danabot | fe2d28e32b08fafd6fd9e6be8920466191ab596a89b06391f7c178574d138e77

Analysis

max time kernel
150s
max time network
137s
platform
windows10_x64
resource
win10v200430
submitted
24-06-2020 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exe
Size

2.6MB
MD5

4302d6701fb63bcedfa03978e71df2a8
SHA1

8495e73f641e50a7a8bbe6208dc3cbbfc9617b87
SHA256

fe2d28e32b08fafd6fd9e6be8920466191ab596a89b06391f7c178574d138e77
SHA512

c6afb79d0d6864f533ceab99b7bd60e9a7b66ea01f8fc4174a6af27015b9fde08832c9ac2318138d664b8660a3bdfbd606574c0ecc3eeaa65fb542e0df55a37c

Score

10^/10

danabot banker botnet discovery persistence spyware stealer trojan

Malware Config

Extracted

Family

danabot

92.204.160.126

193.34.166.26

93.115.22.159

93.115.22.165

185.227.138.52

37.120.145.243

195.133.147.230

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot x86 payload 10 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\SECURI~1.DLL	family_danabot
\Users\Admin\AppData\Local\Temp\SECURI~1.DLL	family_danabot
\Users\Admin\AppData\Local\Temp\SECURI~1.DLL	family_danabot
\Users\Admin\AppData\Local\Temp\SECURI~1.DLL	family_danabot
C:\ProgramData\9162E964\1255DB5F.dll	family_danabot
\ProgramData\9162E964\1255DB5F.dll	family_danabot
\ProgramData\9162E964\1255DB5F.dll	family_danabot
\ProgramData\9162E964\1255DB5F.dll	family_danabot
\ProgramData\9162E964\1255DB5F.dll	family_danabot
\ProgramData\9162E964\1255DB5F.dll	family_danabot

Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs

Processes:

WerFault.exe

description pid process target process

PID 2732 created 1820 2732 WerFault.exe SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exe
Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

3 2020 rundll32.exe
Executes dropped EXE 2 IoCs

Processes:

winlogon.exeExplorer.EXE

pid process

548 winlogon.exe
3012 Explorer.EXE
Sets DLL path for service in the registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112
Sets service image path in registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

description	pid	process	target process
PID 2732 created 1820	2732	WerFault.exe	SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exe

flow	pid	process
3	2020	rundll32.exe

pid	process
548	winlogon.exe
3012	Explorer.EXE

Loads dropped DLL 14 IoCs

Processes:

regsvr32.exerundll32.exerundll32.exerundll32.exerundll32.exeRUNDLL32.EXEsvchost.exerundll32.exeRUNDLL32.EXEExplorer.EXErundll32.exe

pid	process
2272	regsvr32.exe
2272	regsvr32.exe
2020	rundll32.exe
2220	rundll32.exe
3924	rundll32.exe
720	rundll32.exe
720	rundll32.exe
652	RUNDLL32.EXE
4060	svchost.exe
1856	rundll32.exe
3644	RUNDLL32.EXE
3012	Explorer.EXE
3924	rundll32.exe
3924	rundll32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
File opened (read-only)	\??\U:	svchost.exe
File opened (read-only)	\??\V:	svchost.exe
File opened (read-only)	\??\Q:	svchost.exe
File opened (read-only)	\??\F:	svchost.exe
File opened (read-only)	\??\H:	svchost.exe
File opened (read-only)	\??\J:	svchost.exe
File opened (read-only)	\??\K:	svchost.exe
File opened (read-only)	\??\M:	svchost.exe
File opened (read-only)	\??\N:	svchost.exe
File opened (read-only)	\??\P:	svchost.exe
File opened (read-only)	\??\B:	svchost.exe
File opened (read-only)	\??\T:	svchost.exe
File opened (read-only)	\??\W:	svchost.exe
File opened (read-only)	\??\R:	svchost.exe
File opened (read-only)	\??\I:	svchost.exe
File opened (read-only)	\??\L:	svchost.exe
File opened (read-only)	\??\S:	svchost.exe
File opened (read-only)	\??\X:	svchost.exe
File opened (read-only)	\??\Z:	svchost.exe
File opened (read-only)	\??\A:	svchost.exe
File opened (read-only)	\??\G:	svchost.exe
File opened (read-only)	\??\O:	svchost.exe
File opened (read-only)	\??\Y:	svchost.exe
File opened (read-only)	\??\E:	svchost.exe

Drops file in System32 directory 1 IoCs

Processes:

rundll32.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2732 1820 WerFault.exe SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exe

pid	pid_target	process	target process
2732	1820	WerFault.exe	SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

rundll32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	rundll32.exe

Modifies data under HKEY_USERS 19 IoCs

Processes:

