Malware Analysis Report

2024-11-15 07:52

Sample ID 201127-dxp3p1wyxe
Target 161120.exe
SHA256 1a78aaf6aae3b9d9a32dc6c8cfe9182043f71a3d44e727464ab95a70fc24bbe8
Tags
smokeloader backdoor spyware trojan qakbot tr01 1604997522 banker stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1a78aaf6aae3b9d9a32dc6c8cfe9182043f71a3d44e727464ab95a70fc24bbe8

Threat Level: Known bad

The file 161120.exe was found to be: Known bad.

Malicious Activity Summary

smokeloader backdoor spyware trojan qakbot tr01 1604997522 banker stealer

Qakbot/Qbot

SmokeLoader

Executes dropped EXE

Deletes itself

Reads user/profile data of web browsers

Loads dropped DLL

Suspicious use of UnmapMainImage

Suspicious behavior: MapViewOfSection

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2020-11-27 19:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2020-11-27 19:29

Reported

2020-11-27 19:31

Platform

win7v20201028

Max time kernel

151s

Max time network

109s

Command Line

"C:\Users\Admin\AppData\Local\Temp\161120.exe"

Signatures

SmokeLoader

trojan backdoor smokeloader

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\161120.exe N/A

Reads user/profile data of web browsers

spyware

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\161120.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1248 wrote to memory of 1296 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1296 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1296 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1296 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1296 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1644 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1644 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1644 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1644 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1844 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1844 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1844 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1844 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1844 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1512 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1512 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1512 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1512 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1512 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1144 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1144 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1144 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1144 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1532 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1532 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1532 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1532 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1532 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 316 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 316 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 316 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 316 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1816 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1272 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1272 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1272 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1272 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1336 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1336 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1336 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1336 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1336 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1636 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1636 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1636 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1636 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1636 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 660 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 660 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 660 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 660 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 660 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1760 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1760 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1760 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1760 N/A N/A C:\Windows\explorer.exe
PID 1248 wrote to memory of 1084 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1084 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1084 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1084 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 1248 wrote to memory of 1084 N/A N/A C:\Windows\SysWOW64\explorer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\161120.exe

"C:\Users\Admin\AppData\Local\Temp\161120.exe"

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 cent.live udp
N/A 185.99.133.204:80 cent.live tcp
N/A 8.8.8.8:53 duwayainvestment.com udp
N/A 108.167.140.194:443 duwayainvestment.com tcp
N/A 108.167.140.194:443 duwayainvestment.com tcp

Files

memory/1696-2-0x0000000006050000-0x0000000006061000-memory.dmp

\Users\Admin\AppData\Local\Temp\554B.tmp

MD5 d124f55b9393c976963407dff51ffa79
SHA1 2c7bbedd79791bfb866898c85b504186db610b5d
SHA256 ea1e16247c848c8c171c4cd1fa17bc5a018a1fcb0c0dac25009066b6667b8eef
SHA512 278fe3a4b1fbbe700e4f4483b610133e975e36e101455661d5197bd892a68839b9d555499040d200c92aefa9e3819380e395c0cd85d5fc845c6364d128a8cf06

memory/1248-4-0x0000000002B20000-0x0000000002B35000-memory.dmp

memory/1296-5-0x0000000000000000-mapping.dmp

memory/1296-6-0x00000000003C0000-0x000000000042B000-memory.dmp

memory/1296-7-0x0000000000430000-0x00000000004A5000-memory.dmp

memory/1644-14-0x0000000000000000-mapping.dmp

memory/1644-16-0x0000000000070000-0x0000000000077000-memory.dmp

memory/1644-15-0x0000000000060000-0x000000000006C000-memory.dmp

memory/1248-46-0x0000000002B60000-0x0000000002B67000-memory.dmp

memory/816-48-0x0000000000000000-mapping.dmp

memory/816-49-0x0000000000080000-0x0000000000089000-memory.dmp

memory/816-50-0x0000000000090000-0x0000000000094000-memory.dmp

memory/1248-106-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1844-107-0x0000000000000000-mapping.dmp

