Overview

overview

10

Static

static

3

Quote 1345 rev.3.exe

windows7-x64

10

Quote 1345 rev.3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-05-2023 08:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quote 1345 rev.3.exe

  • Size

    1.5MB

  • MD5

    39810b7912907fc879004874df0e9e9e

  • SHA1

    f2e51d5e9f644058a8ff4d64458e2914ddf2a364

  • SHA256

    bc61c93084dbe9aebf93114d082667bd696610a81e8fb4bda751204f86d3ea61

  • SHA512

    abd49e8623428a399f665e2157522b6d285cb6c1f77c043eb22038df2ebbfbb21f3823c08dd781be5df043f1ab9b514990ab890bc80086cf33860aa6f4e75b5d

  • SSDEEP

    24576:molqfbt8n/WmtqmZfq/ppZge1+qWMZukXfRtgyCrWw:sxgWm8m+Zj+qbZuq

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 24 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 43 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe
    "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe
      "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1172
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
        • Accesses Microsoft Outlook profiles
        • outlook_office_path
        • outlook_win_path
        PID:4588
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:2708
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:4512
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:5084
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:3424
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1148
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:5008
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:4632
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:2116
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:2292
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:4148
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:1396
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:4032
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4704
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:1040
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:920
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:4144
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:4116
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1980
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4644
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:4236
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3288
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1228
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:4672
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3936
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Modifies data under HKEY_USERS
          PID:4676
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
          2⤵
          • Modifies data under HKEY_USERS
          PID:4280

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
        Filesize

        2.1MB

        MD5

        ab832d393bc9821982bc6c2e77683abf

        SHA1

        209f1a06d04d913aa409a4096a2fb192b8efc309

        SHA256

        151167ce2eae3274b5c6d02f042c8a5091ae70f17ba551a091179e681bddd80c

        SHA512

        4d314869a5974944283de4fae288f0a277a6cebdd3b2da65b53bf31a9d6f935c9b25174a73c7db686e1d91d2df840b7e4378533f83bddbe1604c584796fee31c

        Download Submit

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        Filesize

        1.4MB

        MD5

        37eda787edc9616fbe257c2381c9347d

        SHA1

        144acd3caf742237569e6175f8328bac1b04f33f

        SHA256

        d54c09fc059e716e46c6f3f7f747b21bff892d83b196f35a2aff34970354837f

        SHA512

        58920413ab218d782876a454b73df153f0e312439374b19761e9a352206d78108630926dfa52387e16b88cc333be17bc70d7336cc7ce8082e72fdaf3a160220e

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
        Filesize

        1.5MB

        MD5

        092ae1f8427d43af629841c5fdece50d

        SHA1

        953a98b053e3beb2241e2e567dccdf2c9ed2b69c

        SHA256

        4fea75c0fe94d74b248f142778c258eba6569aa66c3e52f5d8e567011d08d772

        SHA512

        f1b935f3efc385b5a421b351f600908a23858e7acab1dbe38389321203d22fe5fc526848fbbd33cc7b559fc1af5947c8ddd8988817cc1daa57f3b29cb4fe4433

        Download Submit

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
        Filesize

        2.1MB

        MD5

        eb80fc052f22b54a3368220d1569cbde

        SHA1

        0bce92895c9f1c3ffa9f44c4d2e3a984f3fb20b6

        SHA256

        6dcc3e7137b8a6ce65dcc6c67d4771c95494339fdb14a1754fcdaf8b10a19cc4

        SHA512

        d9686115ad91a02238b701e4cb5e2bc278afdffea0802b6ee29721d8ef9abc5bbdc0a3477153f6bcb95ab81ad6ea511ac73255adb223d36f706a927b42456132

        Download Submit

      • C:\Windows\SysWOW64\perfhost.exe
        Filesize

        1.2MB

        MD5

        5ef33defa9f6d59129ab8d105eb8cb93

        SHA1

        586532760be50d63fe5bcd54087efb5e77e739ec

        SHA256

        fa790a987e1dddd39b5f2a52a97fb9d54823e3a2a0a781f889f0659b25c718a1

        SHA512

        7c9b23360063f2d1a47d6e33a1d37c8ec3f221f826b9e4e3d8dcfec7983e874cef9c4a1e43ea4a7f60bc0e59a1e734400dc4c2a2836bfb2657906a47241c967c

        Download Submit

      • C:\Windows\System32\AgentService.exe
        Filesize

        1.7MB

        MD5

        987d92230e1dbac29ba2c6c94996489c

        SHA1

        00cd21adbe58becc77be28935b08351165005a4d

        SHA256

        7e091f30ea2e73868bc1d133e015ccc336d247897699ce365600945fb3f51518

        SHA512

        110d41484c2334c32b87bf9c5745797b9f2c30004a49cc8d9e40a5dc5b5d86889cd5af41a23229c7b4aff1814598b4eecfb1b1d670e1cc20f0012214f8c52dec