RUNDLL32.EXErundll32.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	RUNDLL32.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "1"	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	RUNDLL32.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = "127.0.0.1:8080꼀"	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	RUNDLL32.EXE
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = "127.0.0.1:8080꼀"	RUNDLL32.EXE
Set value (int)	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "1"	RUNDLL32.EXE
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = "127.0.0.1:8080꼀"	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\root	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\root	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings	RUNDLL32.EXE
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "1"	RUNDLL32.EXE

Modifies registry class 7 IoCs

Processes:

RUNDLL32.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000_Classes\Software\Microsoft	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000_Classes\Software\Microsoft\Windows	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000_Classes\Software\Microsoft\Windows\CurrentVersion	RUNDLL32.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "1"	RUNDLL32.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = "127.0.0.1:8080꼀"	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000_Classes\Software	RUNDLL32.EXE

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

RUNDLL32.EXE

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3DF271D287B97915D60EB9D645870A152CA09B51\Blob = 0300000001000000140000003df271d287b97915d60eb9d645870a152ca09b5102000000010000003c0000001c00000000000000010000002000000000000000000000000100000074006800610077007400650020003200410020002d002000390037000000000020000000010000000703000030820303308201eba00302010202101cc1172a139dca9d4b8bba156580584f300d06092a864886f70d01010505003033311730150603550403130e746861777465203241202d203937310b3009060355040a13024e54310b3009060355040b1302454e301e170d3135303632343137303030345a170d3235303632343137303030345a3033311730150603550403130e746861777465203241202d203937310b3009060355040a13024e54310b3009060355040b1302454e30820122300d06092a864886f70d01010105000382010f003082010a0282010100eb1864494e1d08ab6789756a0f8fe398adc56608227c4c19e0e8cf04257ddcf715ec99db98f6ee60658c2608fdeca7324bff81b5c8c63cea3396c8b4a2ef4ec1de090b52387061255f504a8686bb42ae9487c61926ed002302b469fc82f52450e562511739029d0e7e24ad4402cb5d5d21482ce9b46b12d89af498751a20a963646b7e1bd70b87fa94d46aa670e7f15a6cdac343d0979219a1ae788d9ab63d27f7cacb8f9c73cefd9371280499740235d9b51920fe2397fce7c147d88e296b81ff21119ca570ac8c83daf774b41d65cb56d20077c7073f938eaa4dd40a243a8707b1f77ca6fe5655c805c32296a9c7ebc604b3b21c1d6a5175e3ff49e9fab5550203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d0101050500038201010098cc178c6a2b2326a792bb52a7e50e791b151d22b2d9ecd30ee90926c6cd702b1c8ad5ef544177e2d5bcc97fbfa34a461b38bde8528bfffa2f2ac6188c0fa3da6793b7066e6dd64138a7e7531d4613d9367eeef2eaf624b214a12fc3dedf27eaf4335872a05377d91842b0df3c40425d065a33348dae3b0ecd9a97335877a26c76fe2f0e7ae7efc9dd008f685cf37816767088293ac55404fd96d9992c87ab43a5711d41496896ee9384ebbb271f44b1c2d83add96290ec5bdd6a29c039a11c6f997c8319e877244db84ebc5ef5bfc8020b96e61f33e755495d7529ee5a5455aec21d9038c32b9256542e9a4e911ef79adbb3b8c6f1cb9510a6e3facaa9d38e0	RUNDLL32.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3DF271D287B97915D60EB9D645870A152CA09B51	RUNDLL32.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

WerFault.exepowershell.exepowershell.exesvchost.exerundll32.exe

pid	process
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
2732	WerFault.exe
1188	powershell.exe
2532	powershell.exe
1188	powershell.exe
2532	powershell.exe
1188	powershell.exe
4060	svchost.exe
4060	svchost.exe
2532	powershell.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
4060	svchost.exe
4060	svchost.exe
1856	rundll32.exe

Suspicious use of AdjustPrivilegeToken 59 IoCs

Processes:

