gh0strat | ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

Analysis

max time kernel
150s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
09-05-2022 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

589.exe
Size

216KB
MD5

a824640862ea34979abb4d80f2ee07b1
SHA1

529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed
SHA256

ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21
SHA512

99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Score

10^/10

gh0strat rat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/812-55-0x0000000010000000-0x0000000010033000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat

Executes dropped EXE 64 IoCs

Processes:

nyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exe

pid	Process
1852	nyrtuc.exe
1164	nyrtuc.exe
1076	nyrtuc.exe
1636	nyrtuc.exe
948	nyrtuc.exe
1508	nyrtuc.exe
1452	nyrtuc.exe
1948	nyrtuc.exe
2004	nyrtuc.exe
1900	nyrtuc.exe
1792	nyrtuc.exe
1616	nyrtuc.exe
524	nyrtuc.exe
1028	nyrtuc.exe
1644	nyrtuc.exe
932	nyrtuc.exe
1204	nyrtuc.exe
1368	nyrtuc.exe
1956	nyrtuc.exe
988	nyrtuc.exe
1764	nyrtuc.exe
1996	nyrtuc.exe
1724	nyrtuc.exe
1096	nyrtuc.exe
1556	nyrtuc.exe
2040	nyrtuc.exe
1896	nyrtuc.exe
436	nyrtuc.exe
1840	nyrtuc.exe
868	nyrtuc.exe
1676	nyrtuc.exe
1628	nyrtuc.exe
1208	nyrtuc.exe
1996	nyrtuc.exe
1784	nyrtuc.exe
1096	nyrtuc.exe
892	nyrtuc.exe
1388	nyrtuc.exe
1564	nyrtuc.exe
436	nyrtuc.exe
1196	nyrtuc.exe
868	nyrtuc.exe
976	nyrtuc.exe
1628	nyrtuc.exe
2044	nyrtuc.exe
1996	nyrtuc.exe
1572	nyrtuc.exe
1096	nyrtuc.exe
1116	nyrtuc.exe
316	nyrtuc.exe
1368	nyrtuc.exe
1508	nyrtuc.exe
1736	nyrtuc.exe
1524	nyrtuc.exe
2000	nyrtuc.exe
1588	nyrtuc.exe
2036	nyrtuc.exe
956	nyrtuc.exe
1940	nyrtuc.exe
1708	nyrtuc.exe
1928	nyrtuc.exe
1908	nyrtuc.exe
900	nyrtuc.exe
988	nyrtuc.exe

Deletes itself 1 IoCs

Processes:

WScript.exe

pid	Process
956	WScript.exe

Drops file in Windows directory 2 IoCs

Processes:

589.exe

description	ioc	Process
File created	C:\Windows\nyrtuc.exe	589.exe
File opened for modification	C:\Windows\nyrtuc.exe	589.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	Process	procid_target
2044	1852	WerFault.exe	27
1940	1076	WerFault.exe	31
1020	948	WerFault.exe	34
1956	1452	WerFault.exe	37
1904	2004	WerFault.exe	40
1236	1792	WerFault.exe	43
1572	524	WerFault.exe	46
1504	1644	WerFault.exe	49
576	1204	WerFault.exe	52
112	1956	WerFault.exe	55
848	1764	WerFault.exe	58
1360	1724	WerFault.exe	61
1172	1556	WerFault.exe	64
1020	1896	WerFault.exe	67
1056	1840	WerFault.exe	70
1768	1676	WerFault.exe	73
896	1208	WerFault.exe	76
524	1784	WerFault.exe	79
1504	892	WerFault.exe	82
576	1564	WerFault.exe	85
280	1196	WerFault.exe	88
1748	976	WerFault.exe	91
1156	2044	WerFault.exe	94
1500	1572	WerFault.exe	97
948	1116	WerFault.exe	100
2016	1368	WerFault.exe	103
1676	1736	WerFault.exe	106
1208	2000	WerFault.exe	109
1616	2036	WerFault.exe	112
892	1940	WerFault.exe	115
1180	1928	WerFault.exe	118
1508	900	WerFault.exe	121
2020	2012	WerFault.exe	124
1532	976	WerFault.exe	127
1756	1792	WerFault.exe	130
2024	1784	WerFault.exe	133
860	1504	WerFault.exe	136
1008	1180	WerFault.exe	139
984	436	WerFault.exe	142
1828	1524	WerFault.exe	145
1156	896	WerFault.exe	148
1272	1360	WerFault.exe	151
1188	2040	WerFault.exe	154
1056	1356	WerFault.exe	157
900	1440	WerFault.exe	160
868	1660	WerFault.exe	163
1532	1720	WerFault.exe	166
2000	528	WerFault.exe	169
1616	1920	WerFault.exe	172
1096	892	WerFault.exe	175
1564	1240	WerFault.exe	178
900	316	WerFault.exe	181
1768	1764	WerFault.exe	184
1324	1852	WerFault.exe	187
1836	1996	WerFault.exe	190
1548	1380	WerFault.exe	193
1924	1896	WerFault.exe	196
1356	1600	WerFault.exe	199
1552	1984	WerFault.exe	202
868	1948	WerFault.exe	205
1532	988	WerFault.exe	208
1336	1956	WerFault.exe	211
1572	1624	WerFault.exe	214
1504	1980	WerFault.exe	217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

