danabot | 7a5bff709af4ad1e50840b0822a91edbec6ab2418e13ef1cdf30e3ea09228590

Analysis

max time kernel
151s
max time network
112s
platform
windows10_x64
resource
win10v200722
submitted
14-09-2020 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

elder.exe
Size

2.3MB
MD5

e4fc60d76aed36f58af4e8a02ac91887
SHA1

59565273a6d014865b15e81fdbbed59fc56451f0
SHA256

7a5bff709af4ad1e50840b0822a91edbec6ab2418e13ef1cdf30e3ea09228590
SHA512

5e2653cae0d078f1ed4856b196f0956f78c40c270372e1104cdca9c5d86c8e2d17516164d6d9ab7779a038a36753a82f0c1de6b859d4d8e0582d9602c477f19a

Score

10^/10

danabot banker botnet discovery persistence spyware stealer trojan

Malware Config

Extracted

Family

danabot

89.44.9.132

64.188.23.70

179.43.133.35

45.147.231.218

89.45.4.126

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot x86 payload 9 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\elder.dll	family_danabot
\Users\Admin\AppData\Local\Temp\elder.dll	family_danabot
\Users\Admin\AppData\Local\Temp\elder.dll	family_danabot
\Users\Admin\AppData\Local\Temp\elder.dll	family_danabot
\ProgramData\2CA82EF5\BDE42FC5.dll	family_danabot
C:\ProgramData\2CA82EF5\BDE42FC5.dll	family_danabot
\ProgramData\2CA82EF5\BDE42FC5.dll	family_danabot
\ProgramData\2CA82EF5\BDE42FC5.dll	family_danabot
\ProgramData\2CA82EF5\BDE42FC5.dll	family_danabot

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

9 3276 rundll32.exe
Executes dropped EXE 2 IoCs

Processes:

winlogon.exeExplorer.EXE

pid process

552 winlogon.exe
3016 Explorer.EXE
Sets DLL path for service in the registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112
Sets service image path in registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

flow	pid	process
9	3276	rundll32.exe

pid	process
552	winlogon.exe
3016	Explorer.EXE

Loads dropped DLL 12 IoCs

Processes:

regsvr32.exerundll32.exerundll32.exerundll32.exerundll32.exeRUNDLL32.EXEsvchost.exerundll32.exeRUNDLL32.EXErundll32.exe

pid	process
3892	regsvr32.exe
3892	regsvr32.exe
3276	rundll32.exe
3372	rundll32.exe
3388	rundll32.exe
3728	rundll32.exe
3728	rundll32.exe
3624	RUNDLL32.EXE
1956	svchost.exe
1560	rundll32.exe
1008	RUNDLL32.EXE
3900	rundll32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
File opened (read-only)	\??\J:	svchost.exe
File opened (read-only)	\??\K:	svchost.exe
File opened (read-only)	\??\S:	svchost.exe
File opened (read-only)	\??\V:	svchost.exe
File opened (read-only)	\??\B:	svchost.exe
File opened (read-only)	\??\H:	svchost.exe
File opened (read-only)	\??\N:	svchost.exe
File opened (read-only)	\??\Q:	svchost.exe
File opened (read-only)	\??\T:	svchost.exe
File opened (read-only)	\??\X:	svchost.exe
File opened (read-only)	\??\Y:	svchost.exe
File opened (read-only)	\??\Z:	svchost.exe
File opened (read-only)	\??\F:	svchost.exe
File opened (read-only)	\??\L:	svchost.exe
File opened (read-only)	\??\E:	svchost.exe
File opened (read-only)	\??\P:	svchost.exe
File opened (read-only)	\??\I:	svchost.exe
File opened (read-only)	\??\M:	svchost.exe
File opened (read-only)	\??\O:	svchost.exe
File opened (read-only)	\??\R:	svchost.exe
File opened (read-only)	\??\U:	svchost.exe
File opened (read-only)	\??\W:	svchost.exe
File opened (read-only)	\??\A:	svchost.exe
File opened (read-only)	\??\G:	svchost.exe

Drops file in System32 directory 1 IoCs

Processes:

rundll32.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

rundll32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	rundll32.exe

Modifies data under HKEY_USERS 19 IoCs

Processes:

rundll32.exeRUNDLL32.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\root	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	RUNDLL32.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = "127.0.0.1:8080"	RUNDLL32.EXE
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = "127.0.0.1:8080"	RUNDLL32.EXE
Set value (int)	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "1"	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\root	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "1"	RUNDLL32.EXE
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = "127.0.0.1:8080"	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	RUNDLL32.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	RUNDLL32.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "1"	RUNDLL32.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	rundll32.exe

Modifies registry class 7 IoCs

Processes:

RUNDLL32.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Software	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Software\Microsoft	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Software\Microsoft\Windows	RUNDLL32.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Software\Microsoft\Windows\CurrentVersion	RUNDLL32.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "1"	RUNDLL32.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = "127.0.0.1:8080"	RUNDLL32.EXE