        Download Submit

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        Filesize

        1.3MB

        MD5

        25af4e96fdd1dbb20e3531fbc23f75b5

        SHA1

        67ab72b23bbc9ffe5f4f4a6ff8f41468bd9bea31

        SHA256

        ee2b4e2d42ed7f5ef64c3b01a0920e7eb2047481c67ae5d0cbc5b62610b37ae0

        SHA512

        f099432d364acb85fa1e17ed13f3ed6d5bbae12c0597ac917f1889416b3129d801a67766f449f191974e89147eb9722c713153e6094bac0cc499d320ce091fba

        Download Submit

      • C:\Windows\System32\FXSSVC.exe
        Filesize

        1.2MB

        MD5

        f369f9efc0accfda747503301d45a5ab

        SHA1

        93a5f116617e96edceb1731b744bd17275d59e04

        SHA256

        c214d1c92f5dd729506ace5ecf7e0a8bf72b5824de93ed80ef26fd92367e88b8

        SHA512

        49e4eb38971e9dac73a2453e1ee5f20cc2879bad67ff790e3b73b4d4ddc99dcb634e7bce30f0facf7369e22a28d56708f15a75c074af0fd392da5c04411ce69d

        Download Submit

      • C:\Windows\System32\Locator.exe
        Filesize

        1.2MB

        MD5

        4f7f9a74a710aa9d529674d7e3c1d881

        SHA1

        00fe8626c6c86b66fca28401251d23eaf365206a

        SHA256

        22e5c2e7ece21263c6bd63d02a183295f24dea096be79286aeb8cf50f5fd06f9

        SHA512

        96d4bb570dad836fb9033d7a30231e5b3e406517b45759e23c51466ff5e18be41ffe858a30f5db589c5fbf0338dc3d936c57307505fe4bf71052604c062fe99b

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        a42dcbae77fcd7ccf27dc16ff44146db

        SHA1

        ec45f1ea700c4a056b11c613923420d6648482ed

        SHA256

        a13793894a61f98be5110f34466b3ba1282649e15df8423744d6cce4c6ce866f

        SHA512

        381425f4b016a42edcd0424b31f4f95815fd1dba077fbb03285c40bdbc224333871909247c918efb367463a11936b5e55272458cf220fb0fbeadbf88f85a476f

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        a42dcbae77fcd7ccf27dc16ff44146db

        SHA1

        ec45f1ea700c4a056b11c613923420d6648482ed

        SHA256

        a13793894a61f98be5110f34466b3ba1282649e15df8423744d6cce4c6ce866f

        SHA512

        381425f4b016a42edcd0424b31f4f95815fd1dba077fbb03285c40bdbc224333871909247c918efb367463a11936b5e55272458cf220fb0fbeadbf88f85a476f

        Download Submit

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
        Filesize

        1.3MB

        MD5

        7d3560dbe7c208031f1f8aaf6c627212

        SHA1

        b55398729af226f932e99d243fff96fa2db3caa1

        SHA256

        728b65fd588bf689b5dd204c70913795fe5b6d025ebb06bca6e69681c346a9c4

        SHA512

        b787300169905314b4ca75df393fa27ddfe2b7679fc05770d24c440e96010d121f049d9839ecc1dbafcc7922c6dc1693d5ce079ddf2ced586e7caa5551282c87

        Download Submit

      • C:\Windows\System32\SearchIndexer.exe
        Filesize

        1.4MB

        MD5

        20633d2b543817ef7552723a0c0a1a9c

        SHA1

        a4e80fd128ca1f3de181a40bed74d0d8fd28d38b

        SHA256

        81b9a85d5522fda75c326b106c4334348626fc2a3aeebb9718f463eaf6f22373

        SHA512

        ba751c93792f106b6853956ae7d99a24332e6e776d0232962a471ed927af57efeec45b5551b5e53a339aadc84898d80e0831c256da09531205fde52883dcdd5a

        Download Submit

      • C:\Windows\System32\SensorDataService.exe
        Filesize

        1.8MB

        MD5

        c026e810ae632799f2242ceaa71e639c

        SHA1

        15f1cd8114e5bfe8ebeca0153d18e484623c687e

        SHA256

        954449f30dabca93253a293d69e6cb07a6cc534548840013bfb89f4f42efb54a

        SHA512

        d1ccc10cb5f49d73fb3f64baa7cc8d58b4ae419c1a0e24b17b78bfd51f574ee4ee205536fb88dc82440622ffd6ebdaff6a67dbb5ff88663f43b480a70ec525d1

