory of 1616	1792	nyrtuc.exe	nyrtuc.exe
PID 1792 wrote to memory of 1236	1792	nyrtuc.exe	WerFault.exe
PID 1792 wrote to memory of 1236	1792	nyrtuc.exe	WerFault.exe
PID 1792 wrote to memory of 1236	1792	nyrtuc.exe	WerFault.exe
PID 1792 wrote to memory of 1236	1792	nyrtuc.exe	WerFault.exe
PID 524 wrote to memory of 1028	524	nyrtuc.exe	nyrtuc.exe
PID 524 wrote to memory of 1028	524	nyrtuc.exe	nyrtuc.exe
PID 524 wrote to memory of 1028	524	nyrtuc.exe	nyrtuc.exe
PID 524 wrote to memory of 1028	524	nyrtuc.exe	nyrtuc.exe
PID 524 wrote to memory of 1572	524	nyrtuc.exe	WerFault.exe
PID 524 wrote to memory of 1572	524	nyrtuc.exe	WerFault.exe
PID 524 wrote to memory of 1572	524	nyrtuc.exe	WerFault.exe
PID 524 wrote to memory of 1572	524	nyrtuc.exe	WerFault.exe
PID 1644 wrote to memory of 932	1644	nyrtuc.exe	nyrtuc.exe
PID 1644 wrote to memory of 932	1644	nyrtuc.exe	nyrtuc.exe
PID 1644 wrote to memory of 932	1644	nyrtuc.exe	nyrtuc.exe
PID 1644 wrote to memory of 932	1644	nyrtuc.exe	nyrtuc.exe

C:\Users\Admin\AppData\Local\Temp\589.exe
"C:\Users\Admin\AppData\Local\Temp\589.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:812

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\4056.vbs"
2⤵
- Deletes itself
PID:956

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1852

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 276
2⤵
- Program crash
PID:2044

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1076

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 276
2⤵
- Program crash
PID:1940

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:948

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 276
2⤵
- Program crash
PID:1020

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1452

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 276
2⤵
- Program crash
PID:1956

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2004

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 276
2⤵
- Program crash
PID:1904

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1792

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 276
2⤵
- Program crash
PID:1236

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:524

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 276
2⤵
- Program crash
PID:1572

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1644

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 276
2⤵
- Program crash
PID:1504

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1204

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 276
2⤵
- Program crash
PID:576

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1956

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 276
2⤵
- Program crash
PID:112

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 276
2⤵
- Program crash
PID:848

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1996

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1724

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 276
2⤵
- Program crash
PID:1360

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1556

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 276
2⤵
- Program crash
PID:1172

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1896

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 276
2⤵
- Program crash
PID:1020

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1840

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 276
2⤵
- Program crash
PID:1056

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1676

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 276
2⤵
- Program crash
PID:1768

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1208

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 276
2⤵
- Program crash
PID:896

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1784

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 276
2⤵
- Program crash
PID:524

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:892

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 276
2⤵
- Program crash
PID:1504

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1564

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 276
2⤵
- Program crash
PID:576

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1196

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 276
2⤵
- Program crash
PID:280

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:976

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 284
2⤵
- Program crash
PID:1748

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:2044

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 276
2⤵
- Program crash
PID:1156

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1572

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 276
2⤵
- Program crash
PID:1500

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1116

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 276
2⤵
- Program crash
PID:948

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1368

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 276
2⤵
- Program crash
PID:2016

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1736

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 276
2⤵
- Program crash
PID:1676

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:2000

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 280
2⤵
- Program crash
PID:1208

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:2036

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 276
2⤵
- Program crash
PID:1616

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1940

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 276
2⤵
- Program crash
PID:892

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1928

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 276
2⤵
- Program crash
PID:1180

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:900

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
- Executes dropped EXE
PID:988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 280
2⤵
- Program crash
PID:1508

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:2012

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 276
2⤵
- Program crash
PID:2020

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:976

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 276
2⤵
- Program crash
PID:1532

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1792

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 276
2⤵
- Program crash
PID:1756

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1784

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 284
2⤵
- Program crash
PID:2024

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1504

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 276
2⤵
- Program crash
PID:860