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

RUNDLL32.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EA4973F635202E9DB7A0FD7CD4AE21A40F4F9F8	RUNDLL32.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EA4973F635202E9DB7A0FD7CD4AE21A40F4F9F8\Blob = 0300000001000000140000004ea4973f635202e9db7a0fd7cd4ae21a40f4f9f802000000010000003c0000001c00000000000000010000002000000000000000000000000100000074006800610077007400650020003800300020002d002000370044000000000020000000010000000703000030820303308201eba00302010202104ca4f634f28015b649497274e40f3ee1300d06092a864886f70d01010505003033311730150603550403130e746861777465203830202d203744310b3009060355040a13024e54310b3009060355040b1302454e301e170d3135303931343033323332385a170d3235303931343033323332385a3033311730150603550403130e746861777465203830202d203744310b3009060355040a13024e54310b3009060355040b1302454e30820122300d06092a864886f70d01010105000382010f003082010a0282010100bd804b5b874b960565d9c55b13beda72513751ed3da0e1b59f52b89838b455e738da5753138b7b6aecb01d00d5dc3e6aff97213812e6fc9752f665f02705892ab6fe4912d43c0f7cb3507f29c54118b928b7cc7dcbc5c8cd13952a97590635c72c412d501a5c301f69ebaaeb56a5fd544f00c5eae1d236a83957502de06339a74d6bfa1263d1d5c8d84e3ce2e6d105d3e8777dc35a473ad7f63db108e8dfeaaa920c6f9f0eea57eee8b2281f1a233cdc0af27fff1a9f2fd3591b49fc1f552a35b4de085d947e3c0f1d7567bb46286a07e7f5506fb7a1fa7f2be16cbf164ff34539e6fd08429a5e6694e4ad47eb5d436ba8e98a4fe0fb8ea758342707e61f79e90203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d010105050003820101007eadd79d288f0330963f2ce8921907992d84cb67444f36cb4072285e736d62845a5c273d5a641d4d02e9d37ef28eec5802940adeaaf9a383fae148f3069e3bf902d3f069b6731006c0bbe53fb8492cfe5370db24b40ccb0e8530dc21b66bb9a1b93369a052bab9958cd11d81544d15cefb0d44c80a2a16073ead178320ee661a9a6356ba3aaba794cb449b5a4ef0b3a5063ef2b1ad054fd868191094e5f0d08c3c54faccd436fa69112185035687436477cb2f8dce059f5705432251219d7ae8625b39c5e1042b5a9bd88e926195f763aca1ca1ac3e096088c22c66bd7b710618427814ffadb6ba52cf12847d62edeacfd082f2c1f61f061426cea5ad63a2cce	RUNDLL32.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

powershell.exepowershell.exesvchost.exerundll32.exerundll32.exeRUNDLL32.EXE

pid	process
3024	powershell.exe
2660	powershell.exe
3024	powershell.exe
2660	powershell.exe
1956	svchost.exe
1956	svchost.exe
3024	powershell.exe
2660	powershell.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1956	svchost.exe
1956	svchost.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
3728	rundll32.exe
3728	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe
1008	RUNDLL32.EXE
1560	rundll32.exe
1008	RUNDLL32.EXE
1560	rundll32.exe
1560	rundll32.exe
1560	rundll32.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

Processes:

rundll32.exeRUNDLL32.EXEpowershell.exepowershell.exeExplorer.EXE

description	pid	process
Token: SeDebugPrivilege	3728	rundll32.exe
Token: SeDebugPrivilege	3624	RUNDLL32.EXE
Token: SeDebugPrivilege	3024	powershell.exe
Token: SeDebugPrivilege	2660	powershell.exe
Token: SeIncreaseQuotaPrivilege	3024	powershell.exe
Token: SeSecurityPrivilege	3024	powershell.exe
Token: SeTakeOwnershipPrivilege	3024	powershell.exe
Token: SeLoadDriverPrivilege	3024	powershell.exe
Token: SeSystemProfilePrivilege	3024	powershell.exe
Token: SeSystemtimePrivilege	3024	powershell.exe
Token: SeProfSingleProcessPrivilege	3024	powershell.exe
Token: SeIncBasePriorityPrivilege	3024	powershell.exe
Token: SeCreatePagefilePrivilege	3024	powershell.exe
Token: SeBackupPrivilege	3024	powershell.exe
Token: SeRestorePrivilege	3024	powershell.exe
Token: SeShutdownPrivilege	3024	powershell.exe
Token: SeDebugPrivilege	3024	powershell.exe
Token: SeSystemEnvironmentPrivilege	3024	powershell.exe
Token: SeRemoteShutdownPrivilege	3024	powershell.exe
Token: SeUndockPrivilege	3024	powershell.exe
Token: SeManageVolumePrivilege	3024	powershell.exe
Token: 33	3024	powershell.exe
Token: 34	3024	powershell.exe
Token: 35	3024	powershell.exe
Token: 36	3024	powershell.exe
Token: SeIncreaseQuotaPrivilege	2660	powershell.exe
Token: SeSecurityPrivilege	2660	powershell.exe
Token: SeTakeOwnershipPrivilege	2660	powershell.exe
Token: SeLoadDriverPrivilege	2660	powershell.exe
Token: SeSystemProfilePrivilege	2660	powershell.exe
Token: SeSystemtimePrivilege	2660	powershell.exe
Token: SeProfSingleProcessPrivilege	2660	powershell.exe
Token: SeIncBasePriorityPrivilege	2660	powershell.exe
Token: SeCreatePagefilePrivilege	2660	powershell.exe
Token: SeBackupPrivilege	2660	powershell.exe
Token: SeRestorePrivilege	2660	powershell.exe
Token: SeShutdownPrivilege	2660	powershell.exe
Token: SeDebugPrivilege	2660	powershell.exe
Token: SeSystemEnvironmentPrivilege	2660	powershell.exe
Token: SeRemoteShutdownPrivilege	2660	powershell.exe
Token: SeUndockPrivilege	2660	powershell.exe
Token: SeManageVolumePrivilege	2660	powershell.exe
Token: 33	2660	powershell.exe
Token: 34	2660	powershell.exe
Token: 35	2660	powershell.exe
Token: 36	2660	powershell.exe
Token: SeShutdownPrivilege	3016	Explorer.EXE
Token: SeCreatePagefilePrivilege	3016	Explorer.EXE
Token: SeShutdownPrivilege	3016	Explorer.EXE
Token: SeCreatePagefilePrivilege	3016	Explorer.EXE
Token: SeShutdownPrivilege	3016	Explorer.EXE
Token: SeCreatePagefilePrivilege	3016	Explorer.EXE
Token: SeShutdownPrivilege	3016	Explorer.EXE
Token: SeCreatePagefilePrivilege	3016	Explorer.EXE
Token: SeShutdownPrivilege	3016	Explorer.EXE
Token: SeCreatePagefilePrivilege	3016	Explorer.EXE
Token: SeShutdownPrivilege	3016	Explorer.EXE
Token: SeCreatePagefilePrivilege	3016	Explorer.EXE

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Explorer.EXErundll32.exe

pid process

3016 Explorer.EXE
3016 Explorer.EXE
3016 Explorer.EXE
3016 Explorer.EXE
3728 rundll32.exe

pid	process
3016	Explorer.EXE
3016	Explorer.EXE
3016	Explorer.EXE
3016	Explorer.EXE
3728	rundll32.exe

Suspicious use of WriteProcessMemory 30 IoCs

Processes:

elder.exeregsvr32.exerundll32.exerundll32.exerundll32.exesvchost.exe

description	pid	process	target process
PID 3816 wrote to memory of 3892	3816	elder.exe	regsvr32.exe
PID 3816 wrote to memory of 3892	3816	elder.exe	regsvr32.exe
PID 3816 wrote to memory of 3892	3816	elder.exe	regsvr32.exe
PID 3892 wrote to memory of 3276	3892	regsvr32.exe	rundll32.exe
PID 3892 wrote to memory of 3276	3892	regsvr32.exe	rundll32.exe
PID 3892 wrote to memory of 3276	3892	regsvr32.exe	rundll32.exe
PID 3276 wrote to memory of 3372	3276	rundll32.exe	rundll32.exe
PID 3276 wrote to memory of 3372	3276	rundll32.exe	rundll32.exe
PID 3276 wrote to memory of 3372	3276	rundll32.exe	rundll32.exe
PID 3372 wrote to memory of 3388	3372	rundll32.exe	rundll32.exe
PID 3372 wrote to memory of 3388	3372	rundll32.exe	rundll32.exe
PID 3388 wrote to memory of 3728	3388	rundll32.exe	rundll32.exe
PID 3388 wrote to memory of 3728	3388	rundll32.exe	rundll32.exe
PID 3388 wrote to memory of 3728	3388	rundll32.exe	rundll32.exe
PID 3388 wrote to memory of 3624	3388	rundll32.exe	RUNDLL32.EXE
PID 3388 wrote to memory of 3624	3388	rundll32.exe	RUNDLL32.EXE
PID 3388 wrote to memory of 3024	3388	rundll32.exe	powershell.exe
PID 3388 wrote to memory of 3024	3388	rundll32.exe	powershell.exe
PID 3388 wrote to memory of 2660	3388	rundll32.exe	powershell.exe
PID 3388 wrote to memory of 2660	3388	rundll32.exe	powershell.exe
PID 1956 wrote to memory of 1560	1956	svchost.exe	rundll32.exe
PID 1956 wrote to memory of 1560	1956	svchost.exe	rundll32.exe
PID 1956 wrote to memory of 1560	1956	svchost.exe	rundll32.exe
PID 1956 wrote to memory of 552	1956	svchost.exe	winlogon.exe
PID 1956 wrote to memory of 1008	1956	svchost.exe	RUNDLL32.EXE
PID 1956 wrote to memory of 1008	1956	svchost.exe	RUNDLL32.EXE
PID 1956 wrote to memory of 3016	1956	svchost.exe	Explorer.EXE
PID 1956 wrote to memory of 3900	1956	svchost.exe	rundll32.exe
PID 1956 wrote to memory of 3900	1956	svchost.exe	rundll32.exe
PID 1956 wrote to memory of 3900	1956	svchost.exe	rundll32.exe