nyrtuc.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	nyrtuc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	nyrtuc.exe

Modifies data under HKEY_USERS 6 IoCs

Processes:

nyrtuc.exe

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum	nyrtuc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	nyrtuc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	nyrtuc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie	nyrtuc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum	nyrtuc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum\Version = "7"	nyrtuc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

nyrtuc.exe

pid	Process
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe
1164	nyrtuc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

589.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exenyrtuc.exe

description	pid	Process	procid_target
PID 812 wrote to memory of 956	812	589.exe	28
PID 812 wrote to memory of 956	812	589.exe	28
PID 812 wrote to memory of 956	812	589.exe	28
PID 812 wrote to memory of 956	812	589.exe	28
PID 1852 wrote to memory of 1164	1852	nyrtuc.exe	29
PID 1852 wrote to memory of 1164	1852	nyrtuc.exe	29
PID 1852 wrote to memory of 1164	1852	nyrtuc.exe	29
PID 1852 wrote to memory of 1164	1852	nyrtuc.exe	29
PID 1852 wrote to memory of 2044	1852	nyrtuc.exe	30
PID 1852 wrote to memory of 2044	1852	nyrtuc.exe	30
PID 1852 wrote to memory of 2044	1852	nyrtuc.exe	30
PID 1852 wrote to memory of 2044	1852	nyrtuc.exe	30
PID 1076 wrote to memory of 1636	1076	nyrtuc.exe	32
PID 1076 wrote to memory of 1636	1076	nyrtuc.exe	32
PID 1076 wrote to memory of 1636	1076	nyrtuc.exe	32
PID 1076 wrote to memory of 1636	1076	nyrtuc.exe	32
PID 1076 wrote to memory of 1940	1076	nyrtuc.exe	33
PID 1076 wrote to memory of 1940	1076	nyrtuc.exe	33
PID 1076 wrote to memory of 1940	1076	nyrtuc.exe	33
PID 1076 wrote to memory of 1940	1076	nyrtuc.exe	33
PID 948 wrote to memory of 1508	948	nyrtuc.exe	35
PID 948 wrote to memory of 1508	948	nyrtuc.exe	35
PID 948 wrote to memory of 1508	948	nyrtuc.exe	35
PID 948 wrote to memory of 1508	948	nyrtuc.exe	35
PID 948 wrote to memory of 1020	948	nyrtuc.exe	36
PID 948 wrote to memory of 1020	948	nyrtuc.exe	36
PID 948 wrote to memory of 1020	948	nyrtuc.exe	36
PID 948 wrote to memory of 1020	948	nyrtuc.exe	36
PID 1452 wrote to memory of 1948	1452	nyrtuc.exe	38
PID 1452 wrote to memory of 1948	1452	nyrtuc.exe	38
PID 1452 wrote to memory of 1948	1452	nyrtuc.exe	38
PID 1452 wrote to memory of 1948	1452	nyrtuc.exe	38
PID 1452 wrote to memory of 1956	1452	nyrtuc.exe	39
PID 1452 wrote to memory of 1956	1452	nyrtuc.exe	39
PID 1452 wrote to memory of 1956	1452	nyrtuc.exe	39
PID 1452 wrote to memory of 1956	1452	nyrtuc.exe	39
PID 2004 wrote to memory of 1900	2004	nyrtuc.exe	41
PID 2004 wrote to memory of 1900	2004	nyrtuc.exe	41
PID 2004 wrote to memory of 1900	2004	nyrtuc.exe	41
PID 2004 wrote to memory of 1900	2004	nyrtuc.exe	41
PID 2004 wrote to memory of 1904	2004	nyrtuc.exe	42
PID 2004 wrote to memory of 1904	2004	nyrtuc.exe	42
PID 2004 wrote to memory of 1904	2004	nyrtuc.exe	42
PID 2004 wrote to memory of 1904	2004	nyrtuc.exe	42
PID 1792 wrote to memory of 1616	1792	nyrtuc.exe	44
PID 1792 wrote to memory of 1616	1792	nyrtuc.exe	44
PID 1792 wrote to memory of 1616	1792	nyrtuc.exe	44
PID 1792 wrote to memory of 1616	1792	nyrtuc.exe	44
PID 1792 wrote to memory of 1236	1792	nyrtuc.exe	45
PID 1792 wrote to memory of 1236	1792	nyrtuc.exe	45
PID 1792 wrote to memory of 1236	1792	nyrtuc.exe	45
PID 1792 wrote to memory of 1236	1792	nyrtuc.exe	45
PID 524 wrote to memory of 1028	524	nyrtuc.exe	47
PID 524 wrote to memory of 1028	524	nyrtuc.exe	47
PID 524 wrote to memory of 1028	524	nyrtuc.exe	47
PID 524 wrote to memory of 1028	524	nyrtuc.exe	47
PID 524 wrote to memory of 1572	524	nyrtuc.exe	48
PID 524 wrote to memory of 1572	524	nyrtuc.exe	48
PID 524 wrote to memory of 1572	524	nyrtuc.exe	48
PID 524 wrote to memory of 1572	524	nyrtuc.exe	48
PID 1644 wrote to memory of 932	1644	nyrtuc.exe	50
PID 1644 wrote to memory of 932	1644	nyrtuc.exe	50
PID 1644 wrote to memory of 932	1644	nyrtuc.exe	50
PID 1644 wrote to memory of 932	1644	nyrtuc.exe	50