WerFault.exeRUNDLL32.EXErundll32.exepowershell.exepowershell.exeExplorer.EXE

description	pid	process
Token: SeRestorePrivilege	2732	WerFault.exe
Token: SeBackupPrivilege	2732	WerFault.exe
Token: SeDebugPrivilege	2732	WerFault.exe
Token: SeDebugPrivilege	652	RUNDLL32.EXE
Token: SeDebugPrivilege	720	rundll32.exe
Token: SeDebugPrivilege	2532	powershell.exe
Token: SeDebugPrivilege	1188	powershell.exe
Token: SeIncreaseQuotaPrivilege	2532	powershell.exe
Token: SeSecurityPrivilege	2532	powershell.exe
Token: SeTakeOwnershipPrivilege	2532	powershell.exe
Token: SeLoadDriverPrivilege	2532	powershell.exe
Token: SeSystemProfilePrivilege	2532	powershell.exe
Token: SeSystemtimePrivilege	2532	powershell.exe
Token: SeProfSingleProcessPrivilege	2532	powershell.exe
Token: SeIncBasePriorityPrivilege	2532	powershell.exe
Token: SeCreatePagefilePrivilege	2532	powershell.exe
Token: SeBackupPrivilege	2532	powershell.exe
Token: SeRestorePrivilege	2532	powershell.exe
Token: SeShutdownPrivilege	2532	powershell.exe
Token: SeDebugPrivilege	2532	powershell.exe
Token: SeSystemEnvironmentPrivilege	2532	powershell.exe
Token: SeRemoteShutdownPrivilege	2532	powershell.exe
Token: SeUndockPrivilege	2532	powershell.exe
Token: SeManageVolumePrivilege	2532	powershell.exe
Token: 33	2532	powershell.exe
Token: 34	2532	powershell.exe
Token: 35	2532	powershell.exe
Token: 36	2532	powershell.exe
Token: SeIncreaseQuotaPrivilege	1188	powershell.exe
Token: SeSecurityPrivilege	1188	powershell.exe
Token: SeTakeOwnershipPrivilege	1188	powershell.exe
Token: SeLoadDriverPrivilege	1188	powershell.exe
Token: SeSystemProfilePrivilege	1188	powershell.exe
Token: SeSystemtimePrivilege	1188	powershell.exe
Token: SeProfSingleProcessPrivilege	1188	powershell.exe
Token: SeIncBasePriorityPrivilege	1188	powershell.exe
Token: SeCreatePagefilePrivilege	1188	powershell.exe
Token: SeBackupPrivilege	1188	powershell.exe
Token: SeRestorePrivilege	1188	powershell.exe
Token: SeShutdownPrivilege	1188	powershell.exe
Token: SeDebugPrivilege	1188	powershell.exe
Token: SeSystemEnvironmentPrivilege	1188	powershell.exe
Token: SeRemoteShutdownPrivilege	1188	powershell.exe
Token: SeUndockPrivilege	1188	powershell.exe
Token: SeManageVolumePrivilege	1188	powershell.exe
Token: 33	1188	powershell.exe
Token: 34	1188	powershell.exe
Token: 35	1188	powershell.exe
Token: 36	1188	powershell.exe
Token: SeShutdownPrivilege	3012	Explorer.EXE
Token: SeCreatePagefilePrivilege	3012	Explorer.EXE
Token: SeShutdownPrivilege	3012	Explorer.EXE
Token: SeCreatePagefilePrivilege	3012	Explorer.EXE
Token: SeShutdownPrivilege	3012	Explorer.EXE
Token: SeCreatePagefilePrivilege	3012	Explorer.EXE
Token: SeShutdownPrivilege	3012	Explorer.EXE
Token: SeCreatePagefilePrivilege	3012	Explorer.EXE
Token: SeShutdownPrivilege	3012	Explorer.EXE
Token: SeCreatePagefilePrivilege	3012	Explorer.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Explorer.EXErundll32.exe

pid process

3012 Explorer.EXE
3012 Explorer.EXE
3012 Explorer.EXE
3012 Explorer.EXE
720 rundll32.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

Explorer.EXE

pid process

3012 Explorer.EXE

pid	process
3012	Explorer.EXE
3012	Explorer.EXE
3012	Explorer.EXE
3012	Explorer.EXE
720	rundll32.exe

pid	process
3012	Explorer.EXE

Suspicious use of WriteProcessMemory 30 IoCs

Processes:

SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exeregsvr32.exerundll32.exerundll32.exerundll32.exesvchost.exe