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
- Executes dropped EXE
PID:552

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3016

C:\Users\Admin\AppData\Local\Temp\elder.exe
"C:\Users\Admin\AppData\Local\Temp\elder.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:3816

C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\AppData\Local\Temp\elder.dll f1 C:\Users\Admin\AppData\Local\Temp\elder.exe@3816
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3892

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\elder.dll,f0
4⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3276

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\\rundll32.exe C:\PROGRA~3\2CA82EF5\17B28D8B.dll,f1 C:\Users\Admin\AppData\Local\Temp\elder.dll@3276
5⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3372

C:\Windows\system32\rundll32.exe
C:\Windows\system32\\rundll32.exe C:\PROGRA~3\2CA82EF5\17B28D8B.dll,f1 C:\Users\Admin\AppData\Local\Temp\elder.dll@3276
6⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3388

C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\rundll32.exe C:\ProgramData\2CA82EF5\BDE42FC5.dll,f2 F709AA619059A3AAB3E71D0ADA462372
7⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3728

C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\RUNDLL32.EXE C:\ProgramData\2CA82EF5\17B28D8B.dll,f2 1FCAAAC36182D72B5B244331A7421701
7⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3624

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:\ProgramData\2CA82EF5\BDE42FC5.dll
7⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3024

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath C:\ProgramData\2CA82EF5\17B28D8B.dll
7⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2660

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1956

C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\rundll32.exe C:\ProgramData\2CA82EF5\BDE42FC5.dll,f3
2⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1560

C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\RUNDLL32.EXE C:\ProgramData\2CA82EF5\17B28D8B.dll,f7
2⤵
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:1008

C:\Windows\syswow64\rundll32.exe
C:\Windows\syswow64\rundll32.exe C:\ProgramData\2CA82EF5\BDE42FC5.dll,f2 E48E292D52AA1264BCBA6B30A9CB2113
2⤵
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:3900

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\2CA82EF5\17B28D8B.dll
MD5
049a9ef516288edff9214010d41da5d3

SHA1
822b09db98b61411076e87387e0e2ac268455048

SHA256
d446430161874c8d5b53ee69d2d6c51dd95c98419dcd734f208eee4feaa78c02

SHA512
64290d45252ee44fad657e259d8d5df045e4b60c9a251528494b39928177b8e25f7d846e3c5c34e6872e8b846ad1037bef5713e49ca96e7ffd0c8f127c17a621

Download Submit
C:\ProgramData\2CA82EF5\7F59E723
MD5
50b75ae13c4480073db70ea1ed791258

SHA1
8ce19f3c74d9796e03fb1ddadfa6218a3824c73c

SHA256
94a92ae4fc84e252dae33a4f2fe4cdb028cc00ffc1d53cea0e82beef55ce934f

SHA512
03f0de88e77f81ec9e3424d00cbfe689317a126f3f48a190c6c8c08fc39d4685f74e6431920cafbe22bc336ae07a121f0e78b4b05f096c946f00d740af43e918

Download Submit
C:\ProgramData\2CA82EF5\BDE42FC5.dll
MD5
165e9d7bec6bf992cc1399043167b20f

SHA1
3d6ad3b0e398b055051410276da0a965713ed12b

SHA256
ae951f374346fc7573f9dc39c286823642fcc040b636a8391200f35a6bebe448

SHA512
8d9015838bc3b015744c257755855a6f1b54e9cc49f9b3eed6df7cbef444ee45a71b0c40fc8204ac6efb34a3bbef68e8a43a94e7c2cfca88f7f746913b145464

Download Submit
C:\ProgramData\2CA82EF5\BFBD646A
MD5
4d243ad06ef586349739b2d8f27b5467

SHA1
e65daebf79ac57c9f3178c813f352064898f4c74

SHA256
b0da2b0507264e70a5a454d2dbb2a3f14f455927e7b4ac8f8be82c24d8855fc3

SHA512
2e8d6627c04b1d42363c8f345154620811b915b4432cd23b37cbf624c1cfe0d7b6354312efc7189fa9705faff68524c906fe65f842affdcd61c571327a337784

Download Submit
C:\ProgramData\2CA82EF5\C4D439C8\97E9A489061373C343F3F358449F41AE
MD5
d865025c9f6b2984256cc4e6e516b571