C:\Users\Admin\AppData\Local\Temp\589.exe
"C:\Users\Admin\AppData\Local\Temp\589.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:812
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\4056.vbs"
  2⤵
  - Deletes itself
  PID:956

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:1164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 276
  2⤵
  - Program crash
  PID:2044

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 276
  2⤵
  - Program crash
  PID:1940

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 276
  2⤵
  - Program crash
  PID:1020

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 276
  2⤵
  - Program crash
  PID:1956

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 276
  2⤵
  - Program crash
  PID:1904

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 276
  2⤵
  - Program crash
  PID:1236

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:524
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 276
  2⤵
  - Program crash
  PID:1572

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 276
  2⤵
  - Program crash
  PID:1504

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1204
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 276
  2⤵
  - Program crash
  PID:576

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1956
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 276
  2⤵
  - Program crash
  PID:112

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 276
  2⤵
  - Program crash
  PID:848
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1996

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1724
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 276
  2⤵
  - Program crash
  PID:1360

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1556
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 276
  2⤵
  - Program crash
  PID:1172

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1896
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 276
  2⤵
  - Program crash
  PID:1020

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1840
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 276
  2⤵
  - Program crash
  PID:1056

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1676
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 276
  2⤵
  - Program crash
  PID:1768

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1208
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 276
  2⤵
  - Program crash
  PID:896

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1784
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 276
  2⤵
  - Program crash
  PID:524

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:892
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 276
  2⤵
  - Program crash
  PID:1504

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1564
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 276
  2⤵
  - Program crash
  PID:576

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1196
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 276
  2⤵
  - Program crash
  PID:280

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:976
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 284
  2⤵
  - Program crash
  PID:1748

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:2044
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 276
  2⤵
  - Program crash
  PID:1156

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1572
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 276
  2⤵
  - Program crash
  PID:1500

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1116
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 276
  2⤵
  - Program crash
  PID:948

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1368
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 276
  2⤵
  - Program crash
  PID:2016

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1736
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 276
  2⤵
  - Program crash
  PID:1676

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:2000
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 280
  2⤵
  - Program crash
  PID:1208

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:2036
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 276
  2⤵
  - Program crash
  PID:1616

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1940
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 276
  2⤵
  - Program crash
  PID:892

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:1928
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 276
  2⤵
  - Program crash
  PID:1180

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
- Executes dropped EXE
PID:900
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 280
  2⤵
  - Program crash
  PID:1508

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:2012
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 276
  2⤵
  - Program crash
  PID:2020

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:976
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 276
  2⤵
  - Program crash
  PID:1532

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1792
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 276
  2⤵
  - Program crash
  PID:1756

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1784
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1096
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 284
  2⤵
  - Program crash
  PID:2024

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1504
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 276
  2⤵
  - Program crash
  PID:860

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1180
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 276
  2⤵
  - Program crash
  PID:1008

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:436
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1584
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 276
  2⤵
  - Program crash
  PID:984

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1524
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 276
  2⤵
  - Program crash
  PID:1828

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:896
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 284
  2⤵
  - Program crash
  PID:1156