description	pid	process	target process
PID 1820 wrote to memory of 2272	1820	SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exe	regsvr32.exe
PID 1820 wrote to memory of 2272	1820	SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exe	regsvr32.exe
PID 1820 wrote to memory of 2272	1820	SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exe	regsvr32.exe
PID 2272 wrote to memory of 2020	2272	regsvr32.exe	rundll32.exe
PID 2272 wrote to memory of 2020	2272	regsvr32.exe	rundll32.exe
PID 2272 wrote to memory of 2020	2272	regsvr32.exe	rundll32.exe
PID 2020 wrote to memory of 2220	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 2220	2020	rundll32.exe	rundll32.exe
PID 2020 wrote to memory of 2220	2020	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 3924	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 3924	2220	rundll32.exe	rundll32.exe
PID 3924 wrote to memory of 720	3924	rundll32.exe	rundll32.exe
PID 3924 wrote to memory of 720	3924	rundll32.exe	rundll32.exe
PID 3924 wrote to memory of 720	3924	rundll32.exe	rundll32.exe
PID 3924 wrote to memory of 652	3924	rundll32.exe	RUNDLL32.EXE
PID 3924 wrote to memory of 652	3924	rundll32.exe	RUNDLL32.EXE
PID 3924 wrote to memory of 1188	3924	rundll32.exe	powershell.exe
PID 3924 wrote to memory of 1188	3924	rundll32.exe	powershell.exe
PID 3924 wrote to memory of 2532	3924	rundll32.exe	powershell.exe
PID 3924 wrote to memory of 2532	3924	rundll32.exe	powershell.exe
PID 4060 wrote to memory of 1856	4060	svchost.exe	rundll32.exe
PID 4060 wrote to memory of 1856	4060	svchost.exe	rundll32.exe
PID 4060 wrote to memory of 1856	4060	svchost.exe	rundll32.exe
PID 4060 wrote to memory of 548	4060	svchost.exe	winlogon.exe
PID 4060 wrote to memory of 3644	4060	svchost.exe	RUNDLL32.EXE
PID 4060 wrote to memory of 3644	4060	svchost.exe	RUNDLL32.EXE
PID 4060 wrote to memory of 3012	4060	svchost.exe	Explorer.EXE
PID 4060 wrote to memory of 3924	4060	svchost.exe	rundll32.exe
PID 4060 wrote to memory of 3924	4060	svchost.exe	rundll32.exe
PID 4060 wrote to memory of 3924	4060	svchost.exe	rundll32.exe

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
- Executes dropped EXE
PID:548

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of UnmapMainImage
PID:3012

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BehavesLike.Win32.Generic.vc.298.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1820

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\AppData\Local\Temp\SECURI~1.DLL f1 C:\Users\Admin\AppData\Local\Temp\SECURI~1.EXE@1820
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2272

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\SECURI~1.DLL,f0
4⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2020

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\\rundll32.exe C:\PROGRA~3\9162E964\1B1FB272.dll,f1 C:\Users\Admin\AppData\Local\Temp\SECURI~1.DLL@2020
5⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2220

C:\Windows\system32\rundll32.exe
C:\Windows\system32\\rundll32.exe C:\PROGRA~3\9162E964\1B1FB272.dll,f1 C:\Users\Admin\AppData\Local\Temp\SECURI~1.DLL@2020
6⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3924

C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\rundll32.exe C:\ProgramData\9162E964\1255DB5F.dll,f2 F709AA619059A3AAB3E71D0ADA462372
7⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:720

C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\RUNDLL32.EXE C:\ProgramData\9162E964\1B1FB272.dll,f2 1FCAAAC36182D72B5B244331A7421701
7⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:652

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:\ProgramData\9162E964\1255DB5F.dll
7⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1188

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:\ProgramData\9162E964\1B1FB272.dll
7⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 420
3⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2732

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4060

C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\rundll32.exe C:\ProgramData\9162E964\1255DB5F.dll,f3
2⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1856

C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\RUNDLL32.EXE C:\ProgramData\9162E964\1B1FB272.dll,f7
2⤵
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Modifies registry class
- Modifies system certificate store
PID:3644

C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\rundll32.exe C:\ProgramData\9162E964\1255DB5F.dll,f2 E48E292D52AA1264BCBA6B30A9CB2113
2⤵
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:3924

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\9162E964\1B1FB272.dll
MD5
d48955ca5167e1ff4edc24220cf748fa

SHA1
1799693b6ad300108a9837f19cd8971c1d465d54

SHA256
4e45444bb7ab4263d593db5c5db19330a874c555dc577df03efa505e94f0ff77

SHA512
7ea22068cdb12b72b11daa0e91996520e2147279842a95a81d18cad34247b58b609cef6cc00ca9877c6a244c4d27ea0ca3e2697bcc95fb607dab125bc3c098cc

Download Submit
C:\ProgramData\9162E964\1255DB5F.dll
MD5
151decc0fb08687834d6335729c4fd93

SHA1
ce8d50e1869b3b26ed9051c17c262af747c7c7b3

SHA256
742a83c76ea9ae304f6425bd84d175bfdfec7c74e946b8a7aea456b0672e7bb6

SHA512
1483fea7c1181a38b35688d5cd08051a386f49994b957cf3248936b2cb2c43819a0975c16a60544e925a9db969f0017adcabfc2c7383b8fdd5529357c88d6ace

Download Submit
C:\ProgramData\9162E964\2E8B03C4
MD5
fe4a7bee09360093ec31c2093145da09

SHA1
bd62aa16826e652eb58cd99b1ea7bfad946e53e3

SHA256
917ab82f25f407e485c7595a40d4f165a7c8425c5e2438fa8184ae4734068a5b

SHA512
3b366a52318c6227618cf8f72af8b2f73b91d31257393138a0e17f53854b85b1a4fa7d148c2492e786c1175dc88e917a32c13ee5560e283ecdcaae2f5c47c154

Download Submit
C:\ProgramData\9162E964\575E01FC
MD5
030ea924a6542b19860de31007b8d017