memory/1248-105-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1844-109-0x0000000000090000-0x000000000009A000-memory.dmp

memory/1844-108-0x0000000000080000-0x000000000008B000-memory.dmp

memory/1512-158-0x0000000000000000-mapping.dmp

memory/1512-168-0x0000000000110000-0x0000000000117000-memory.dmp

memory/1512-166-0x0000000000080000-0x000000000008B000-memory.dmp

memory/1144-283-0x0000000000000000-mapping.dmp

memory/1144-285-0x0000000000070000-0x0000000000079000-memory.dmp

memory/1144-284-0x0000000000060000-0x000000000006E000-memory.dmp

memory/1248-288-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-294-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-298-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-304-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-308-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-312-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-316-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-320-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-324-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-330-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-334-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-337-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-340-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-342-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-345-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1532-347-0x0000000000090000-0x0000000000095000-memory.dmp

memory/1248-348-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1532-344-0x0000000000080000-0x0000000000089000-memory.dmp

memory/1532-338-0x0000000000000000-mapping.dmp

memory/1248-328-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-326-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-322-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-318-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-314-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-310-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-306-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-302-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-300-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-296-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-292-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-290-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/1248-444-0x0000000002B60000-0x0000000002B64000-memory.dmp

memory/316-445-0x0000000000000000-mapping.dmp

memory/316-447-0x0000000000070000-0x0000000000076000-memory.dmp

memory/316-446-0x0000000000060000-0x000000000006C000-memory.dmp

memory/1816-516-0x0000000000000000-mapping.dmp

memory/1816-519-0x0000000000080000-0x0000000000089000-memory.dmp

memory/1816-521-0x0000000000090000-0x0000000000094000-memory.dmp

memory/1272-571-0x0000000000000000-mapping.dmp

memory/1272-576-0x0000000000060000-0x0000000000069000-memory.dmp

memory/1272-579-0x0000000000070000-0x0000000000075000-memory.dmp

memory/1248-599-0x0000000002B70000-0x0000000002B7B000-memory.dmp

memory/1248-603-0x0000000002B70000-0x0000000002B7B000-memory.dmp

memory/1336-606-0x0000000000000000-mapping.dmp

memory/1336-611-0x00000000000C0000-0x00000000000E7000-memory.dmp

memory/1336-614-0x00000000000F0000-0x0000000000112000-memory.dmp

memory/1636-661-0x0000000000000000-mapping.dmp

memory/1636-662-0x00000000000C0000-0x00000000000C9000-memory.dmp

memory/1636-663-0x00000000000D0000-0x00000000000D5000-memory.dmp

memory/1248-665-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-666-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-668-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-667-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-669-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-670-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-671-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-672-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-673-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-698-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-697-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-696-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-695-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-694-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-693-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-692-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-691-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-690-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-689-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-688-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-687-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-686-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-685-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-684-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-683-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-682-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-681-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-680-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-679-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-678-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-677-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-676-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-675-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-674-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-739-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/1248-740-0x0000000002B60000-0x0000000002B65000-memory.dmp

memory/660-741-0x0000000000000000-mapping.dmp

memory/660-742-0x0000000000080000-0x000000000008B000-memory.dmp

memory/660-743-0x0000000000090000-0x0000000000096000-memory.dmp

memory/1248-823-0x0000000002B60000-0x0000000002B66000-memory.dmp

memory/1760-824-0x0000000000000000-mapping.dmp

memory/1248-822-0x0000000002B60000-0x0000000002B66000-memory.dmp

memory/1760-825-0x0000000000060000-0x000000000006D000-memory.dmp

memory/1760-826-0x0000000000070000-0x0000000000077000-memory.dmp

memory/1248-907-0x0000000002B60000-0x0000000002B67000-memory.dmp

memory/1084-908-0x0000000000000000-mapping.dmp

memory/1084-910-0x0000000000080000-0x000000000008B000-memory.dmp

memory/1084-912-0x0000000000090000-0x0000000000098000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2020-11-27 19:29

