Overview

overview

10

Static

static

3

TT copy.exe

windows7-x64

1

TT copy.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-04-2023 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TT copy.exe

  • Size

    1.6MB

  • MD5

    3acff0b9068df07116870bf461f4f7c1

  • SHA1

    fb7c0e6fcee327e8ed755e8f1c5199f35a3c4723

  • SHA256

    f266e9833cf991a972db594ad7afad2332dfccdd2b7454e49455b759f406bcd2

  • SHA512

    0bf707bc83a739e6ed63a56b76323db9c59fd6a3bfb05c760adc77cf918efddf1d9d4769bc14fc5846e0c1d836e3cefc8169778d8c0182e20a0a368e80c6494d

  • SSDEEP

    49152:zxy+4OponS7iO7PYPhR/vNv1YWsWXLbZG8T0Zh591z:MKpoq57+/tztXLbZJGT

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 24 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 43 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TT copy.exe
    "C:\Users\Admin\AppData\Local\Temp\TT copy.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4432
    • C:\Users\Admin\AppData\Local\Temp\TT copy.exe
      "C:\Users\Admin\AppData\Local\Temp\TT copy.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3972
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
        • Accesses Microsoft Outlook profiles
        • outlook_office_path
        • outlook_win_path
        PID:908
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:2404
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:2188
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:2008
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4168
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:3344
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:3464
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:3152
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4988
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:3212
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:740
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:1608
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:1212
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:3428
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:2140
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4184
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:4112
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:2716
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:4428
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4928
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:1492
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2660
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3620
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:1204
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1872
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Modifies data under HKEY_USERS
          PID:632
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
          2⤵
          • Modifies data under HKEY_USERS
          PID:3436

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
        Filesize

        2.1MB

        MD5

        49d39432c069f7dde2954ba49affd121

        SHA1

        861d5511bd08423895948baa01d63d68fad7a645

        SHA256

        9d5ebd3cb3f83184a2d905b1152a1557bb1d591993006785c69971efadc6886a

        SHA512

        bfa3317d96f4747f8ebebf7998af4448931b66c93fd24e9b98ded54853c82f2d4763752f24f5dd7bf5983d3a2f82fc150597c55aa67aa5b3767aee744a4ad2ad

        Download Submit

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        Filesize

        1.4MB

        MD5

        889e320e15eab0d7610f1b596b37ed53

        SHA1

        28d96d5ff0c65bec5eb68e723aae26751edf5245

        SHA256

        848e27341e668a9629cb23465410682228def59279080551760a8b539b269cda

        SHA512

        361d6114b3cf01c146a7379061d6e386b2621f6b98a0ec0847a4e4f9ee5b61f9da281959df5630a3c3f786c14b832226b183d97fbcd14ef25d12277c511d5973

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
        Filesize

        1.5MB

        MD5

        fb04d9d6b73dff6d38eb16e8551d1722

        SHA1

        3b3ae1fe3893120a9dcdd6eae6fe74424cbbb346

        SHA256

        a2102454b3ae09288d3c142949c5912f57599f245539747b7a471dd23126d2a9

        SHA512

        dd20dd8f4186451f4bf29651493cfbce0e5cf124d1dae2f50810ded45cbc3e1cd13c8ddbebe46ce299cd94eeea781471cde5b220740a7b1eb95950180f3b19ec

        Download Submit

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
        Filesize

        2.1MB

        MD5

        0ab1ad799c6c3d8c36c7a06d279bdbbb

        SHA1

        4546d4197d8a0011529768cba476965f1774ab0f

        SHA256

        8a9f0e1e37a4410c4d617e1fcc1976582969bfe423a1c69abc52b4d89d272580

        SHA512

        2e6533dcfacba34916f960eb7808edba446047a67ab09bdc901d5e020e8b52d40192c31785fc51478e9625356f4321a11ad60196cb6f749f8261ea28f5bf2bbd

        Download Submit

      • C:\Windows\SysWOW64\perfhost.exe
        Filesize

        1.2MB

        MD5

        40b5860b7c7ea93e4062f1a272cd818a

        SHA1

        2bd1f0614372cffceddcb612f507edba9da8a473

        SHA256

        9a35e78320bd1fe99dc189dc6f4c212098ef79a233ac0f3ca2819eac12ce32a5

        SHA512

        8b5720acaf427169d55c35ef12e7203e9208cc08eb2eb3b39b1cbd706848693d654a09f7ec40a46ea93c06b2ded4f6960603a27a181a719255d69682d7eae4fb