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1360
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 276
  2⤵
  - Program crash
  PID:1272

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:2040
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 276
  2⤵
  - Program crash
  PID:1188

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1356
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 276
  2⤵
  - Program crash
  PID:1056

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1440
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 276
  2⤵
  - Program crash
  PID:900

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1660
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:988
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 276
  2⤵
  - Program crash
  PID:868

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1720
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 276
  2⤵
  - Program crash
  PID:1532

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:528
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 276
  2⤵
  - Program crash
  PID:2000

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1920
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 276
  2⤵
  - Program crash
  PID:1616

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:892
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 280
  2⤵
  - Program crash
  PID:1096

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1240
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 276
  2⤵
  - Program crash
  PID:1564

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:316
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 276
  2⤵
  - Program crash
  PID:900

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1764
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 276
  2⤵
  - Program crash
  PID:1768

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1852
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:812
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 276
  2⤵
  - Program crash
  PID:1324

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1996
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1076
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 276
  2⤵
  - Program crash
  PID:1836

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1380
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 280
  2⤵
  - Program crash
  PID:1548

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1896
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 276
  2⤵
  - Program crash
  PID:1924

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1600
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1056
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 276
  2⤵
  - Program crash
  PID:1356

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1984
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 276
  2⤵
  - Program crash
  PID:1552

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1948
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 276
  2⤵
  - Program crash
  PID:868

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:988
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:2008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 276
  2⤵
  - Program crash
  PID:1532

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1956
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 276
  2⤵
  - Program crash
  PID:1336

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1624
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:588
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 276
  2⤵
  - Program crash
  PID:1572

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1980
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1168
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 276
  2⤵
  - Program crash
  PID:1504

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:328
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 276
  2⤵
  PID:1008

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1928
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1552
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 276
  2⤵
  PID:1608

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:436
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 276
  2⤵
  PID:868

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1032
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 276
  2⤵
  PID:1852

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1988
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 276
  2⤵
  PID:2028

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:2000
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 276
  2⤵
  PID:1644

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1784
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1188
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 276
  2⤵
  PID:1020

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1684
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 276
  2⤵
  PID:1204

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:564
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 276
  2⤵
  PID:1216

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:568
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1552
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 276
  2⤵
  PID:2012

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1648
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 276
  2⤵
  PID:1916

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1712
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 284
  2⤵
  PID:896

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1836
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 276
  2⤵
  PID:1272

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:2024
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1500
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 284
  2⤵
  PID:640

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1132
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1188
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 276
  2⤵
  PID:808

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1708
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 276
  2⤵
  PID:1008

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1752
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 276
  2⤵
  PID:316

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1620
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1552
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 276
  2⤵
  PID:436

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:472
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 276
  2⤵
  PID:1032

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1496
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 276
  2⤵
  PID:956

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1172
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1076
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 276
  2⤵
  PID:1680

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:692
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 276
  2⤵
  PID:1036

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:320
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 276
  2⤵
  PID:1656

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1240
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1368
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 276
  2⤵
  PID:984

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:872
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 276
  2⤵
  PID:1848

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:976
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1156
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 276
  2⤵
  PID:1852

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1628
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1720
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 276
  2⤵
  PID:1536

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:812
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 276
  2⤵
  PID:1616

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:528
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 276
  2⤵
  PID:1388

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1624
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:1896
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 276
  2⤵
  PID:1816

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:1188
- C:\Windows\nyrtuc.exe
  C:\Windows\nyrtuc.exe Win7
  2⤵
  PID:596
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 276
  2⤵
  PID:1516

C:\Windows\nyrtuc.exe
C:\Windows\nyrtuc.exe
1⤵
PID:984

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\4056.vbs

Filesize
500B

MD5
1660bd4e6700bad46cdd230d49ef0a21

SHA1
772b03c47faf1774b867530981199fd8161a2c74

SHA256
8c3828c7611890be713f99b56efab77def8adacd1c497a853726cfcc3efb3bbb

SHA512
565a62f9d1017fc29b983d3b6012d46efaf4517132099932f1b1f93962ded1825420332c891082a1ac2844385f814c1b5facaaa2a923438a7cb8b80ec4b42ef3

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
C:\Windows\nyrtuc.exe

Filesize
216KB

MD5
a824640862ea34979abb4d80f2ee07b1

SHA1
529fbd21cf1eb8cdbd5cbc9c59c074cebd8262ed

SHA256
ca15a055b2e1d06a8fbd3a22341aeda29bbc19688b778dc3a15c615f0367bc21

SHA512
99913dfc1b95b04d76df0705d1c17d01ba54a9d4f3c0cdcd8e96763ad72933489ac7793b87926542aa5f63ae58fb0899605432913daada556ffbc4c8e279339e