Reported

2020-11-27 19:31

Platform

win10v20201028

Max time kernel

151s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\161120.exe"

Signatures

Qakbot/Qbot

trojan banker stealer qakbot

SmokeLoader

trojan backdoor smokeloader

Deletes itself

Description Indicator Process Target
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\161120.exe N/A

Reads user/profile data of web browsers

spyware

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3394.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\161120.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3016 wrote to memory of 4012 N/A N/A C:\Users\Admin\AppData\Local\Temp\3394.exe
PID 3016 wrote to memory of 4012 N/A N/A C:\Users\Admin\AppData\Local\Temp\3394.exe
PID 3016 wrote to memory of 4012 N/A N/A C:\Users\Admin\AppData\Local\Temp\3394.exe
PID 3016 wrote to memory of 208 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 208 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 208 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 208 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 2232 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 2232 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 2232 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 636 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 636 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 636 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 636 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3056 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3056 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3056 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3056 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1736 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1736 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1736 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1736 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 4012 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\3394.exe C:\Users\Admin\AppData\Local\Temp\3394.exe
PID 4012 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\3394.exe C:\Users\Admin\AppData\Local\Temp\3394.exe
PID 4012 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\3394.exe C:\Users\Admin\AppData\Local\Temp\3394.exe
PID 3016 wrote to memory of 3144 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 3144 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 3144 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 1336 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1336 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1336 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1336 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3452 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 3452 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 3452 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 1532 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1532 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1532 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1532 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 2656 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 2656 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 2656 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 3392 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3392 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3392 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3392 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 2164 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 2164 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 2164 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 2164 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1204 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1204 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1204 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 1204 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3232 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 3232 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 3232 N/A N/A C:\Windows\explorer.exe
PID 3016 wrote to memory of 3976 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3976 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3976 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 3016 wrote to memory of 3976 N/A N/A C:\Windows\SysWOW64\explorer.exe
PID 4012 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\3394.exe C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe
PID 4012 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\3394.exe C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe
PID 4012 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\3394.exe C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe
PID 4012 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\3394.exe C:\Windows\SysWOW64\schtasks.exe
PID 4012 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\3394.exe C:\Windows\SysWOW64\schtasks.exe
PID 4012 wrote to memory of 3448 N/A C:\Users\Admin\AppData\Local\Temp\3394.exe C:\Windows\SysWOW64\schtasks.exe
PID 3908 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe
PID 3908 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe
PID 3908 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe
PID 3908 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe C:\Windows\SysWOW64\explorer.exe
PID 3908 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe C:\Windows\SysWOW64\explorer.exe
PID 3908 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe C:\Windows\SysWOW64\explorer.exe
PID 3908 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe C:\Windows\SysWOW64\explorer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\161120.exe

"C:\Users\Admin\AppData\Local\Temp\161120.exe"

C:\Users\Admin\AppData\Local\Temp\3394.exe

C:\Users\Admin\AppData\Local\Temp\3394.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Users\Admin\AppData\Local\Temp\3394.exe

C:\Users\Admin\AppData\Local\Temp\3394.exe /C

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn mpuarlxnea /tr "\"C:\Users\Admin\AppData\Local\Temp\3394.exe\" /I mpuarlxnea" /SC ONCE /Z /ST 20:29 /ET 20:41

C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe /C

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 cent.live udp
N/A 185.99.133.204:80 cent.live tcp
N/A 8.8.8.8:53 duwayainvestment.com udp
N/A 108.167.140.194:443 duwayainvestment.com tcp
N/A 185.99.133.204:80 cent.live tcp