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1180

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 276
2⤵
- Program crash
PID:1008

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:436

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 276
2⤵
- Program crash
PID:984

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1524

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 276
2⤵
- Program crash
PID:1828

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:896

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:2000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 284
2⤵
- Program crash
PID:1156

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1360

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 276
2⤵
- Program crash
PID:1272

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:2040

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 276
2⤵
- Program crash
PID:1188

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1356

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 276
2⤵
- Program crash
PID:1056

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1440

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 276
2⤵
- Program crash
PID:900

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1660

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 276
2⤵
- Program crash
PID:868

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1720

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 276
2⤵
- Program crash
PID:1532

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:528

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 276
2⤵
- Program crash
PID:2000

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1920

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 276
2⤵
- Program crash
PID:1616

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:892

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 280
2⤵
- Program crash
PID:1096

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1240

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 276
2⤵
- Program crash
PID:1564

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:316

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 276
2⤵
- Program crash
PID:900

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1764

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 276
2⤵
- Program crash
PID:1768

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1852

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 276
2⤵
- Program crash
PID:1324

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1996

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 276
2⤵
- Program crash
PID:1836

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1380

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 280
2⤵
- Program crash
PID:1548

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1896

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 276
2⤵
- Program crash
PID:1924

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1600

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 276
2⤵
- Program crash
PID:1356

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1984

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 276
2⤵
- Program crash
PID:1552

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1948

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 276
2⤵
- Program crash
PID:868

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:988

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 276
2⤵
- Program crash
PID:1532

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1956

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 276
2⤵
- Program crash
PID:1336

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1624

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 276
2⤵
- Program crash
PID:1572

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1980

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 276
2⤵
- Program crash
PID:1504

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:328

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 276
2⤵
PID:1008

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1928

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 276
2⤵
PID:1608

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:436

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 276
2⤵
PID:868

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1032

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 276
2⤵
PID:1852

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1988

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 276
2⤵
PID:2028

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:2000

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 276
2⤵
PID:1644

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1784

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 276
2⤵
PID:1020

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1684

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 276
2⤵
PID:1204

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:564

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 276
2⤵
PID:1216

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:568

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 276
2⤵
PID:2012

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1648

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 276
2⤵
PID:1916

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1712

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 284
2⤵
PID:896

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1836

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 276
2⤵
PID:1272

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:2024

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 284
2⤵
PID:640

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1132

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 276
2⤵
PID:808

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1708

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 276
2⤵
PID:1008

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1752

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 276
2⤵
PID:316

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1620

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 276
2⤵
PID:436

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:472

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 276
2⤵
PID:1032

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1496

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 276
2⤵
PID:956

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1172

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 276
2⤵
PID:1680

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:692

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 276
2⤵
PID:1036

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:320

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 276
2⤵
PID:1656

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1240

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 276
2⤵
PID:984

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:872

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 276
2⤵
PID:1848

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:976

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 276
2⤵
PID:1852

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1628

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 276
2⤵
PID:1536

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:812

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 276
2⤵
PID:1616

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:528

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 276
2⤵
PID:1388

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1624

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 276
2⤵
PID:1816

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1188

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe Win7
2⤵
PID:596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 276
2⤵
PID:1516

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:984

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\4056.vbs
Filesize
500B

MD5
1660bd4e6700bad46cdd230d49ef0a21

SHA1
772b03c47faf1774b867530981199fd8161a2c74

SHA256
8c3828c7611890be713f99b56efab77def8adacd1c497a853726cfcc3efb3bbb

SHA512
565a62f9d1017fc29b983d3b6012d46efaf4517132099932f1b1f93962ded1825420332c891082a1ac2844385f814c1b5facaaa2a923438a7cb8b80ec4b42ef3

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe
Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
memory/112-197-0x0000000000000000-mapping.dmp

Download
memory/280-351-0x0000000000000000-mapping.dmp

Download
memory/316-405-0x0000000000000000-mapping.dmp

Download
memory/436-251-0x0000000000000000-mapping.dmp

Download
memory/436-335-0x0000000000000000-mapping.dmp

Download
memory/524-309-0x0000000000000000-mapping.dmp

Download
memory/576-337-0x0000000000000000-mapping.dmp

Download
memory/576-182-0x0000000000000000-mapping.dmp

Download
memory/812-55-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/812-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download
memory/848-211-0x0000000000000000-mapping.dmp

