303a535019df334895e52688b5fad86b12b2a47cb46161aec1f3c7d52f793e79

Analysis

max time kernel
158s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.505d95b2631feecee7c33bcd02e415a0.exe
Size

119KB
MD5

505d95b2631feecee7c33bcd02e415a0
SHA1

fecda142134db51d2ede9c9be0f0f6648515071b
SHA256

303a535019df334895e52688b5fad86b12b2a47cb46161aec1f3c7d52f793e79
SHA512

710de8619085a7c35483ea66221489f931a54398146835be996cd305705dd21a2577a43682b3941ff354469c0d87e8b01fd969220ae3c0df98cbf6d8eb49f1bc
SSDEEP

3072:GPy1hgK1z31oWLmqvLEDzqrj8JB+IfBtvd1BHB:vaQ1oWLm2LED+v8PfBpd1BHB

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2180	urdvxc.exe

Executes dropped EXE 5 IoCs

pid	Process
1064	urdvxc.exe
3140	urdvxc.exe
3424	urdvxc.exe
2180	urdvxc.exe
1096	urdvxc.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\urdvxc.exe	urdvxc.exe
File created	C:\Windows\SysWOW64\urdvxc.exe	NEAS.505d95b2631feecee7c33bcd02e415a0.exe
File opened for modification	C:\Windows\SysWOW64\urdvxc.exe	NEAS.505d95b2631feecee7c33bcd02e415a0.exe
File created	C:\Windows\SysWOW64\urdvxc.exe	urdvxc.exe

Drops file in Program Files directory 25 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\rvhrjtnt.exe	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Java\jre-1.8\hcjzqenb.exe	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\revhnlhn.exe	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\chllsvtv.exe	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\tsbknceh.exe	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	urdvxc.exe

Modifies registry class 44 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\ = "rnvkcszcjexjctkk"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\chllsvtv.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32\ = "C:\\Program Files\\Java\\jre-1.8\\hcjzqenb.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\Office16\\PersonaSpy\\tsbknceh.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\ = "kllqntbjsbhttenk"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "hqrtvnzkbhvchshj"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5420C6E-6D8F-5F08-5B45-446692F3C390}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.505d95b2631feecee7c33bcd02e415a0.exe"	NEAS.505d95b2631feecee7c33bcd02e415a0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5420C6E-6D8F-5F08-5B45-446692F3C390}\ = "vswswbbwzjejblhh"	NEAS.505d95b2631feecee7c33bcd02e415a0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "wqhhqwzvsktkznle"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "bqcwztlsnrecllvt"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\ = "rjshhsksnrsqtvnj"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "nzbekbkcjwbsjsll"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5420C6E-6D8F-5F08-5B45-446692F3C390}	NEAS.505d95b2631feecee7c33bcd02e415a0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "khvhnlbksrkhnntx"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\jre\\revhnlhn.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\ = "vesbkerchjkscbel"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5420C6E-6D8F-5F08-5B45-446692F3C390}\LocalServer32	NEAS.505d95b2631feecee7c33bcd02e415a0.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\ = "esbttwnnstkbzcst"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\rvhrjtnt.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1064	urdvxc.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 1064	4212	NEAS.505d95b2631feecee7c33bcd02e415a0.exe	91
PID 4212 wrote to memory of 1064	4212	NEAS.505d95b2631feecee7c33bcd02e415a0.exe	91
PID 4212 wrote to memory of 1064	4212	NEAS.505d95b2631feecee7c33bcd02e415a0.exe	91
PID 4212 wrote to memory of 3140	4212	NEAS.505d95b2631feecee7c33bcd02e415a0.exe	92
PID 4212 wrote to memory of 3140	4212	NEAS.505d95b2631feecee7c33bcd02e415a0.exe	92
PID 4212 wrote to memory of 3140	4212	NEAS.505d95b2631feecee7c33bcd02e415a0.exe	92
PID 4212 wrote to memory of 2180	4212	NEAS.505d95b2631feecee7c33bcd02e415a0.exe	94
PID 4212 wrote to memory of 2180	4212	NEAS.505d95b2631feecee7c33bcd02e415a0.exe	94
PID 4212 wrote to memory of 2180	4212	NEAS.505d95b2631feecee7c33bcd02e415a0.exe	94

C:\Users\Admin\AppData\Local\Temp\NEAS.505d95b2631feecee7c33bcd02e415a0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.505d95b2631feecee7c33bcd02e415a0.exe"
1⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /installservice
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:1064
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /start
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:3140
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\NEAS.505d95b2631feecee7c33bcd02e415a0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Modifies registry class
  PID:2180

C:\Windows\SysWOW64\urdvxc.exe
"C:\Windows\SysWOW64\urdvxc.exe" /service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:3424

C:\Windows\SysWOW64\urdvxc.exe
"C:\Windows\SysWOW64\urdvxc.exe" /service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk-1.8\README.html

Filesize
263B

MD5
8e0789ff750b413c70a9b109432cf0ba

SHA1
84c429f3b741a44bced2a137ee62254348e89da6

SHA256
f37026c18146ffd616868fc2b6b18bd1d4d35d701a99d1eb1e3b0974c01079b1

SHA512
36b4cd6cb7854ed594ab3e1918731e2ad76fc3dab376f691518a2fb19fc8d1edd6f512846fbb171123dac0f661444a84c112dad014477fb7f6420dc03700a899