Files

memory/492-2-0x00000000065A0000-0x00000000065A1000-memory.dmp

\Users\Admin\AppData\Local\Temp\554B.tmp

MD5 50741b3f2d7debf5d2bed63d88404029
SHA1 56210388a627b926162b36967045be06ffb1aad3
SHA256 f2f8732ae464738372ff274b7e481366cecdd2337210d4a3cbcd089c958a730c
SHA512 fac6bfe35b1ee08b3d42d330516a260d9cdb4a90bbb0491411a583029b92a59d20af3552372ea8fb3f59442b3945bf524ef284127f397ae7179467080be8e9b3

memory/3016-4-0x0000000000E30000-0x0000000000E45000-memory.dmp

memory/4012-5-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\3394.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

C:\Users\Admin\AppData\Local\Temp\3394.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

memory/3016-8-0x0000000002F40000-0x0000000002FB5000-memory.dmp

memory/208-9-0x0000000000000000-mapping.dmp

memory/208-10-0x0000000000550000-0x00000000005BB000-memory.dmp

memory/3016-12-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/2232-15-0x0000000000000000-mapping.dmp

memory/2232-20-0x0000000000BC0000-0x0000000000BCC000-memory.dmp

memory/2232-22-0x0000000000BD0000-0x0000000000BD7000-memory.dmp

memory/636-49-0x0000000000000000-mapping.dmp

memory/636-54-0x00000000032A0000-0x00000000032A4000-memory.dmp

memory/636-53-0x0000000003290000-0x0000000003299000-memory.dmp

memory/3016-94-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-95-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-96-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-97-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-98-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-99-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-100-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-101-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-102-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-103-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-104-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-105-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-106-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-107-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-108-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-109-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-110-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-111-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-112-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-113-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-114-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-115-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-116-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-117-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-118-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-119-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-120-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-121-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-122-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-124-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-123-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-125-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-126-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-127-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-128-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-129-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-130-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-131-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-132-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-133-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-135-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-134-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-136-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-137-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-138-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-139-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-140-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-141-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-142-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-143-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-144-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-145-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-146-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-147-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-148-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-149-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-150-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-151-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-152-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-153-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-154-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-155-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-156-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-157-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-158-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-159-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-160-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-161-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-162-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-163-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-164-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3056-312-0x0000000000000000-mapping.dmp

memory/3056-314-0x00000000032A0000-0x00000000032AA000-memory.dmp

memory/3056-313-0x0000000003290000-0x000000000329B000-memory.dmp

memory/3016-334-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-337-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-335-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-340-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-342-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-343-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-346-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-350-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-348-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-352-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-354-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-356-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-359-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-360-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-362-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-365-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-366-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-370-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-368-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-374-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-372-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-377-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-378-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-383-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-380-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/2340-391-0x0000000000000000-mapping.dmp

memory/3016-394-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-392-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/1736-390-0x0000000000000000-mapping.dmp

memory/3016-388-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-385-0x0000000000E60000-0x0000000000E6A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3394.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

memory/3016-399-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-401-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/1736-396-0x0000000003260000-0x000000000326B000-memory.dmp

memory/1736-400-0x0000000003270000-0x0000000003277000-memory.dmp

memory/3016-404-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-407-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-409-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-412-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-415-0x0000000000EB0000-0x0000000000EBE000-memory.dmp

memory/3016-419-0x0000000000EA0000-0x0000000000EA9000-memory.dmp

memory/3016-420-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-428-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-431-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-435-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3144-430-0x0000000000FF0000-0x0000000000FFE000-memory.dmp

memory/3144-424-0x0000000000000000-mapping.dmp

memory/3016-423-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-416-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-438-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-442-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-447-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-445-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-452-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-451-0x0000000000EA0000-0x0000000000EA9000-memory.dmp

memory/3016-457-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-462-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-466-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/1336-460-0x0000000000000000-mapping.dmp

memory/3016-471-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/1336-469-0x0000000003290000-0x0000000003299000-memory.dmp

memory/3016-475-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/1336-472-0x00000000032A0000-0x00000000032A5000-memory.dmp

memory/3016-486-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-489-0x0000000000EA0000-0x0000000000EA9000-memory.dmp