SHA1
58649cf53e033848e1b42570d74a5e5edf6caf76

SHA256
a81c689f31c780373f300ddde2431d85001d167f9b42ec4b5c75f6882301b280

SHA512
c47c3a61b1fa9d5d1f605f477e017ca551a217a0292c81616ec3799f865d535bfcee6cc0e49ab323bbb5ccb857ed5bd1f31a9094dbe26ce383bc08ea77ed2591

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7738415fdb1c13502070bd7ffc94ce07_3e009a64-65d7-465c-9098-f2673dd3f416
MD5
976fc99dcede1699e900725bdc3a8898

SHA1
dd6db819c9c7b86b8965dbc6d94f334a74ce56b1

SHA256
0fabc6a9d2af6f174c7e54fc37f6ca1f217b5b4a85987e7b653fb70ea003b392

SHA512
e1ae7bb8fa2b9d93d0805d6f603ac9f6fe7bf286e65973924cbb359a17231d83e72de8ab6614a394a736705c7939af647194ec46d7df4bd062c44ff144872e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
MD5
8592ba100a78835a6b94d5949e13dfc1

SHA1
63e901200ab9a57c7dd4c078d7f75dcd3b357020

SHA256
fdd7d9def6f9f0c0f2e60dbc8a2d1999071cd7d3095e9e087bb1cda7a614ac3c

SHA512
87f98e6cb61b2a2a7d65710c4d33881d89715eb7a06e00d492259f35c3902498baabffc5886be0ec5a14312ad4c262e3fc40cd3a5cb91701af0fb229726b88c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
MD5
09d3831b41230fdb1be8377edc0f76d8

SHA1
b17fda46628ee38dd99cc1bea819c204c60b7e73

SHA256
5d2689e2c04d729566369a872c307b1e6f37f64be24a2efac98e1a61708ff2e5

SHA512
56af80d5e9cfda3c6bc023302fe233db67f6dc87cc9e36c2303aa6a45b9bebbad41cb44ad44cd151bda1cf3d504a99762d3dc194832c9793ac6de9ca8cbf8d60

Download Submit
C:\Users\Admin\AppData\Local\Temp\SECURI~1.DLL
MD5
ba5bcacdd2930de8898da02eb76bd9d1

SHA1
2d6cdd794b651a92753113b58139957635efea7c

SHA256
a59a10879e0a2db88c6ea80f31a85962b7e4e89b6e2c4d4cac459b1580422b78

SHA512
b46fb1ee60d7c22bd943462fcd5107645189b509dc564f4e1a0b6b5f04ef7a42aeaad117f217f4f3096baa09beb953eb65a7588a9ba432a3632d3fe35edf8a27

Download Submit
\PROGRA~3\9162E964\1B1FB272.dll
MD5
d48955ca5167e1ff4edc24220cf748fa

SHA1
1799693b6ad300108a9837f19cd8971c1d465d54

SHA256
4e45444bb7ab4263d593db5c5db19330a874c555dc577df03efa505e94f0ff77

SHA512
7ea22068cdb12b72b11daa0e91996520e2147279842a95a81d18cad34247b58b609cef6cc00ca9877c6a244c4d27ea0ca3e2697bcc95fb607dab125bc3c098cc

Download Submit
\PROGRA~3\9162E964\1B1FB272.dll
MD5
d48955ca5167e1ff4edc24220cf748fa

SHA1
1799693b6ad300108a9837f19cd8971c1d465d54

SHA256
4e45444bb7ab4263d593db5c5db19330a874c555dc577df03efa505e94f0ff77

SHA512
7ea22068cdb12b72b11daa0e91996520e2147279842a95a81d18cad34247b58b609cef6cc00ca9877c6a244c4d27ea0ca3e2697bcc95fb607dab125bc3c098cc

Download Submit
\PROGRA~3\9162E964\1B1FB272.dll
MD5
d48955ca5167e1ff4edc24220cf748fa

SHA1
1799693b6ad300108a9837f19cd8971c1d465d54

SHA256
4e45444bb7ab4263d593db5c5db19330a874c555dc577df03efa505e94f0ff77

SHA512
7ea22068cdb12b72b11daa0e91996520e2147279842a95a81d18cad34247b58b609cef6cc00ca9877c6a244c4d27ea0ca3e2697bcc95fb607dab125bc3c098cc

Download Submit
\PROGRA~3\9162E964\1B1FB272.dll
MD5
d48955ca5167e1ff4edc24220cf748fa

SHA1
1799693b6ad300108a9837f19cd8971c1d465d54

SHA256
4e45444bb7ab4263d593db5c5db19330a874c555dc577df03efa505e94f0ff77

SHA512
7ea22068cdb12b72b11daa0e91996520e2147279842a95a81d18cad34247b58b609cef6cc00ca9877c6a244c4d27ea0ca3e2697bcc95fb607dab125bc3c098cc