SHA1
233107c3860e64ddf51ba867802318cf2161be32

SHA256
136f1b8512651b05616a3903c1e617f252e2aa8e622782a82b58098301446274

SHA512
4bb468a4615be6876ce15aaabcbf563b83cfd4ff79140571c891b7645b83b00d2d53a0e870d0c882e8216e4c031ef2df9d80d9365b75e220c8d2ad87674474bb

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9dfa6c25faf75111cccb122d8e6cb9a2_18823ca4-5761-4226-8787-cf36135f1c68
MD5
2ab0ff1e6063c9995f6a2158ae24a112

SHA1
3260f9c052209be5d925424fd0e22090a8a10709

SHA256
e30bc899168f08aa19db0f694490bc93eca4e3b67e1f6d8c97fc2938a13a7015

SHA512
095f818ebce6d4ec643625957c54fbf09437a22172de33f4a0db518f313a300786f05f4015cf4fca9d24576950a5afe7357b1cc91c60a40fa74e229d504c1921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
MD5
8592ba100a78835a6b94d5949e13dfc1

SHA1
63e901200ab9a57c7dd4c078d7f75dcd3b357020

SHA256
fdd7d9def6f9f0c0f2e60dbc8a2d1999071cd7d3095e9e087bb1cda7a614ac3c

SHA512
87f98e6cb61b2a2a7d65710c4d33881d89715eb7a06e00d492259f35c3902498baabffc5886be0ec5a14312ad4c262e3fc40cd3a5cb91701af0fb229726b88c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
MD5
a2d6752b43a4d2cc4cce13c01f9bf044

SHA1
5d9394d2b91750d25d0d3580a485c7322b33cc04

SHA256
92d93d3257329f324b28816d790f64489c4b743e5f65818fdf617d8abb98b6d2

SHA512
94720506059510690b8ac50452e41ac4907bdbe8445f9cafdb69ffc4358e45564a48e548d677ee5f798a3e36a0d67b9a8fae642df059ecf0a6d12abd69d46e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\elder.dll
MD5
f44d1c7820bb02b486871ba9eab2f226

SHA1
d040d7b886002f37924536425b43091f21a3844b

SHA256
24bba101da3da6aefc2b1d454ede986180a5ac31c00ec601cc2d6827b00b26c2

SHA512
b633e8f09b12178da24e4dbd022289d4fdf0061175cd685e8357cef51183247da436deb81fd3672f8839b581428c3c46547c5dd3fcf4f726bc72dc070fc02baf

Download Submit
\PROGRA~3\2CA82EF5\17B28D8B.dll
MD5
049a9ef516288edff9214010d41da5d3

SHA1
822b09db98b61411076e87387e0e2ac268455048

SHA256
d446430161874c8d5b53ee69d2d6c51dd95c98419dcd734f208eee4feaa78c02

SHA512
64290d45252ee44fad657e259d8d5df045e4b60c9a251528494b39928177b8e25f7d846e3c5c34e6872e8b846ad1037bef5713e49ca96e7ffd0c8f127c17a621

Download Submit
\PROGRA~3\2CA82EF5\17B28D8B.dll
MD5
049a9ef516288edff9214010d41da5d3

SHA1
822b09db98b61411076e87387e0e2ac268455048

SHA256
d446430161874c8d5b53ee69d2d6c51dd95c98419dcd734f208eee4feaa78c02

SHA512
64290d45252ee44fad657e259d8d5df045e4b60c9a251528494b39928177b8e25f7d846e3c5c34e6872e8b846ad1037bef5713e49ca96e7ffd0c8f127c17a621

Download Submit
\PROGRA~3\2CA82EF5\17B28D8B.dll
MD5
049a9ef516288edff9214010d41da5d3

SHA1
822b09db98b61411076e87387e0e2ac268455048

SHA256
d446430161874c8d5b53ee69d2d6c51dd95c98419dcd734f208eee4feaa78c02

SHA512
64290d45252ee44fad657e259d8d5df045e4b60c9a251528494b39928177b8e25f7d846e3c5c34e6872e8b846ad1037bef5713e49ca96e7ffd0c8f127c17a621

Download Submit
\PROGRA~3\2CA82EF5\17B28D8B.dll
MD5
049a9ef516288edff9214010d41da5d3

SHA1
822b09db98b61411076e87387e0e2ac268455048

SHA256
d446430161874c8d5b53ee69d2d6c51dd95c98419dcd734f208eee4feaa78c02

SHA512
64290d45252ee44fad657e259d8d5df045e4b60c9a251528494b39928177b8e25f7d846e3c5c34e6872e8b846ad1037bef5713e49ca96e7ffd0c8f127c17a621

Download Submit
\PROGRA~3\2CA82EF5\17B28D8B.dll
MD5
049a9ef516288edff9214010d41da5d3

