danabot | f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296

Analysis

max time kernel
143s
max time network
146s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
25/10/2022, 09:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Size

8.4MB
MD5

3281a9332d11287529ddbac19387f603
SHA1

6554cbd72d5b8bd516f61a23b660973a459ce99a
SHA256

f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296
SHA512

f1822a94db5cd93d1d1a53c126c5cea45fbf2cc7f0a9629291ed6a4c13f0d1cb4d1b642de137e9aad17709faf83025014b553ca3a707f0f9ccbb734305d349e5
SSDEEP

196608:lCG/oOtCh9iqBxvW3zFNPQgOcEO4CeKSYblYmK:MGTtC+qBWD4gOcEwSmG

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
569235DCA8F16ED8310BBACCB674F896
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Blocklisted process makes network request 1 IoCs

flow	pid	Process
11	2468	rundll32.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2016 set thread context of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2700 set thread context of 2468	2700	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	71

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 49 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Previous Update Revision	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data	rundll32.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	rundll32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Previous Update Revision	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Platform Specific Field 1	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Status	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	rundll32.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Platform Specific Field 1	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	rundll32.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2468	rundll32.exe
2468	rundll32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2468	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2864	OpenWith.exe

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2016 wrote to memory of 2700	2016	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	66
PID 2700 wrote to memory of 4816	2700	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	67
PID 2700 wrote to memory of 4816	2700	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	67
PID 2700 wrote to memory of 4816	2700	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	67
PID 2700 wrote to memory of 2468	2700	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	71
PID 2700 wrote to memory of 2468	2700	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	71
PID 2700 wrote to memory of 2468	2700	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	71
PID 2700 wrote to memory of 2468	2700	f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe	71

C:\Users\Admin\AppData\Local\Temp\f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
"C:\Users\Admin\AppData\Local\Temp\f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe
  "C:\Users\Admin\AppData\Local\Temp\f535fcf255b18e63f0191b3d9d396bb7fc7e42c7d770263863b9b8de7062e296.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Windows\SysWOW64\appidtel.exe
    C:\Windows\system32\appidtel.exe
    3⤵
    PID:4816
- - C:\Windows\syswow64\rundll32.exe
    "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
    3⤵
    - Blocklisted process makes network request
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:2468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2864

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9a12144b-018d-4609-82b9-20cdb0122eb2.tmp

Filesize
25KB

MD5
9f670566b87be47f09e3871cd67ed6d9

SHA1
8b49dd7fb4bf06df0a16cfc03a42832b78bdfabd

SHA256
d7089602fa181dfd161165dc1bb34271e7481f88ee2ca06230da2a2269a68c80

SHA512
6e53a2d3c4329114f7e562d84bcb6345176ce4d7006c9d699d6dab9886d5aa277b5b8fe5cfb9e574a49e0c1de6414efa913cf9b3ffecd95e9fafa28370fc2456

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdobeSFX.log

Filesize
1KB

MD5
1d6e142a6313157ee6c9b879ea4918f6

SHA1
b06545210af62e70162d1ff667d3e36e1f9b6716

SHA256
78356dcfa40fce405223dbe34d18645d2b3d8e85ad9e7ef42c890d52a14ff72f

SHA512
9a28ffc2b519f657eada4f4bcdbb95f9ebc8ccedcf0b30466f8a2cdfb5581d916c5da44861369bd91859d1089818257c2896d4846d111aed1fa8b1d25a288488

Download Submit
C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

Filesize
25KB

MD5
53d9447305961cb1131255a46920b9eb

SHA1
fc04daf427e6da9797ced789d3460be69bbfd7c5

SHA256
632812d8c845c8dfdf2e8388b9beef1f8adcae3b4a25222ca9a26a6d11caa2a8

SHA512
143b013582a2fd0339e68a007ecf1b9761d197d01bb168fbf448305bf1920781da3c00206a197cd3eef342244cc4adf99a34d9a574341b33e5697f204184a1a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SUAJYJLY-20220812-1728a.log

Filesize
183KB

MD5
586431fac48ddf721b5673450d7d11a9

SHA1
fe58a44318b3f31290014717dec66a2e100f8a2f

SHA256
8530c2e19404e82076a677251cb2ec381028e3cf7eca6c4cea638236d509e907

SHA512
93fe2d90afed56d385ef00694972ba48e498cb959489a47f3774930654aac5399d2cd04809c9263f12eb761f9efd60a5b4a88793615f8d638ddf07efdc1f5dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Syhidsduo.tmp

Filesize
3.3MB

MD5
13d0ff809f24a408728fd6fe00241020

SHA1
fde8484da982eceb86cf6959460ffc4ce33271a9

SHA256
db9190e9eb5298547a3d266f298ec1e7ede0426841da9512f2827f1e7c027520

SHA512
38dd1c523eb9f5aa1c3da0e95f4064f22fc191ce8cea20803c5f60fcbc40d83f5c3545529863ca18f4e65b3ea7a8eddc247ae0db11c6ffa70af560998611e768

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
3KB

MD5
b41b2650d4d667a9824eba43a3049762

SHA1
664c28373c371e1707dad2d84c2597bf63f81b8e

SHA256
22f6dde0063f5504b8a964c873dcc28906e87b9e2f00f3f61230638212d82deb

SHA512
1b1fb55d18be63a95b01c905b29f25e59e122c7ebed9dae406910c85f97db03fb165c355b373ce063a99c5e66e57b26ef82832443bd725df264fea8c21cfe0df