Download Submit
\PROGRA~3\9162E964\1B1FB272.dll
MD5
d48955ca5167e1ff4edc24220cf748fa

SHA1
1799693b6ad300108a9837f19cd8971c1d465d54

SHA256
4e45444bb7ab4263d593db5c5db19330a874c555dc577df03efa505e94f0ff77

SHA512
7ea22068cdb12b72b11daa0e91996520e2147279842a95a81d18cad34247b58b609cef6cc00ca9877c6a244c4d27ea0ca3e2697bcc95fb607dab125bc3c098cc

Download Submit
\PROGRA~3\9162E964\1B1FB272.dll
MD5
d48955ca5167e1ff4edc24220cf748fa

SHA1
1799693b6ad300108a9837f19cd8971c1d465d54

SHA256
4e45444bb7ab4263d593db5c5db19330a874c555dc577df03efa505e94f0ff77

SHA512
7ea22068cdb12b72b11daa0e91996520e2147279842a95a81d18cad34247b58b609cef6cc00ca9877c6a244c4d27ea0ca3e2697bcc95fb607dab125bc3c098cc

Download Submit
\PROGRA~3\9162E964\1B1FB272.dll
MD5
d48955ca5167e1ff4edc24220cf748fa

SHA1
1799693b6ad300108a9837f19cd8971c1d465d54

SHA256
4e45444bb7ab4263d593db5c5db19330a874c555dc577df03efa505e94f0ff77

SHA512
7ea22068cdb12b72b11daa0e91996520e2147279842a95a81d18cad34247b58b609cef6cc00ca9877c6a244c4d27ea0ca3e2697bcc95fb607dab125bc3c098cc

Download Submit
\PROGRA~3\9162E964\1B1FB272.dll
MD5
d48955ca5167e1ff4edc24220cf748fa

SHA1
1799693b6ad300108a9837f19cd8971c1d465d54

SHA256
4e45444bb7ab4263d593db5c5db19330a874c555dc577df03efa505e94f0ff77

SHA512
7ea22068cdb12b72b11daa0e91996520e2147279842a95a81d18cad34247b58b609cef6cc00ca9877c6a244c4d27ea0ca3e2697bcc95fb607dab125bc3c098cc

Download Submit
\ProgramData\9162E964\1255DB5F.dll
MD5
151decc0fb08687834d6335729c4fd93

SHA1
ce8d50e1869b3b26ed9051c17c262af747c7c7b3

SHA256
742a83c76ea9ae304f6425bd84d175bfdfec7c74e946b8a7aea456b0672e7bb6

SHA512
1483fea7c1181a38b35688d5cd08051a386f49994b957cf3248936b2cb2c43819a0975c16a60544e925a9db969f0017adcabfc2c7383b8fdd5529357c88d6ace

Download Submit
\ProgramData\9162E964\1255DB5F.dll
MD5
151decc0fb08687834d6335729c4fd93

SHA1
ce8d50e1869b3b26ed9051c17c262af747c7c7b3

SHA256
742a83c76ea9ae304f6425bd84d175bfdfec7c74e946b8a7aea456b0672e7bb6

SHA512
1483fea7c1181a38b35688d5cd08051a386f49994b957cf3248936b2cb2c43819a0975c16a60544e925a9db969f0017adcabfc2c7383b8fdd5529357c88d6ace

Download Submit
\ProgramData\9162E964\1255DB5F.dll
MD5
151decc0fb08687834d6335729c4fd93

SHA1
ce8d50e1869b3b26ed9051c17c262af747c7c7b3

SHA256
742a83c76ea9ae304f6425bd84d175bfdfec7c74e946b8a7aea456b0672e7bb6

SHA512
1483fea7c1181a38b35688d5cd08051a386f49994b957cf3248936b2cb2c43819a0975c16a60544e925a9db969f0017adcabfc2c7383b8fdd5529357c88d6ace

Download Submit
\ProgramData\9162E964\1255DB5F.dll
MD5
151decc0fb08687834d6335729c4fd93

SHA1
ce8d50e1869b3b26ed9051c17c262af747c7c7b3

SHA256
742a83c76ea9ae304f6425bd84d175bfdfec7c74e946b8a7aea456b0672e7bb6

SHA512
1483fea7c1181a38b35688d5cd08051a386f49994b957cf3248936b2cb2c43819a0975c16a60544e925a9db969f0017adcabfc2c7383b8fdd5529357c88d6ace

Download Submit
\ProgramData\9162E964\1255DB5F.dll
MD5
151decc0fb08687834d6335729c4fd93