SHA1
822b09db98b61411076e87387e0e2ac268455048

SHA256
d446430161874c8d5b53ee69d2d6c51dd95c98419dcd734f208eee4feaa78c02

SHA512
64290d45252ee44fad657e259d8d5df045e4b60c9a251528494b39928177b8e25f7d846e3c5c34e6872e8b846ad1037bef5713e49ca96e7ffd0c8f127c17a621

Download Submit
\PROGRA~3\2CA82EF5\17B28D8B.dll
MD5
049a9ef516288edff9214010d41da5d3

SHA1
822b09db98b61411076e87387e0e2ac268455048

SHA256
d446430161874c8d5b53ee69d2d6c51dd95c98419dcd734f208eee4feaa78c02

SHA512
64290d45252ee44fad657e259d8d5df045e4b60c9a251528494b39928177b8e25f7d846e3c5c34e6872e8b846ad1037bef5713e49ca96e7ffd0c8f127c17a621

Download Submit
\PROGRA~3\2CA82EF5\17B28D8B.dll
MD5
049a9ef516288edff9214010d41da5d3

SHA1
822b09db98b61411076e87387e0e2ac268455048

SHA256
d446430161874c8d5b53ee69d2d6c51dd95c98419dcd734f208eee4feaa78c02

SHA512
64290d45252ee44fad657e259d8d5df045e4b60c9a251528494b39928177b8e25f7d846e3c5c34e6872e8b846ad1037bef5713e49ca96e7ffd0c8f127c17a621

Download Submit
\ProgramData\2CA82EF5\BDE42FC5.dll
MD5
165e9d7bec6bf992cc1399043167b20f

SHA1
3d6ad3b0e398b055051410276da0a965713ed12b

SHA256
ae951f374346fc7573f9dc39c286823642fcc040b636a8391200f35a6bebe448

SHA512
8d9015838bc3b015744c257755855a6f1b54e9cc49f9b3eed6df7cbef444ee45a71b0c40fc8204ac6efb34a3bbef68e8a43a94e7c2cfca88f7f746913b145464

Download Submit
\ProgramData\2CA82EF5\BDE42FC5.dll
MD5
165e9d7bec6bf992cc1399043167b20f

SHA1
3d6ad3b0e398b055051410276da0a965713ed12b

SHA256
ae951f374346fc7573f9dc39c286823642fcc040b636a8391200f35a6bebe448

SHA512
8d9015838bc3b015744c257755855a6f1b54e9cc49f9b3eed6df7cbef444ee45a71b0c40fc8204ac6efb34a3bbef68e8a43a94e7c2cfca88f7f746913b145464

Download Submit
\ProgramData\2CA82EF5\BDE42FC5.dll
MD5
165e9d7bec6bf992cc1399043167b20f

SHA1
3d6ad3b0e398b055051410276da0a965713ed12b

SHA256
ae951f374346fc7573f9dc39c286823642fcc040b636a8391200f35a6bebe448

SHA512
8d9015838bc3b015744c257755855a6f1b54e9cc49f9b3eed6df7cbef444ee45a71b0c40fc8204ac6efb34a3bbef68e8a43a94e7c2cfca88f7f746913b145464

Download Submit
\ProgramData\2CA82EF5\BDE42FC5.dll
MD5
165e9d7bec6bf992cc1399043167b20f

SHA1
3d6ad3b0e398b055051410276da0a965713ed12b

SHA256
ae951f374346fc7573f9dc39c286823642fcc040b636a8391200f35a6bebe448

SHA512
8d9015838bc3b015744c257755855a6f1b54e9cc49f9b3eed6df7cbef444ee45a71b0c40fc8204ac6efb34a3bbef68e8a43a94e7c2cfca88f7f746913b145464

Download Submit
\Users\Admin\AppData\Local\Temp\elder.dll
MD5
f44d1c7820bb02b486871ba9eab2f226

SHA1
d040d7b886002f37924536425b43091f21a3844b

SHA256
24bba101da3da6aefc2b1d454ede986180a5ac31c00ec601cc2d6827b00b26c2

SHA512
b633e8f09b12178da24e4dbd022289d4fdf0061175cd685e8357cef51183247da436deb81fd3672f8839b581428c3c46547c5dd3fcf4f726bc72dc070fc02baf

Download Submit
\Users\Admin\AppData\Local\Temp\elder.dll
MD5
f44d1c7820bb02b486871ba9eab2f226

SHA1
d040d7b886002f37924536425b43091f21a3844b

SHA256
24bba101da3da6aefc2b1d454ede986180a5ac31c00ec601cc2d6827b00b26c2

SHA512
b633e8f09b12178da24e4dbd022289d4fdf0061175cd685e8357cef51183247da436deb81fd3672f8839b581428c3c46547c5dd3fcf4f726bc72dc070fc02baf

Download Submit
\Users\Admin\AppData\Local\Temp\elder.dll
MD5
f44d1c7820bb02b486871ba9eab2f226