        Download Submit

      • C:\Windows\System32\AgentService.exe
        Filesize

        1.7MB

        MD5

        95952f7e1e467161c666e0e1e9c36a5d

        SHA1

        caa9ff2360965ee9f18a3b83732249304f6ec589

        SHA256

        212e6c776ca671d1bb5b5abf1f1c5852681e5f5cecd161b4c2e28b3b1d95a2f3

        SHA512

        83e9a333191ad2cb68d6afe2168ed5f479c4ae39762c25397a67f1fcbea5da88763de1188bf7d55e0889807aad7abdde3e3198e094f4cc44936236146b3f661a

        Download Submit

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        Filesize

        1.3MB

        MD5

        bade683fe14ca18b58a6b6ab7688770d

        SHA1

        95a76b451bcd20f36082cf1cc041a8e3849d0bb8

        SHA256

        78b5aeb241165109f854f9781d6b3d88c185b24039903639df981e9467f416ba

        SHA512

        3bc42ac1ababfe20226c54641b703863206d01491dd4726570680078d708e0f9ee86122f92f2debaf1e492585176d75b10e8d2e02ef003a69c5c18515b1bd81c

        Download Submit

      • C:\Windows\System32\FXSSVC.exe
        Filesize

        1.2MB

        MD5

        7482a32f21e83a37e74d6a106e5f37bc

        SHA1

        d547bef8859bec94a6f99961a52b5b0a7aa5b877

        SHA256

        6d6409b7dd11e9b09cf2e58c849164bf2e2b8c9e7497bb4f78c3b3b01fd6c78f

        SHA512

        2144731dbfe2eeb733eeccac65a58c8be6f3667573e20fccf6fab48690ae9ad69efb20b822568c89d7263ab21c66fea8dc301e8fe4136705a90ab0fe8dc0a604

        Download Submit

      • C:\Windows\System32\Locator.exe
        Filesize

        1.2MB

        MD5

        89d7c7e8331c774ede9d5c3c4d4bdc07

        SHA1

        72dd37c94dda681ba4e673f2a09cf6414a22113b

        SHA256

        1df99f5dab97f3737625342e440c3165fe4bc9c271f9a854ffd0a5471028e829

        SHA512

        2090025bbbacbf342e92bb48f663face0ac7c9e82c66720679e58e11a3473a5627165dcff104b5f6f20e5e6a782656c87f35bafe0e59b865d57a8c72eee9431d

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        a9b8478067c62e54f90f1fc8ac1322cb

        SHA1

        4d3988ba112290345bb5eaaa4c90726c99b6df25

        SHA256

        bc89cf967d84932eb1b097e5fbc8e587c7d417719013ec59f700403061046298

        SHA512

        1b70d1e811167cbfa4538824c27f2066a6e13854d0e294449c01f05b172b8391654770a6ad4f3557ddbe668199884958c7bada04fe9b287806b0cdb25f3ffed8

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        a9b8478067c62e54f90f1fc8ac1322cb

        SHA1

        4d3988ba112290345bb5eaaa4c90726c99b6df25

        SHA256

        bc89cf967d84932eb1b097e5fbc8e587c7d417719013ec59f700403061046298

        SHA512

        1b70d1e811167cbfa4538824c27f2066a6e13854d0e294449c01f05b172b8391654770a6ad4f3557ddbe668199884958c7bada04fe9b287806b0cdb25f3ffed8

        Download Submit

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
        Filesize

        1.3MB

        MD5

        478cb1686d5128426812dc1851b5829c

        SHA1

        cc45def8ed2c5b4212b6799f9a45a273e895fc76

        SHA256

        e9d114b7939ddc1f8ccd10d234254935ae33f9b7e3c9927af2555a7b7fc1a2d9

        SHA512

        285e872f00859f858d01c7539291404f8e29b378e9c9816ff33a0655ac2c76411728a108fd4a6b9c4c224a59d0abb701b973269c1850a54f4437a43dc4ecb0fd

        Download Submit

      • C:\Windows\System32\SearchIndexer.exe
        Filesize

        1.4MB

        MD5

        fae60cf8b0c49c1899cd4537859fa4ef

        SHA1

        755cd1eac3f0912da2629cc7a4684e787d0fbc14

        SHA256

        de704a1714048e24920180266eb705023157e16255a019dee04b6edf82c2bd97

        SHA512

        ea18ca444b9015f1d7939d9f05be687ff1ab6d661a0c044cd432d125b4292c1a8e7d276fd4e91dfdcc4ccce25bd8aec9465bd9f3912c316d3318ad682531d3f6

        Download Submit

      • C:\Windows\System32\SensorDataService.exe
        Filesize

        1.8MB

        MD5

        00f9030861a6e7a3d0a6c205e54d19c8

        SHA1

        d266b3ede887e0a9430fedf9f1bc479dadf868b9

        SHA256

        e60fbc0b3f5f2b60bad8444877a57cacdcc4f8c1eb81cdda7e4e090396e070c7

        SHA512

        aad97ebc295a599000671d003a4f47e97b07addd3512c45424c74e56d5365ec2ffba995a3b23f07fccd2c86abb4f09fe51a312f8f11d4da49c42834b8b39dd8f