SHA1
ce8d50e1869b3b26ed9051c17c262af747c7c7b3

SHA256
742a83c76ea9ae304f6425bd84d175bfdfec7c74e946b8a7aea456b0672e7bb6

SHA512
1483fea7c1181a38b35688d5cd08051a386f49994b957cf3248936b2cb2c43819a0975c16a60544e925a9db969f0017adcabfc2c7383b8fdd5529357c88d6ace

Download Submit
\Users\Admin\AppData\Local\Temp\SECURI~1.DLL
MD5
ba5bcacdd2930de8898da02eb76bd9d1

SHA1
2d6cdd794b651a92753113b58139957635efea7c

SHA256
a59a10879e0a2db88c6ea80f31a85962b7e4e89b6e2c4d4cac459b1580422b78

SHA512
b46fb1ee60d7c22bd943462fcd5107645189b509dc564f4e1a0b6b5f04ef7a42aeaad117f217f4f3096baa09beb953eb65a7588a9ba432a3632d3fe35edf8a27

Download Submit
\Users\Admin\AppData\Local\Temp\SECURI~1.DLL
MD5
ba5bcacdd2930de8898da02eb76bd9d1

SHA1
2d6cdd794b651a92753113b58139957635efea7c

SHA256
a59a10879e0a2db88c6ea80f31a85962b7e4e89b6e2c4d4cac459b1580422b78

SHA512
b46fb1ee60d7c22bd943462fcd5107645189b509dc564f4e1a0b6b5f04ef7a42aeaad117f217f4f3096baa09beb953eb65a7588a9ba432a3632d3fe35edf8a27

Download Submit
\Users\Admin\AppData\Local\Temp\SECURI~1.DLL
MD5
ba5bcacdd2930de8898da02eb76bd9d1

SHA1
2d6cdd794b651a92753113b58139957635efea7c

SHA256
a59a10879e0a2db88c6ea80f31a85962b7e4e89b6e2c4d4cac459b1580422b78

SHA512
b46fb1ee60d7c22bd943462fcd5107645189b509dc564f4e1a0b6b5f04ef7a42aeaad117f217f4f3096baa09beb953eb65a7588a9ba432a3632d3fe35edf8a27

Download Submit
memory/548-58-0x0000016975D50000-0x0000016975FCD000-memory.dmp

Filesize
2.5MB

Download
memory/548-61-0x0000016975FD0000-0x0000016976110000-memory.dmp

Filesize
1.2MB

Download
memory/548-62-0x0000016975FD0000-0x0000016976110000-memory.dmp

Filesize
1.2MB

Download
memory/652-48-0x0000000000400000-0x000000000067D000-memory.dmp

Filesize
2.5MB

Download
memory/652-41-0x0000024D3C590000-0x0000024D3C591000-memory.dmp

Filesize
4KB

Download
memory/652-31-0x0000024D3BC40000-0x0000024D3BEBD000-memory.dmp

Filesize
2.5MB

Download
memory/652-28-0x0000000000000000-mapping.dmp

Download
memory/652-32-0x0000024D3C0C0000-0x0000024D3C443000-memory.dmp

Filesize
3.5MB

Download
memory/720-66-0x0000000005780000-0x0000000005781000-memory.dmp

Filesize
4KB

Download
memory/720-64-0x0000000005780000-0x0000000005781000-memory.dmp

Filesize
4KB

Download
memory/720-30-0x00000000047C0000-0x0000000004951000-memory.dmp

Filesize
1.6MB

Download
memory/720-35-0x0000000004D90000-0x000000000525E000-memory.dmp

Filesize
4.8MB

Download
memory/720-24-0x0000000000000000-mapping.dmp

Download
memory/1188-33-0x0000000000000000-mapping.dmp

Download
memory/1820-1-0x00000000055E0000-0x00000000055E1000-memory.dmp

Filesize
4KB

Download
memory/1856-57-0x0000000004780000-0x0000000004911000-memory.dmp

Filesize
1.6MB

Download
memory/1856-51-0x0000000000000000-mapping.dmp

Download
memory/2020-14-0x0000000000000000-mapping.dmp

Download
memory/2220-17-0x0000000000000000-mapping.dmp

Download
memory/2272-2-0x0000000000000000-mapping.dmp

Download
memory/2532-34-0x0000000000000000-mapping.dmp

Download
memory/2732-4-0x0000000004820000-0x0000000004821000-memory.dmp

Filesize
4KB

Download
memory/2732-3-0x0000000004820000-0x0000000004821000-memory.dmp

Filesize
4KB

Download
memory/3012-78-0x0000000004E90000-0x0000000004FD0000-memory.dmp

Filesize
1.2MB

Download
memory/3012-77-0x0000000004E90000-0x0000000004FD0000-memory.dmp

Filesize
1.2MB

Download
memory/3012-76-0x0000000006380000-0x00000000065FD000-memory.dmp

Filesize
2.5MB

Download
memory/3644-59-0x0000000000000000-mapping.dmp

Download
memory/3644-63-0x000002583F9D0000-0x000002583FC4D000-memory.dmp

Filesize
2.5MB

Download
memory/3924-284-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-454-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-20-0x0000000000000000-mapping.dmp