SHA1
d040d7b886002f37924536425b43091f21a3844b

SHA256
24bba101da3da6aefc2b1d454ede986180a5ac31c00ec601cc2d6827b00b26c2

SHA512
b633e8f09b12178da24e4dbd022289d4fdf0061175cd685e8357cef51183247da436deb81fd3672f8839b581428c3c46547c5dd3fcf4f726bc72dc070fc02baf

Download Submit
memory/552-61-0x0000021677000000-0x0000021677140000-memory.dmp

Filesize
1.2MB

Download
memory/552-55-0x0000021676D80000-0x0000021676FFE000-memory.dmp

Filesize
2.5MB

Download
memory/552-64-0x0000021677000000-0x0000021677140000-memory.dmp

Filesize
1.2MB

Download
memory/1008-59-0x0000000000000000-mapping.dmp

Download
memory/1008-66-0x0000025E3D970000-0x0000025E3DBEE000-memory.dmp

Filesize
2.5MB

Download
memory/1560-57-0x00000000050C0000-0x0000000005250000-memory.dmp

Filesize
1.6MB

Download
memory/1560-47-0x0000000000000000-mapping.dmp

Download
memory/1956-90-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-795-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-360-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-447-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-449-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-46-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-554-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-48-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-556-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-51-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-30-0x000002284A280000-0x000002284A4FE000-memory.dmp

Filesize
2.5MB

Download
memory/1956-682-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-786-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-788-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-789-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-791-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-257-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-255-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-792-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-793-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-67-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-68-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-69-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-70-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-187-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-186-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-797-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-798-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-811-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-76-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-77-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-888-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-818-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-81-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-82-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-875-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-819-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-85-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-820-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-87-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/1956-874-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-89-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-358-0x000002284A800000-0x000002284A801000-memory.dmp

Filesize
4KB

Download
memory/1956-821-0x000002284B000000-0x000002284B001000-memory.dmp

Filesize
4KB

Download
memory/2660-29-0x00007FF9A7CB0000-0x00007FF9A869C000-memory.dmp

Filesize
9.9MB

Download
memory/2660-24-0x0000000000000000-mapping.dmp

Download
memory/3016-73-0x0000000005960000-0x0000000005AA0000-memory.dmp

Filesize
1.2MB

Download
memory/3016-72-0x0000000006EC0000-0x000000000713E000-memory.dmp

Filesize
2.5MB

Download
memory/3016-74-0x0000000005960000-0x0000000005AA0000-memory.dmp

Filesize
1.2MB

Download
memory/3024-23-0x0000000000000000-mapping.dmp

Download
memory/3024-28-0x00007FF9A7CB0000-0x00007FF9A869C000-memory.dmp

Filesize
9.9MB

Download
memory/3024-43-0x000002842E620000-0x000002842E621000-memory.dmp

Filesize
4KB

Download
memory/3024-45-0x0000028431140000-0x0000028431141000-memory.dmp

Filesize
4KB

Download
memory/3276-6-0x0000000000000000-mapping.dmp

Download
memory/3372-8-0x0000000000000000-mapping.dmp

Download
memory/3388-11-0x0000000000000000-mapping.dmp

Download
memory/3388-14-0x000002B314830000-0x000002B314AAE000-memory.dmp

Filesize
2.5MB

Download
memory/3624-35-0x000001FA4D020000-0x000001FA4D021000-memory.dmp

Filesize
4KB

Download
memory/3624-41-0x0000000000400000-0x000000000067E000-memory.dmp

Filesize
2.5MB

Download
memory/3624-19-0x0000000000000000-mapping.dmp

Download
memory/3624-22-0x000001FA4CB90000-0x000001FA4CE0E000-memory.dmp

Filesize
2.5MB

Download
memory/3624-27-0x000001FA4D140000-0x000001FA4D4C2000-memory.dmp

Filesize
3.5MB

Download
memory/3728-26-0x0000000004C70000-0x000000000513E000-memory.dmp

Filesize
4.8MB

Download
memory/3728-53-0x00000000054C0000-0x00000000054C1000-memory.dmp

Filesize
4KB

Download
memory/3728-56-0x00000000054C0000-0x00000000054C1000-memory.dmp

Filesize
4KB

Download
memory/3728-21-0x00000000047D0000-0x0000000004960000-memory.dmp

Filesize
1.6MB

Download
memory/3728-15-0x0000000000000000-mapping.dmp

Download
memory/3816-1-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/3892-2-0x0000000000000000-mapping.dmp