Download
memory/868-349-0x0000000000000000-mapping.dmp

Download
memory/868-265-0x0000000000000000-mapping.dmp

Download
memory/892-477-0x0000000000000000-mapping.dmp

Download
memory/896-295-0x0000000000000000-mapping.dmp

Download
memory/932-167-0x0000000000000000-mapping.dmp

Download
memory/948-407-0x0000000000000000-mapping.dmp

Download
memory/956-461-0x0000000000000000-mapping.dmp

Download
memory/956-65-0x0000000000000000-mapping.dmp

Download
memory/988-195-0x0000000000000000-mapping.dmp

Download
memory/988-502-0x0000000000000000-mapping.dmp

Download
memory/1020-253-0x0000000000000000-mapping.dmp

Download
memory/1020-99-0x0000000000000000-mapping.dmp

Download
memory/1028-153-0x0000000000000000-mapping.dmp

Download
memory/1056-267-0x0000000000000000-mapping.dmp

Download
memory/1096-223-0x0000000000000000-mapping.dmp

Download
memory/1096-307-0x0000000000000000-mapping.dmp

Download
memory/1096-391-0x0000000000000000-mapping.dmp

Download
memory/1156-379-0x0000000000000000-mapping.dmp

Download
memory/1164-69-0x0000000000000000-mapping.dmp

Download
memory/1172-238-0x0000000000000000-mapping.dmp

Download
memory/1180-491-0x0000000000000000-mapping.dmp

Download
memory/1208-449-0x0000000000000000-mapping.dmp

Download
memory/1236-141-0x0000000000000000-mapping.dmp

Download
memory/1360-225-0x0000000000000000-mapping.dmp

Download
memory/1368-181-0x0000000000000000-mapping.dmp

Download
memory/1388-321-0x0000000000000000-mapping.dmp

Download
memory/1500-393-0x0000000000000000-mapping.dmp

Download
memory/1504-169-0x0000000000000000-mapping.dmp

Download
memory/1504-323-0x0000000000000000-mapping.dmp

Download
memory/1508-419-0x0000000000000000-mapping.dmp

Download
memory/1508-97-0x0000000000000000-mapping.dmp

Download
memory/1524-433-0x0000000000000000-mapping.dmp

Download
memory/1572-155-0x0000000000000000-mapping.dmp

Download
memory/1588-447-0x0000000000000000-mapping.dmp

Download
memory/1616-139-0x0000000000000000-mapping.dmp

Download
memory/1616-462-0x0000000000000000-mapping.dmp

Download
memory/1628-279-0x0000000000000000-mapping.dmp

Download
memory/1628-363-0x0000000000000000-mapping.dmp

Download
memory/1636-83-0x0000000000000000-mapping.dmp

Download
memory/1676-435-0x0000000000000000-mapping.dmp

Download
memory/1708-475-0x0000000000000000-mapping.dmp

Download
memory/1748-365-0x0000000000000000-mapping.dmp

Download
memory/1768-281-0x0000000000000000-mapping.dmp

Download
memory/1900-125-0x0000000000000000-mapping.dmp

Download
memory/1904-127-0x0000000000000000-mapping.dmp

Download
memory/1908-489-0x0000000000000000-mapping.dmp

Download
memory/1940-85-0x0000000000000000-mapping.dmp

Download
memory/1948-111-0x0000000000000000-mapping.dmp

Download
memory/1956-113-0x0000000000000000-mapping.dmp

Download
memory/1996-377-0x0000000000000000-mapping.dmp

Download
memory/1996-293-0x0000000000000000-mapping.dmp

Download
memory/1996-209-0x0000000000000000-mapping.dmp

Download
memory/2016-421-0x0000000000000000-mapping.dmp

Download
memory/2040-237-0x0000000000000000-mapping.dmp

Download
memory/2044-71-0x0000000000000000-mapping.dmp

Download