memory/3016-482-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-497-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-502-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-490-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3452-511-0x0000000000AF0000-0x0000000000AFC000-memory.dmp

memory/3016-513-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3452-517-0x0000000000B00000-0x0000000000B06000-memory.dmp

memory/3016-518-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-507-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3452-501-0x0000000000000000-mapping.dmp

memory/3016-530-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-524-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-535-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/1532-544-0x0000000000000000-mapping.dmp

memory/3016-548-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-541-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-554-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/1532-563-0x00000000032A0000-0x00000000032A4000-memory.dmp

memory/1532-557-0x0000000003290000-0x0000000003299000-memory.dmp

memory/3016-561-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-574-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-572-0x0000000000EA0000-0x0000000000EA9000-memory.dmp

memory/3016-581-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-589-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/2656-586-0x0000000000000000-mapping.dmp

memory/3016-605-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/2656-608-0x00000000004D0000-0x00000000004D5000-memory.dmp

memory/3016-597-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/3016-629-0x0000000000EA0000-0x0000000000EA9000-memory.dmp

memory/3392-638-0x0000000000000000-mapping.dmp

memory/2656-601-0x00000000004C0000-0x00000000004C9000-memory.dmp

memory/3392-655-0x0000000003290000-0x00000000032B7000-memory.dmp

memory/3392-663-0x00000000032C0000-0x00000000032E2000-memory.dmp

memory/3016-567-0x0000000000E60000-0x0000000000E6A000-memory.dmp

memory/2164-694-0x0000000000000000-mapping.dmp

memory/2164-718-0x00000000005F0000-0x00000000005F5000-memory.dmp

memory/2164-711-0x00000000005E0000-0x00000000005E9000-memory.dmp

memory/1204-745-0x0000000000000000-mapping.dmp

memory/1204-770-0x00000000032A0000-0x00000000032A6000-memory.dmp

memory/2340-777-0x00000000028E0000-0x00000000028E1000-memory.dmp

memory/1204-763-0x0000000003290000-0x000000000329B000-memory.dmp

memory/3232-803-0x0000000000000000-mapping.dmp

memory/3232-820-0x00000000007A0000-0x00000000007AD000-memory.dmp

memory/3232-828-0x00000000007B0000-0x00000000007B7000-memory.dmp

memory/3976-852-0x0000000000000000-mapping.dmp

memory/3976-868-0x00000000009D0000-0x00000000009DB000-memory.dmp

memory/3976-877-0x00000000009E0000-0x00000000009E8000-memory.dmp

memory/3908-929-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

memory/3448-940-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

memory/2196-1245-0x0000000000000000-mapping.dmp

memory/3016-1242-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1249-0x0000000000E60000-0x0000000000E6B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.exe

MD5 ba98119e8d3b219a5ff1d3984a5f1bd0
SHA1 1de245ea6d17394a769da39711d8cde6eea88b4c
SHA256 c4d55748a4499a17b13c62635b1a9137882739afdd05e855f3248b01541747b5
SHA512 589d5ee340c4117227cc0583236d625648d6f185800fee61077066c8b2d4424f3cc84212f8f77e6b3dcbfa3f872ed7264228b29a9ae71de3d6557fc7b917ccb7

memory/3016-1266-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1272-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1253-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1259-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1286-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1280-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1293-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1300-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1307-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1314-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1326-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1320-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1332-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1339-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1346-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1353-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1360-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1368-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1380-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1374-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1386-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1392-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1399-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1407-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1413-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1419-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1433-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1426-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1439-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1452-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1445-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1459-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1473-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1467-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1481-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1489-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1494-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1501-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1508-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1516-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1523-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1527-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1533-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1538-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1547-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1543-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1555-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1565-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1572-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1577-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1560-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1584-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1588-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1594-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1596-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1606-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1601-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1613-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1622-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1627-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1618-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1636-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1641-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1632-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1650-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1646-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1654-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1658-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/2196-1664-0x0000000002880000-0x0000000002881000-memory.dmp