        Download Submit

      • C:\Windows\System32\Spectrum.exe
        Filesize

        1.4MB

        MD5

        b17d510b45a5157179825310d9d923bc

        SHA1

        f202e445e475494720ef6db886411ddbe99964e4

        SHA256

        dd0a91900bb3be7862de6ae39cca691182150f0caf62bf2e20231ae615d350ca

        SHA512

        597d93a93f2f7a22eb026188668c00ebf3e2e7d571e1f1b71c4a756ef632a9a23386823fbf9a10fbf4a38380bcca702f9ab1681c0073598aa0e0f9349ee200ca

        Download Submit

      • C:\Windows\System32\TieringEngineService.exe
        Filesize

        1.5MB

        MD5

        858f4b7fcf57cea3228c2b1f14cd1eed

        SHA1

        9958e285ba7bc784e8e66f87445a1c7d15c4edee

        SHA256

        32abf31bb29f86b897cf68804b52ff58d77c83fd17f6b194645b115a58b33125

        SHA512

        6eeeb6bb554e0d93a912165c50e044504c3396cc0949c26c8fb66831bdc3cb6e08758ccc3927d877c14f3d42d04cc76618e64300d74f6b5f3eeffd03f7b6e714

        Download Submit

      • C:\Windows\System32\VSSVC.exe
        Filesize

        2.0MB

        MD5

        80d5213fa8d9b9afa928a4d4c8e8f754

        SHA1

        e28ec25045ecf00c589cf11dbc7300acab27aed8

        SHA256

        c6ac67f40a6dd332afaa2c7521377e98aaf6154c37faaae1a8f294e45013fab1

        SHA512

        f30c05ee1c924d359c89c7b8c254940be821a75ba1516c5e519f315a4cee4e05b65007083554005d94e16c4fe582e72a399927c91e7956e58ab8d1b94cf86028

        Download Submit

      • C:\Windows\System32\alg.exe
        Filesize

        1.3MB

        MD5

        f266bdb49d1ef2ad76458765771aeb32

        SHA1

        08031c214f0626aaf4743914d448e3f5f8b21394

        SHA256

        ae2e4ea5d285174244828688c61b678c656426df6d9d1343995e58f24ff48257

        SHA512

        d51713c0c8009750bfe8dc11360146ffae1bf419c6c55f5f0a0d85ed7682db05416a15357d73bc298a6b80321ed311df7cf7a597306204aebcb610e4c52e5301

        Download Submit

      • C:\Windows\System32\msdtc.exe
        Filesize

        1.4MB

        MD5

        b394821bd29f6a50fb2777d662210a73

        SHA1

        9c8325a4914b9b5cae57dbac4efa8d2270a34946

        SHA256

        8d8c88ffe6d11e07a41c4f48d74c5d7fd7d99b570541cafcd5e3cae4c4e49bda

        SHA512

        287c341efdb857ce531e9ede27e69cdac859b5d124959738c83663f22d8a4df6f95c5b626c7b2c105593432746568101b94681702d3378ba9d3135b55131a9c7

        Download Submit

      • C:\Windows\System32\snmptrap.exe
        Filesize

        1.2MB

        MD5

        91598190a014b096ed8da6d7693a0750

        SHA1

        41be5f5d20f88cd67b0f91aea0a2dafbf516d7cd

        SHA256

        e73b01b63ef493fe2d09f427cca91b689493eb2f12e57f610b0257ad726a99fd

        SHA512

        24c577b46f1f018502c227d865a86dfa471169a3152f138bf53edb4995332060bd27a761de3eaf8c211d71e4b95e66e52fc3bdf86cace36a0f0d57002b2e6efd

        Download Submit

      • C:\Windows\System32\vds.exe
        Filesize

        1.3MB

        MD5

        4c80e466965e14fe7be453516863c68c

        SHA1

        680cdb747d9d6ce428acea660068740986b5bbe0

        SHA256

        6a0ecd0a5dfb9390096461e952fab3ea4de594bfa5d48d3a9e640e21e80c0e20

        SHA512

        2ab18d8edf3dfd1a01c1b5ffae430ebde79ad116b236652fe8ecee8aa9d916cc84ec64f686fa1e8de3c2b09b2217e160d8a7d84956c61b718fa3ecd8b2448d0a