Download
memory/3900-445-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-575-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-274-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-275-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-276-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-277-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-278-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-279-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-280-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-281-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-282-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-283-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-284-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-285-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-286-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-287-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-288-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-289-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-290-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-291-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-292-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-293-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-294-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-295-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-296-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-297-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-298-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-299-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-300-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-301-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-302-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-303-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-304-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-305-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-306-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-307-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-308-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-309-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-310-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-311-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-312-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-313-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-314-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-315-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-316-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-317-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-318-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-319-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-320-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-321-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-322-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-323-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-324-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-325-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-326-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-327-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-328-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-329-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-330-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-331-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-333-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-334-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-335-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-336-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-337-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-338-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-339-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-340-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-341-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-342-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-343-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-344-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-345-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-346-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-347-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-348-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-349-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-350-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-351-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-352-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-353-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-354-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-355-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-356-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-357-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-272-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-359-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-271-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-361-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-362-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-363-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-364-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-365-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-366-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-367-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-368-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-369-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-370-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-371-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-373-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-372-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-374-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-375-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-376-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-377-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-378-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-379-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-380-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-381-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-382-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-383-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-384-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-385-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-386-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-387-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-388-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-389-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-390-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-391-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-392-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-393-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-394-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-395-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-396-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-397-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-398-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-399-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-400-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-401-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-402-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-403-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-404-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-405-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-406-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-407-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-408-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-409-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-410-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-411-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-412-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-413-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-414-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-415-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-416-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-417-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-418-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-419-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-420-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-421-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-422-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-423-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-424-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-425-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-426-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-427-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-428-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-429-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-430-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-431-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-432-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-433-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-434-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-435-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-436-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-437-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-438-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-439-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-440-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-441-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-442-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-443-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-444-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-270-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-446-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-269-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-448-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-268-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-450-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-451-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-452-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-453-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-454-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-455-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-456-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-457-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-458-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-459-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-460-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-461-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-462-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-463-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-464-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-465-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-466-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-467-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-468-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-469-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-470-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-471-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-472-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-473-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-474-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-475-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-476-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-477-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-478-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-479-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-480-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-482-0x00000000049B0000-0x00000000049B1000-memory.dmp

Filesize
4KB

Download
memory/3900-483-0x00000000051B0000-0x00000000051B1000-memory.dmp

Filesize
4KB

Download
memory/3900-484-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-485-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-522-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-267-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-555-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-266-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-568-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-569-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-570-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-571-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-572-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-573-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-574-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-273-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-576-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-577-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-578-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-579-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-580-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-581-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-582-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-583-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-584-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-585-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-586-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-587-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-588-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-589-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-590-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-591-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-592-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-593-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-594-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-595-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-596-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-597-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-598-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-599-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-600-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-601-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-602-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-603-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-604-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-605-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-606-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-607-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-608-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-609-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-610-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-611-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-612-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-613-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-614-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-615-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-616-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-617-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-618-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-619-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-620-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-621-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-622-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-623-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-624-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-625-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-626-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-627-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-628-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-629-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-630-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-631-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-632-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-633-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-634-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-635-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-636-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-637-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-638-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-639-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-641-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-642-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-643-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-644-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-645-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-646-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-647-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-648-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-649-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-650-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-651-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-652-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-653-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-654-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-655-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-656-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-657-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-658-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-659-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-660-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-661-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-662-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-663-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-664-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-665-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-666-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-667-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-668-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-669-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-670-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-671-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-672-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-673-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-674-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-675-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-676-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-677-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-678-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-679-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-680-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-265-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-683-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-684-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-685-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-686-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-687-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-688-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-689-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-690-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-691-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-692-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-693-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-694-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-695-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-696-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-697-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-698-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-699-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-700-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-701-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-702-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-703-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-704-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-705-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-706-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-707-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-708-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-709-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-710-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-711-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-712-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-713-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-714-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-715-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-716-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-717-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-718-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-719-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-720-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-721-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-722-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-723-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-724-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-725-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-726-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-727-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-728-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-729-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-730-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-731-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-732-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-733-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-734-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-735-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-736-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-737-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-738-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-739-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-740-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-741-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-742-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-743-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-744-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-745-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-746-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-747-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-748-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-749-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-750-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-751-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-752-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-753-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-754-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-755-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-756-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-757-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-758-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-759-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-760-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-761-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-762-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-763-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-764-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-765-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-766-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-767-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-768-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-769-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-770-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-771-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-772-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-773-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-774-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-775-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-776-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-777-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-778-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-779-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-780-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-781-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-782-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-783-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-264-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-263-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-262-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-261-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-260-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-225-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-200-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-197-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-176-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-174-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-170-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-166-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-93-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/3900-92-0x00000000051B0000-0x00000000051B1000-memory.dmp

Filesize
4KB

Download
memory/3900-91-0x00000000049B0000-0x00000000049B1000-memory.dmp

Filesize
4KB

Download
memory/3900-88-0x0000000003B60000-0x0000000004406000-memory.dmp

Filesize
8.6MB

Download
memory/3900-83-0x0000000003890000-0x0000000003A20000-memory.dmp

Filesize
1.6MB

Download
memory/3900-79-0x0000000000000000-mapping.dmp

Download