        Download Submit

      • C:\Windows\System32\Spectrum.exe
        Filesize

        1.4MB

        MD5

        1ecd77583d433df5e18a7680408e6cb0

        SHA1

        b81a8f98ba565e33e29d60840e115d140a1c34b6

        SHA256

        5a5dab110c32479961c0a80b252aa1cc45f43ed8fda02860bb36b490f7cc00ad

        SHA512

        35f496832ca7981347c4c3f88edb2fc4780a7677b44455af93f39f69465115662309d633e0f8a5b4607e62eef4a2f3d2a10b8ad611725e0be65fc1ac9d698c1f

        Download Submit

      • C:\Windows\System32\TieringEngineService.exe
        Filesize

        1.5MB

        MD5

        173f3f2d9dec2f9110a3fd91af81bbdc

        SHA1

        f40d12765a3815a400a98a3a922944c8242c8642

        SHA256

        cd46ab2b235d962e7381dac647b4b352f524ada56a24f4b426e96b962cd1ab74

        SHA512

        0593b06b9e0c68b60f3fa221866a62cfa501fe76cc49a8059bfc2aac8315c02f0ba1964f0a10f5af8787f8424fc3c7bdc2e9d0cf7d6909b7c85c2080be40cc17

        Download Submit

      • C:\Windows\System32\VSSVC.exe
        Filesize

        2.0MB

        MD5

        03fb75b9d809087de0f90e76e9fc8078

        SHA1

        b59f1340ec1bb1b0c40572d0c0a4239bfb029be7

        SHA256

        de56873a95df7fafd41de003aa9562fa24079a38adb803ba13ca08a05c3f3b61

        SHA512

        709d2e75bae53a8c499d8f221bef31e248f08759b4009d5a7354225c84c27359c87adeb5feb6a3026e6cf5f5164f497450e29ddd02839d14a83a41302309b4f9

        Download Submit

      • C:\Windows\System32\alg.exe
        Filesize

        1.3MB

        MD5

        cd3a9ac856f5e907728ada8a20c5c10a

        SHA1

        ceee6aac7888779205b29adbe044c3aa8f5ad2db

        SHA256

        1e7e43ab1c1f4b73249a4a8cec9bcd07515ef9f067b625dee6852782d57e1f94

        SHA512

        7e05f024d720b3f1bd817ba5235407fdddf278a0c9bbe0773d7cfcab4e9a168f0de780f465fe4f9bdc1196ffa18a2dab0f410cacde993ea219b0905d102c868c

        Download Submit

      • C:\Windows\System32\msdtc.exe
        Filesize

        1.4MB

        MD5

        16e3b47a260f5eca5ec443e8e0897d72

        SHA1

        a28fa13edb333e168bac4ce6b50ae69d017a8fb5

        SHA256

        40badd8d2760b2c913e61691a73ee1ccaa90aee68ffcac0c4ef60cd51d8033af

        SHA512

        dcc6a0760a4f50ff62727bcbbf39bb580d75b898a445ac3038963400dcdcbc9bf1ab9811de3616561e95fdde9dc6fb77b3a226ae63b1b7324441cf9a7f107f80

        Download Submit

      • C:\Windows\System32\snmptrap.exe
        Filesize

        1.2MB

        MD5

        909666700dd5d8f41c6afb33cec201ee

        SHA1

        e07bfa4f9f9ad93d92e721ec47804d67f08f758f

        SHA256

        2f226011753f849483591a4e5c6f3ffc40701330df70d609bbe60c073449a236

        SHA512

        501085701b9290d9fb34c8dc725ecd276692ff9c130c98699c1c413aab3d649c9fedff03701e59043d9dedda5c669099ecbf72c9d461b83932960657ad9bbeda

        Download Submit

      • C:\Windows\System32\vds.exe
        Filesize

        1.3MB

        MD5

        b25dc443bbfbc038bae8d380fca0afff

        SHA1

        a7a8749437b39375bf6945fdbf91dc566b42a968

        SHA256

        5450d18363b1da2eeb130c4567a60537c54b6dc10c6fd4b66a7c6de3fad4707f

        SHA512

        822adf81d611cc55590bee47ccfdc93afbbe79bb6e3c4bfb900cd41ecf48cf373fdc0a62b1f344fe97278946832209aac77783270b40b896eb6056319ecd3048

        Download Submit

      • C:\Windows\System32\wbem\WmiApSrv.exe
        Filesize

        1.4MB

        MD5

        19ad9e06d3f290667ac94992c2224f5f

        SHA1

        9072502810070e50d02b7c79ec18da89903ed152

        SHA256

        d122b16868cf74bf616cb93ee2ba2dade26e490f2a240e0ee0569f69e60a0680

        SHA512

        8721c6c3bc850d4254034d2cdfb6ff0e51b12613c80860481f40df4db5d42b1bdb0f39b56a326b2cb82c34c82fc6ea95eccdfbe23a1032c7d5ad054ba63614f4