Download
memory/3924-612-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-611-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-610-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-609-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-608-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-607-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-606-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-604-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-86-0x0000000000000000-mapping.dmp

Download
memory/3924-605-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-603-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-89-0x0000000003460000-0x00000000035F1000-memory.dmp

Filesize
1.6MB

Download
memory/3924-601-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-602-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-92-0x0000000003740000-0x0000000003FE6000-memory.dmp

Filesize
8.6MB

Download
memory/3924-93-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-94-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

Filesize
4KB

Download
memory/3924-95-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-96-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-99-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-600-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-599-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-111-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-126-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-134-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-138-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-598-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-596-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-146-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-151-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-159-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-163-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-164-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-171-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-176-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-177-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-181-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-182-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-183-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-184-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-186-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-185-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-187-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-188-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-189-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-190-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-191-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-192-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-193-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-194-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-195-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-196-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-197-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-199-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-201-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-202-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-203-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-204-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-205-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-206-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-595-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-593-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-207-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-210-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-211-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-212-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-213-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-214-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-215-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-216-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-217-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-219-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-218-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-220-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-221-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-222-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-223-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-224-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-225-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-226-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-227-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-228-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-229-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-230-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-231-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-232-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-233-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-234-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-235-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-236-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-237-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-238-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-239-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-240-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-241-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-242-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-244-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-243-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-245-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-246-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-249-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-247-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-592-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-591-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-251-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-252-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-253-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-254-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-255-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-256-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-257-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-258-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-259-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-260-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-261-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-262-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-263-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-264-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-265-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-266-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-267-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-268-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-269-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-270-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-272-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-271-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-273-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-274-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-275-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-276-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-277-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-278-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-279-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-280-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-281-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-282-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-283-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-23-0x000001CBE67E0000-0x000001CBE6A5D000-memory.dmp

Filesize
2.5MB

Download
memory/3924-285-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-286-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-287-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-288-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-289-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-590-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-291-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-589-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-293-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-294-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-295-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-296-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-297-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-298-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-299-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-300-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/3924-301-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-302-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

Filesize
4KB

Download
memory/3924-303-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-304-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-385-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-404-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-588-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-431-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/3924-587-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-469-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-470-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-471-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-472-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-473-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-474-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-475-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-476-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-477-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-478-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-479-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-480-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-481-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-482-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-483-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-484-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-485-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-486-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-487-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-488-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-489-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-490-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-491-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-492-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-493-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-586-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-495-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-585-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-497-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-498-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-499-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-500-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-501-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-502-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-503-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-504-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-505-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-506-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-507-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-508-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-509-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-510-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-511-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-512-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-513-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-514-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-515-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-517-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-516-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-518-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-519-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-520-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-521-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-522-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-523-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-524-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-525-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-526-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-527-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-528-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-529-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-530-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-531-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-532-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-533-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-534-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-535-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-536-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-537-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-538-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-539-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-540-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-584-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-542-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-583-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-544-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-545-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-546-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-547-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-548-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-549-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-550-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-551-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-552-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-553-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-554-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-555-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-556-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-558-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-557-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-559-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-560-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-561-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-562-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-563-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-564-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-565-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-566-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-567-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-568-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-569-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-570-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-571-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-572-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-573-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-574-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-575-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-576-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-577-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-578-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-579-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-580-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-581-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/3924-582-0x00000000007A0000-0x00000000007BC000-memory.dmp

Filesize
112KB

Download
memory/4060-80-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-73-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-496-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-543-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-81-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-428-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-292-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-290-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-250-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-248-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-45-0x00000186F0B80000-0x00000186F0DFD000-memory.dmp

Filesize
2.5MB

Download
memory/4060-594-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-50-0x00000186F0F40000-0x00000186F0F41000-memory.dmp

Filesize
4KB

Download
memory/4060-597-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-145-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-143-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-109-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-108-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-91-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-90-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-52-0x00000186F1740000-0x00000186F1741000-memory.dmp

Filesize
4KB

Download
memory/4060-54-0x00000186F0F40000-0x00000186F0F41000-memory.dmp

Filesize
4KB

Download
memory/4060-85-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-84-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-736-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-541-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-494-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-79-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-69-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-71-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-72-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-615-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-616-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-617-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-619-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-621-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-623-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-625-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-627-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-629-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-631-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-635-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-636-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-637-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-650-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-690-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-691-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-727-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-728-0x00000186F1080000-0x00000186F1081000-memory.dmp

Filesize
4KB

Download
memory/4060-82-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-737-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download
memory/4060-739-0x00000186F1880000-0x00000186F1881000-memory.dmp

Filesize
4KB

Download