Download Submit
C:\Program Files\Java\jdk-1.8\jre\Welcome.html

Filesize
1KB

MD5
2fe21944034eb6b2b24f4bed8b1bee2c

SHA1
b53bb2babe0c2fe682a2e1c05d79dcf4fedf15a1

SHA256
6ffa2002e97816536eb55bef0ba11402fda791a3c4e7fa42f15f64967cdf1e9e

SHA512
4ac42b5d64d2f98e652a269a78bc012caf340fe43e7ef97fae58a1437b7360b05b949637c061d1ce818a2ca789c6db09d9c432efbe5dd8f7ee938f81976725eb

Download Submit
C:\Program Files\Java\jre-1.8\Welcome.html

Filesize
1KB

MD5
95f69e6e9f61b657cd77e222058b38e1

SHA1
985529656adf9f5ccaad017b0e6c58dae052e3f3

SHA256
a22037d6fa3155c7d8802069959c3e79cb6e5c789156528a814af3310f4ac7d2

SHA512
561a82cf12ec7898334647734cd8c32f1a79ca7627116f1ba7fd7954e7e3099b89dfd1a73829660e714bb926513b811fbf08d356cb1342572b55d7689bd1b35a

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
119KB

MD5
505d95b2631feecee7c33bcd02e415a0

SHA1
fecda142134db51d2ede9c9be0f0f6648515071b

SHA256
303a535019df334895e52688b5fad86b12b2a47cb46161aec1f3c7d52f793e79

SHA512
710de8619085a7c35483ea66221489f931a54398146835be996cd305705dd21a2577a43682b3941ff354469c0d87e8b01fd969220ae3c0df98cbf6d8eb49f1bc

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
119KB

MD5
505d95b2631feecee7c33bcd02e415a0

SHA1
fecda142134db51d2ede9c9be0f0f6648515071b

SHA256
303a535019df334895e52688b5fad86b12b2a47cb46161aec1f3c7d52f793e79

SHA512
710de8619085a7c35483ea66221489f931a54398146835be996cd305705dd21a2577a43682b3941ff354469c0d87e8b01fd969220ae3c0df98cbf6d8eb49f1bc

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
119KB

MD5
505d95b2631feecee7c33bcd02e415a0

SHA1
fecda142134db51d2ede9c9be0f0f6648515071b

SHA256
303a535019df334895e52688b5fad86b12b2a47cb46161aec1f3c7d52f793e79

SHA512
710de8619085a7c35483ea66221489f931a54398146835be996cd305705dd21a2577a43682b3941ff354469c0d87e8b01fd969220ae3c0df98cbf6d8eb49f1bc

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
119KB

MD5
505d95b2631feecee7c33bcd02e415a0

SHA1
fecda142134db51d2ede9c9be0f0f6648515071b

SHA256
303a535019df334895e52688b5fad86b12b2a47cb46161aec1f3c7d52f793e79

SHA512
710de8619085a7c35483ea66221489f931a54398146835be996cd305705dd21a2577a43682b3941ff354469c0d87e8b01fd969220ae3c0df98cbf6d8eb49f1bc

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
119KB

MD5
505d95b2631feecee7c33bcd02e415a0

SHA1
fecda142134db51d2ede9c9be0f0f6648515071b

SHA256
303a535019df334895e52688b5fad86b12b2a47cb46161aec1f3c7d52f793e79

SHA512
710de8619085a7c35483ea66221489f931a54398146835be996cd305705dd21a2577a43682b3941ff354469c0d87e8b01fd969220ae3c0df98cbf6d8eb49f1bc

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
119KB

MD5
505d95b2631feecee7c33bcd02e415a0

SHA1
fecda142134db51d2ede9c9be0f0f6648515071b

SHA256
303a535019df334895e52688b5fad86b12b2a47cb46161aec1f3c7d52f793e79

SHA512
710de8619085a7c35483ea66221489f931a54398146835be996cd305705dd21a2577a43682b3941ff354469c0d87e8b01fd969220ae3c0df98cbf6d8eb49f1bc

Download Submit
memory/1064-6-0x0000000000440000-0x000000000045F000-memory.dmp

Filesize
124KB

Download
memory/1064-12-0x0000000000440000-0x000000000045F000-memory.dmp

Filesize
124KB

Download
memory/1096-2297-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/1096-1898-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/2180-28-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/3140-9-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/3424-47-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-54-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-24-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-25-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-26-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-29-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-22-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-11-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-14-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-13-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-30-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-31-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-32-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-33-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-34-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-35-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-36-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-37-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-38-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-39-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-41-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-42-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-43-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-44-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-45-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-23-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-46-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-48-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-50-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-51-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-52-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-53-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-55-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-20-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-57-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-58-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-59-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-61-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-62-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-63-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-60-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-64-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-56-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-49-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-40-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-66-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-67-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-68-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-69-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-70-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-65-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-71-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-72-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-73-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-75-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-76-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-78-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-79-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-77-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-74-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-233-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-1896-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-18-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/3424-19-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/4212-27-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/4212-8-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4212-1-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/4212-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download