Download Submit
memory/112-197-0x0000000000000000-mapping.dmp

Download
memory/280-351-0x0000000000000000-mapping.dmp

Download
memory/316-405-0x0000000000000000-mapping.dmp

Download
memory/436-251-0x0000000000000000-mapping.dmp

Download
memory/436-335-0x0000000000000000-mapping.dmp

Download
memory/524-309-0x0000000000000000-mapping.dmp

Download
memory/576-337-0x0000000000000000-mapping.dmp

Download
memory/576-182-0x0000000000000000-mapping.dmp

Download
memory/812-55-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/812-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download
memory/848-211-0x0000000000000000-mapping.dmp

Download
memory/868-349-0x0000000000000000-mapping.dmp

Download
memory/868-265-0x0000000000000000-mapping.dmp

Download
memory/892-477-0x0000000000000000-mapping.dmp

Download
memory/896-295-0x0000000000000000-mapping.dmp

Download
memory/932-167-0x0000000000000000-mapping.dmp

Download
memory/948-407-0x0000000000000000-mapping.dmp

Download
memory/956-461-0x0000000000000000-mapping.dmp

Download
memory/956-65-0x0000000000000000-mapping.dmp

Download
memory/988-195-0x0000000000000000-mapping.dmp

Download
memory/988-502-0x0000000000000000-mapping.dmp

Download
memory/1020-253-0x0000000000000000-mapping.dmp

Download
memory/1020-99-0x0000000000000000-mapping.dmp

Download
memory/1028-153-0x0000000000000000-mapping.dmp

Download
memory/1056-267-0x0000000000000000-mapping.dmp

Download
memory/1096-223-0x0000000000000000-mapping.dmp

Download
memory/1096-307-0x0000000000000000-mapping.dmp

Download
memory/1096-391-0x0000000000000000-mapping.dmp

Download
memory/1156-379-0x0000000000000000-mapping.dmp

Download
memory/1164-69-0x0000000000000000-mapping.dmp

Download
memory/1172-238-0x0000000000000000-mapping.dmp

Download
memory/1180-491-0x0000000000000000-mapping.dmp

Download
memory/1208-449-0x0000000000000000-mapping.dmp

Download
memory/1236-141-0x0000000000000000-mapping.dmp

Download
memory/1360-225-0x0000000000000000-mapping.dmp

Download
memory/1368-181-0x0000000000000000-mapping.dmp

Download
memory/1388-321-0x0000000000000000-mapping.dmp

Download
memory/1500-393-0x0000000000000000-mapping.dmp

Download
memory/1504-169-0x0000000000000000-mapping.dmp

Download
memory/1504-323-0x0000000000000000-mapping.dmp

Download
memory/1508-419-0x0000000000000000-mapping.dmp

Download
memory/1508-97-0x0000000000000000-mapping.dmp

Download
memory/1524-433-0x0000000000000000-mapping.dmp

Download
memory/1572-155-0x0000000000000000-mapping.dmp

Download
memory/1588-447-0x0000000000000000-mapping.dmp

Download
memory/1616-139-0x0000000000000000-mapping.dmp

Download
memory/1616-462-0x0000000000000000-mapping.dmp

Download
memory/1628-279-0x0000000000000000-mapping.dmp

Download
memory/1628-363-0x0000000000000000-mapping.dmp

Download
memory/1636-83-0x0000000000000000-mapping.dmp

Download
memory/1676-435-0x0000000000000000-mapping.dmp

Download
memory/1708-475-0x0000000000000000-mapping.dmp

Download
memory/1748-365-0x0000000000000000-mapping.dmp

Download
memory/1768-281-0x0000000000000000-mapping.dmp

Download
memory/1900-125-0x0000000000000000-mapping.dmp

Download
memory/1904-127-0x0000000000000000-mapping.dmp

Download
memory/1908-489-0x0000000000000000-mapping.dmp

Download
memory/1940-85-0x0000000000000000-mapping.dmp

Download
memory/1948-111-0x0000000000000000-mapping.dmp

Download
memory/1956-113-0x0000000000000000-mapping.dmp

Download
memory/1996-377-0x0000000000000000-mapping.dmp

Download
memory/1996-293-0x0000000000000000-mapping.dmp

Download
memory/1996-209-0x0000000000000000-mapping.dmp

Download
memory/2016-421-0x0000000000000000-mapping.dmp

Download
memory/2040-237-0x0000000000000000-mapping.dmp

Download
memory/2044-71-0x0000000000000000-mapping.dmp

Download