memory/3016-1670-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1666-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3908-1684-0x0000000002240000-0x000000000227A000-memory.dmp

memory/3016-1677-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1675-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1662-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1681-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3328-1689-0x0000000000000000-mapping.dmp

memory/3016-1692-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1686-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1696-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1698-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1703-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-1713-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1715-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1718-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1722-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1729-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1725-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1731-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1727-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1733-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1735-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1736-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1737-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1738-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1739-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1740-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1741-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1742-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1743-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1744-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1745-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1746-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1747-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1748-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1749-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1750-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1751-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1752-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1753-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1754-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1755-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1756-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1757-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1758-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1759-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1760-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1761-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1762-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1763-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1764-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1765-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1766-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1767-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1768-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1769-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1770-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1771-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1772-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1773-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1774-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1775-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1776-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1777-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1778-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1779-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1780-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1781-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1782-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1783-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1784-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1785-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1786-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1787-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1788-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1789-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1790-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1791-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1792-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1793-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1794-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1795-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1796-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1797-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1798-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1799-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1800-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1801-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1802-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1803-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1804-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1805-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1806-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1807-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1892-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1893-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1894-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1895-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1896-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1897-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1899-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1898-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1900-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1901-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1902-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1903-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1904-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1905-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1906-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1907-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1908-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1909-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1910-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1911-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1912-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1913-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1914-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1915-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1916-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1917-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1919-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1920-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1918-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1922-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1921-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1923-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1924-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1925-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1926-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1927-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1928-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1929-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1931-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1932-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1930-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1933-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1934-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1935-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1936-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1937-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1938-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1939-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1940-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1941-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1942-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1943-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1944-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1946-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1947-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1948-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1949-0x0000000000E60000-0x0000000000E6C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Xfldy\yartramt.dat

MD5 8f1a8af50ffcaab836cfdd268a2b8f00
SHA1 6ad4e21ba9f7f5eab7e193fabeef6517de99c0a0
SHA256 cd94932ac4a8fc9b92949e186330171ca045bd251b999c8467e57023f56fd545
SHA512 8ed4348000c92af99e4ef8c859a6a57e6f880dab12ff81235a568435432961a2ddade4599dcfd5890ef97a017069f93096ed6173f3ac5c6c3a4749515acf3371

memory/3016-1950-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1951-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1952-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1953-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1954-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1955-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1956-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1957-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1959-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1958-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1960-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1961-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1962-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1963-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1964-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1965-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1967-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1966-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1968-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1969-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1970-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1971-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1972-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1973-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-1974-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2058-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2059-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2060-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2061-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2062-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2063-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2064-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2065-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2066-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2067-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2068-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2069-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2070-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2071-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2072-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2073-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2074-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2075-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2076-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2077-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2078-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2079-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2080-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2081-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2082-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2083-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2084-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2085-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2086-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2087-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2088-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2089-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2090-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2091-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2092-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2093-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2094-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2095-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2096-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2097-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2098-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2099-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2100-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2101-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2102-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2103-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2104-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2105-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2106-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2107-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2108-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2109-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2110-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2111-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2112-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2113-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2114-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2117-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2115-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2116-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2119-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2118-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2121-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2120-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2122-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2124-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2123-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2125-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2126-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2127-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2128-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2129-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2130-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2131-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2132-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2133-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2134-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2135-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2136-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2137-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2138-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2796-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2797-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2798-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2799-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2800-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2801-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2802-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2803-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2804-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2805-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2806-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2807-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2808-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2809-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2810-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2811-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2812-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2813-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2814-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2815-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2816-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2817-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2818-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2819-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2820-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2821-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2822-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2823-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2824-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2825-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2826-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2827-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2828-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2829-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2830-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2831-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2832-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2833-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2834-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2835-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2836-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2837-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2838-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2839-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2840-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2841-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2842-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2843-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2844-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2845-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2846-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2847-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2848-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2849-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2850-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2851-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2852-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2853-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2854-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2855-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2856-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2857-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2858-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2859-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2860-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2861-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2862-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2863-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2864-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2865-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2866-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2867-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2868-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2869-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2870-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2871-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2872-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2873-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2874-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2875-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-2876-0x0000000000E60000-0x0000000000E6C000-memory.dmp