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt

Filesize
2KB

MD5
c8c7e9b4224595317a08c41e6d042f1b

SHA1
1dd853cd297486844714db4301669ae5702385ef

SHA256
a3150537957b83b897283c60c695acf5eb2af4e98c65480aee2f75e537c6dbdb

SHA512
e5e1d4a680e9fe3f2cec35c7c115f3ea989d7840c4f1ec3a2802e927042eb4aab0aa88ed044753108f03f6e8d01586f61ca171237bc54c32a4febcdc5ccb673d

Download Submit
C:\Users\Admin\AppData\Local\Temp\e42dc846-bc64-4388-b5da-4539f7d36f06.tmp

Filesize
23KB

MD5
7cd73270bd735f9fe77bc9278f9f2b8b

SHA1
b27a898970297c750fb7e4d70ad8f87c1e6c1739

SHA256
ee80340a02c0f96a3f9d01e635857d38d7b92444d6102ee29804f559f2eaa7f4

SHA512
1fe70455d4d8c0fbab9ef20cf85d0de55fea9f18499c653af5d234462aa5c45eaacceadab39e9be62dc548af4f710362dd34970e1d8a666bf09fe4101bf32077

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9WZDNCRCWFTB_0_0010_.Public.InstallAgent.dat

Filesize
65KB

MD5
dc7e6cc5a47edc01738a38ad70f9a8b3

SHA1
c07046f0a19ad63d830fc97b6d9a79c3ede32f42

SHA256
34d45b244945e8c37900145bb52afc763074b301ca5153d369ddb900199fccca

SHA512
8ac5a5ba64c70e608b5cef3e06aca9f7bc9a9da0a9e4c9527a1b24384109306b4e93f2e1cb19375fef7c972ee9ec15361d4b34bb0eb7f97d93c4d836a6a93f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\sa.9WZDNCRFHVFW_0_0010_.Public.InstallAgent.dat

Filesize
85KB

MD5
7ccbd37d0a5066e728a7a420b90e6d34

SHA1
1ea2aa552a6cb2ef86bceec5c354f43424dbf469

SHA256
cc7bc6b4aa0ec6ca8c6492498c6ae1509aeebf56f114595085e8d55d3e2939ec

SHA512
1d62d50420806ed3bfef1e16f276bcee73e351116966f6131e8f454296f006a10a7349784118f4a726e6a44fa848bc0396c83139bd833581625f911dd9ed7273

Download Submit
memory/2016-132-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-148-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-133-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-134-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-135-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-136-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-137-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-138-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-139-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-140-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-141-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-142-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-143-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-144-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-145-0x0000000003750000-0x0000000003F90000-memory.dmp

Filesize
8.2MB

Download
memory/2016-146-0x0000000005930000-0x0000000006306000-memory.dmp

Filesize
9.8MB

Download
memory/2016-147-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-120-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-149-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-121-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-122-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-123-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-131-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-130-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-129-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-128-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-126-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-125-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2016-124-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2468-363-0x0000000005290000-0x0000000005D42000-memory.dmp

Filesize
10.7MB

Download
memory/2468-364-0x0000000003320000-0x0000000003CB2000-memory.dmp

Filesize
9.6MB

Download
memory/2468-322-0x0000000005290000-0x0000000005D42000-memory.dmp

Filesize
10.7MB

Download
memory/2468-314-0x0000000003320000-0x0000000003CB2000-memory.dmp

Filesize
9.6MB

Download
memory/2700-164-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-156-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-166-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-167-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-168-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-169-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-170-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-171-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-172-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-173-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-174-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-175-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-176-0x0000000000400000-0x0000000000DE1000-memory.dmp

Filesize
9.9MB

Download
memory/2700-177-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-178-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-184-0x0000000000400000-0x0000000000DE1000-memory.dmp

Filesize
9.9MB

Download
memory/2700-192-0x0000000000400000-0x0000000000DE1000-memory.dmp

Filesize
9.9MB

Download
memory/2700-205-0x0000000000400000-0x0000000000DE1000-memory.dmp

Filesize
9.9MB

Download
memory/2700-240-0x0000000003AF0000-0x00000000045A2000-memory.dmp

Filesize
10.7MB

Download
memory/2700-150-0x0000000000400000-0x0000000000DE1000-memory.dmp

Filesize
9.9MB

Download
memory/2700-152-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-153-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-154-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-155-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-282-0x0000000000400000-0x0000000000DE1000-memory.dmp

Filesize
9.9MB

Download
memory/2700-285-0x0000000003AF0000-0x00000000045A2000-memory.dmp

Filesize
10.7MB

Download
memory/2700-163-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-162-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-161-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-160-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-159-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-158-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/2700-157-0x0000000000400000-0x0000000000DE1000-memory.dmp

Filesize
9.9MB

Download
memory/2700-165-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/4816-185-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/4816-183-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/4816-182-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/4816-181-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/4816-180-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/4816-186-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/4816-187-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/4816-188-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download
memory/4816-189-0x0000000076FB0000-0x000000007713E000-memory.dmp

Filesize
1.6MB

Download