        Download Submit

      • C:\Windows\System32\wbem\WmiApSrv.exe
        Filesize

        1.4MB

        MD5

        48b5b42941aca786f0ec15b7c3ee10c2

        SHA1

        bdd49af7b0716a3889f0e0bb4102f94d5bd03d14

        SHA256

        922797eb0cc9e3914f69b3a139eea81074d4d6373f533ea7cc116147b041f49e

        SHA512

        d56176d560086c1e2a59d8079664656aa617b29bb8abe24777b9bdd8eeabb057b6b5b2eb912656efe8f538006b1dacfae50b07c7a523a082fd10f3d8fc2c86e0

        Download Submit

      • C:\Windows\System32\wbengine.exe
        Filesize

        2.1MB

        MD5

        bf358e4e9f84223a72e704a5e42f87f7

        SHA1

        31bea8d39b2c3b6affec1bea9f4b70c8ac51ce0b

        SHA256

        27ed14e02388d104361fe6168164d5a93616e1e0ce7e17e6d1070239a4fd27e3

        SHA512

        3523af6552f22a04946a7e45e2cfa3619ecdaaa19f7e2de5d6dbf9708fa2e2d8ebb9facbe8fd8d8e52b16563760861756cffa713fba530cf8e180bef744f7aaf

        Download Submit

      • memory/740-278-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/908-203-0x0000000000D40000-0x0000000000DA6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/1204-423-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1204-483-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1212-343-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1212-283-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1492-380-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/1492-426-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/1608-280-0x0000000000400000-0x00000000005EE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1872-429-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1872-586-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2140-314-0x0000000140000000-0x00000001401ED000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2188-170-0x0000000000490000-0x00000000004F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2188-176-0x0000000000490000-0x00000000004F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2188-180-0x0000000140000000-0x0000000140200000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2404-156-0x00000000004F0000-0x0000000000550000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2404-313-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2404-164-0x00000000004F0000-0x0000000000550000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2404-163-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2660-393-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2660-428-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3152-230-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3152-227-0x0000000002280000-0x00000000022E0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3152-224-0x0000000002280000-0x00000000022E0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3152-218-0x0000000002280000-0x00000000022E0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3212-255-0x0000000140000000-0x0000000140226000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3212-331-0x0000000140000000-0x0000000140226000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3344-201-0x0000000000C60000-0x0000000000CC0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3344-325-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/3344-195-0x0000000000C60000-0x0000000000CC0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3344-205-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/3428-299-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3428-342-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3436-648-0x000002E527CC0000-0x000002E527CD0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-646-0x000002E527C90000-0x000002E527CA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-755-0x000002E52BF80000-0x000002E52BF90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-737-0x000002E52BF70000-0x000002E52BF80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-736-0x000002E52BF70000-0x000002E52BF80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-735-0x000002E52BF70000-0x000002E52BF80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-718-0x000002E52BF70000-0x000002E52BF80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-717-0x000002E52BF70000-0x000002E52BF80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-716-0x000002E52BF70000-0x000002E52BF80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-697-0x000002E52BF70000-0x000002E52BF80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-696-0x000002E52BF70000-0x000002E52BF80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-695-0x000002E52BF70000-0x000002E52BF80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-673-0x000002E527CC0000-0x000002E527CD0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-672-0x000002E527CA0000-0x000002E527CA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3436-651-0x000002E527CC0000-0x000002E527CD0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-650-0x000002E527CC0000-0x000002E527CD0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-649-0x000002E527CC0000-0x000002E527CD0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3436-647-0x000002E527CA0000-0x000002E527CA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3464-207-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3464-213-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3464-231-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/3464-326-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/3620-481-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3620-412-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3972-143-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3972-312-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3972-140-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3972-161-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3972-144-0x0000000002DB0000-0x0000000002E16000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3972-149-0x0000000002DB0000-0x0000000002E16000-memory.dmp

        Filesize

        408KB

        Download

      • memory/4112-330-0x0000000140000000-0x0000000140259000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4112-392-0x0000000140000000-0x0000000140259000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4168-182-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/4168-193-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/4168-188-0x00000000004F0000-0x0000000000550000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4168-191-0x00000000004F0000-0x0000000000550000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4184-324-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/4184-365-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/4428-355-0x0000000140000000-0x0000000140239000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4432-138-0x0000000005450000-0x0000000005460000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4432-134-0x0000000005980000-0x0000000005F24000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/4432-133-0x00000000008A0000-0x0000000000A4C000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/4432-135-0x0000000005470000-0x0000000005502000-memory.dmp

        Filesize

        584KB

        Download

      • memory/4432-136-0x0000000005910000-0x000000000591A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4432-139-0x0000000007960000-0x00000000079FC000-memory.dmp

        Filesize

        624KB

        Download

      • memory/4432-137-0x0000000005450000-0x0000000005460000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4928-366-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4928-369-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4988-242-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4988-233-0x0000000000C90000-0x0000000000CF0000-memory.dmp

        Filesize

        384KB

        Download