        Download Submit

      • C:\Windows\System32\wbengine.exe
        Filesize

        2.1MB

        MD5

        6de34b4a766d1992484ebe21adf89752

        SHA1

        7df2bf9815eb46bde3bc8a5cb83003e978304da1

        SHA256

        cb99e12a48289fe8de37a71330ef99aeee743384bf6a17d89019123b090d58f9

        SHA512

        2106aa68089bd0163132a3df5a5f9fa9cbb8a8033d534c58c82dcf8bf4981b9ba30f447ac83d8db3f6cd0c231f2210d3db9c260c66b09c8daa9fc0d5ab5961fa

        Download Submit

      • memory/920-633-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/920-343-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/1040-324-0x0000000140000000-0x00000001401ED000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1148-217-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1148-204-0x0000000000720000-0x0000000000780000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1148-198-0x0000000000720000-0x0000000000780000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1148-374-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1172-144-0x0000000001720000-0x0000000001786000-memory.dmp

        Filesize

        408KB

        Download

      • memory/1172-155-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1172-149-0x0000000001720000-0x0000000001786000-memory.dmp

        Filesize

        408KB

        Download

      • memory/1172-143-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1172-140-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1172-258-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1228-417-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1396-289-0x0000000000400000-0x00000000005EE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1980-376-0x0000000140000000-0x0000000140239000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/2116-234-0x0000000000870000-0x00000000008D0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2116-261-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2292-263-0x0000000140000000-0x0000000140226000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2700-133-0x0000000000550000-0x00000000006CC000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2700-138-0x00000000050B0000-0x00000000050C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2700-137-0x00000000050B0000-0x00000000050C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2700-139-0x0000000007280000-0x000000000731C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/2700-136-0x0000000005070000-0x000000000507A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2700-135-0x0000000005100000-0x0000000005192000-memory.dmp

        Filesize

        584KB

        Download

      • memory/2700-134-0x0000000005610000-0x0000000005BB4000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/2708-169-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2708-157-0x00000000005D0000-0x0000000000630000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2708-163-0x00000000005D0000-0x0000000000630000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3288-393-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3288-648-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3424-194-0x00000000004F0000-0x0000000000550000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3424-190-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3424-187-0x00000000004F0000-0x0000000000550000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3424-181-0x00000000004F0000-0x0000000000550000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3424-197-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3936-420-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/3936-675-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/4032-322-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4144-345-0x0000000140000000-0x0000000140259000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4144-634-0x0000000140000000-0x0000000140259000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4148-553-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4148-266-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4236-643-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4236-378-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4280-606-0x000001E8DC770000-0x000001E8DC771000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4280-699-0x000001E8DF7B0000-0x000001E8DF7C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-749-0x000001E8DF530000-0x000001E8DF540000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-748-0x000001E8DF530000-0x000001E8DF540000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-736-0x000001E8DF7B0000-0x000001E8DF7C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-729-0x000001E8DF7B0000-0x000001E8DF7C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-728-0x000001E8DF1E0000-0x000001E8DF1F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-727-0x000001E8DF1E0000-0x000001E8DF1F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-726-0x000001E8DF1E0000-0x000001E8DF1F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-709-0x000001E8DF190000-0x000001E8DF1AA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4280-708-0x000001E8DF190000-0x000001E8DF1AA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4280-707-0x000001E8DC770000-0x000001E8DC771000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4280-605-0x000001E8DC760000-0x000001E8DC770000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-698-0x000001E8DF7B0000-0x000001E8DF7C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-607-0x000001E8DF190000-0x000001E8DF1AA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4280-608-0x000001E8DF190000-0x000001E8DF1AA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4280-697-0x000001E8DF7B0000-0x000001E8DF7C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-677-0x000001E8DF530000-0x000001E8DF540000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-636-0x000001E8DF1E0000-0x000001E8DF1F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-637-0x000001E8DF1E0000-0x000001E8DF1F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4280-676-0x000001E8DF530000-0x000001E8DF540000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4512-176-0x00000000006A0000-0x0000000000700000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4512-189-0x0000000140000000-0x0000000140200000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4512-170-0x00000000006A0000-0x0000000000700000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4588-191-0x00000000057D0000-0x00000000057E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4588-178-0x0000000001130000-0x0000000001196000-memory.dmp

        Filesize

        408KB

        Download

      • memory/4632-229-0x0000000001A50000-0x0000000001AB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4632-226-0x0000000001A50000-0x0000000001AB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4632-220-0x0000000001A50000-0x0000000001AB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4632-232-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4644-369-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4672-419-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4672-674-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4704-573-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4704-323-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/5008-208-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/5008-216-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/5008-214-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/5008-372-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download