memory/3016-4109-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4110-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4111-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4108-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4112-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4113-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4114-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4115-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4116-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4117-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4118-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4119-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4120-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4121-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4122-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4123-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4124-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4125-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4126-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4127-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4128-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4129-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4130-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4131-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4132-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4133-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4134-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4135-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4136-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4137-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4138-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4139-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4140-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4141-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4142-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4143-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4144-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4145-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4146-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4147-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4148-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4149-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4150-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4151-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4152-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4153-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4154-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4155-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4156-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4157-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4158-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4159-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4160-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4161-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4162-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4163-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4164-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4165-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4166-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4167-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4168-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4169-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4170-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4171-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4172-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4173-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4174-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4175-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4176-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4177-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4178-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4179-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4180-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4181-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4182-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4183-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4185-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4184-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4186-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4187-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-4432-0x0000000000EC0000-0x0000000000ECB000-memory.dmp

memory/3016-4433-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4434-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4435-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4436-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4437-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4438-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4439-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4440-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4441-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4442-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4443-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4444-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4445-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4446-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4447-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4448-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4449-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4450-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4451-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4452-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4453-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4454-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4455-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4456-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4457-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4458-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4459-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4460-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4461-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4462-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4463-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4464-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4465-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4466-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4467-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4468-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4469-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4470-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4471-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4472-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4473-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4474-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4475-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4476-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4477-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4478-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4479-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4480-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4481-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4482-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4483-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4484-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4485-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4486-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4487-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4488-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4489-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4490-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4491-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4492-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4493-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4494-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4495-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4496-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4497-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4498-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4499-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4500-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4501-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4502-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4503-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4504-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4505-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4506-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4507-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4508-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4509-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4510-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4511-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-4999-0x0000000000EC0000-0x0000000000ECB000-memory.dmp

memory/3016-5000-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5001-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5002-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5003-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5004-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5005-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5006-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5007-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5008-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5009-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5010-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5011-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5012-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5013-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5014-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5015-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5016-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5017-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5018-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5019-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5020-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5021-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5022-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5023-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5024-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5025-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5026-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5027-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5028-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5029-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5030-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5031-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5032-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5033-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5034-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5035-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5036-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5037-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5038-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5039-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5040-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5041-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5042-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5043-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5044-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5045-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5046-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5047-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5048-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5049-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5050-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5051-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5052-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5053-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5054-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5055-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5056-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5057-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5058-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5059-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5060-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5061-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5062-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5063-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5064-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5065-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5066-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5067-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5068-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5069-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5070-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5071-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5072-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5073-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5074-0x0000000000EA0000-0x0000000000EAB000-memory.dmp

memory/3016-5075-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5076-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5077-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5078-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5485-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5486-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5487-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5488-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5489-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5490-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5491-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5492-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5493-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5494-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5495-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5496-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5497-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5498-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5499-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5500-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5501-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5502-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5503-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5504-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5505-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5506-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5507-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5508-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5509-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5510-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5511-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5512-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5513-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5514-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5515-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5516-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5517-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5518-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5519-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5520-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5521-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5522-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5523-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5524-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5525-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5526-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5527-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5528-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5529-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5530-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5531-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5532-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5533-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5534-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5535-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5537-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5536-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5538-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5539-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5540-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5541-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5542-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5543-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5544-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5545-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5546-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5548-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5547-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5549-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5551-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5550-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5552-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5553-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5554-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5555-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5556-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5557-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5558-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5559-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5560-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5561-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5562-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5563-0x0000000000E60000-0x0000000000E6B000-memory.dmp

memory/3016-5564-0x0000000000E60000-0x0000000000E6B000-memory.dmp