Overview

overview

10

Static

static

3

PO_39100.exe

windows7-x64

10

PO_39100.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-05-2023 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO_39100.exe

  • Size

    1.5MB

  • MD5

    13dc441ec2f9e3f9aa1f354a4b14d318

  • SHA1

    05b62c596ca78745d73514cd5d43434929955863

  • SHA256

    6f35bb0a7644cfda2468e984269f7febafcb672591a887a8029257dea0801a7c

  • SHA512

    30f4da77bf1ba35334fc1812a6792bb91396fdc8cc7b918f81c6395a48523079cccc89c7090b5c21c30ab62939fa8663cc695ad7d876f083773f7c85cffc5242

  • SSDEEP

    24576:TwMryIYPOfPFxgvnRnc215nETdxUA6p7GDHDCf0uEywBk1EM8Xzd:Md5PsPfgvRv0gA6pYC52lD

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 22 IoCs
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 24 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 5 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO_39100.exe
    "C:\Users\Admin\AppData\Local\Temp\PO_39100.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4732
    • C:\Users\Admin\AppData\Local\Temp\PO_39100.exe
      "C:\Users\Admin\AppData\Local\Temp\PO_39100.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1040
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
        • Accesses Microsoft Outlook profiles
        • outlook_office_path
        • outlook_win_path
        PID:2376
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:4268
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:2548
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4648
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4344
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2320
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4196
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:500
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4236
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:2604
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:2180
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:5096
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:4448
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4996
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:4060
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:3256
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:3756
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:1964
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:4852
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4016
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:2688
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2624
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4240
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:428
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:888
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
            PID:1928
          • C:\Windows\system32\SearchFilterHost.exe
            "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
            2⤵
              PID:5028

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
            Filesize

            2.1MB

            MD5

            9f9a849256ecc2f43865a1302eb824da

            SHA1

            feefc7db7593c226857219096ec986ce20492323

            SHA256

            6eeee7d2a01487916ec82ebcb4654e607856804c895cb4acff29a928677ddace

            SHA512

            c1072e997b43e5c4090f1bbbd6776a463e5e92c6723608c83b6de94c83160af9eeeaa5efa9362a9c01eae1f8868a06e1588511563872171f5ebf270bc8f76542

            Download Submit

          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
            Filesize

            1.4MB

            MD5

            a3db1c7498750cb2f3ff38bac8393ef5

            SHA1

            4e122ffc8474599807065d5f7a7009863d3f1aa1

            SHA256

            e6210d77b3e0a5410a30600b4c0cd748aac28e61fc968168babbeb0b7b390ce3

            SHA512

            f8a77db6c65eb99f95a08720345ca0d6ec676a4af13fbfb42e687e61483c044a305b931ac81a90d0f2003ffd5f47fdb6b0ec58054cfb3e4c0a8f2d6dd44e8c7c

            Download Submit

          • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
            Filesize

            1.5MB

            MD5

            43384ed646a27d0e71c20c831e6cf33a

            SHA1

            029acc612c2c69b37bab1c14cc5759342cc30522

            SHA256

            338434951faab787a4e4220a0f88be0e85e3d9cf112fbe18ee3407cd6962c262

            SHA512

            586908677d5cd28a397f30f139be9a96b0fee18b9b6167088af0f495e2d0b6b1af00a1e3309741bbaff5984e54869202a55e7b120e62358bb72f4c40147590df

            Download Submit

          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
            Filesize

            2.1MB

            MD5

            3d963e3729ced151be523321cc4101af

            SHA1

            32a5f5681787d6ec211b18ad245a782b37cf581c

            SHA256

            6f10e31bfcb1eb901765e96526edb3815189c9a29db4449e86c2112dedb6f0fb

            SHA512

            fde5e0bf145c236096a4ce9abc8dc1269bdf6d57ac09207d6559e02e3f7ffcf112ad613bc0675108dd20c3b670579398e5a319ff2a078b1245172f15453e1c2e

            Download Submit

          • C:\Windows\SysWOW64\perfhost.exe
            Filesize

            1.2MB

            MD5

            85b4b90e6f675c54de529192f48cda49

            SHA1

            671e91da9cc00dfd19e02ca7269327f1c9dc3f49

            SHA256

            ca24eaa7f160172d0b31f70a77c127c78eb0eec2c115a053c41ca9ea29da8b2b

            SHA512

            d47f64d1fb394e625cda4af677139b5fbfe6d970877e2bccb6af5989381b765b5152be97e821f77f635a253fa86936addb0b742dccde29c79aee18dae96e4c8b

            Download Submit

          • C:\Windows\System32\AgentService.exe
            Filesize

            1.7MB

            MD5

            5a2e14055353001645ab1abc014c6eda

            SHA1

            2c43d1320daac7cb3c4142ec71360bee729377d0

            SHA256

            e697c6c591097c54bee14bc63421cca250728aa4e5abdf01257d0ee7063dc3de

            SHA512

            d8284d72ebb4b9d8c2d7688152daf56f1524403ac1c7a44060a581b153a8a7d5c56e255eff2879321a427d2665f14c86bbe11a4b37432e27e00883233140ba4a

            Download Submit

          • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
            Filesize

            1.3MB

            MD5

            bbe46f8b78fa3fe7148490f6df265ece

            SHA1

            58d2d96f284f886f45775b425b3f6a4a8891f196

            SHA256

            9bc7c818695a74844a545fcd69dfa9d0e62e99b0088484c7f6ec3e483ae06e61

            SHA512

            88f1d5f11e46658298cb1a72ff5fb4ef02b0c8b20cd79b393e16481f2b420745dacb3ba57c9dff2e6f8c2a66f38e01c7f7e371964873034d7c65fc06271d24d0

            Download Submit

          • C:\Windows\System32\FXSSVC.exe
            Filesize

            1.2MB

            MD5

            02da41c04372d042ab400c82b5603bc1

            SHA1

            889d63bfdb73a3f988e37833b9e6fecc34c1ff9e

            SHA256

            2a47e42b700964acb1b82cca0358486c1b88815560e92ef8bb69c3c63ceed2a6

            SHA512

            757453920f459dd0f632e91a1451423c703a04f2a185865a17e33c0ea47907a4019d42aa34a630645f90cc9531405950883b2ceaa64547d01c693ce8d50958f0

            Download Submit

          • C:\Windows\System32\Locator.exe
            Filesize

            1.2MB

            MD5

            317f1ce1ddc6bcdd4a59aae5da3975f1

            SHA1

            601b5256cacabfb33db5ad1b8fe3dfe27ee2b880

            SHA256

            122d327c347a83f7d51839a3f1f053d65302265d7fd85d25614fdacdf5a4676b

            SHA512

            2373d73f586051d8ca00c83214efa65adcbc159c364cc73e0935d30e30f9b6a77e1d78793014c090e2ed49b82258ca2b9b0b35e0f4e416df9ceb146ac55672e6

            Download Submit

          • C:\Windows\System32\OpenSSH\ssh-agent.exe
            Filesize

            1.6MB

            MD5

            6626bccd1b54003374394c3d211e4f06

            SHA1

            eace0d4b81f90ca9debcbf30c3100e703d588777

            SHA256

            1e7af66a907c183b056d7497bde7c3032afa72b7898e50f9b93a8b2b8cc56ba4

            SHA512

            512f2b773b393ad9978216dd566c0d535aba8fdebee5005b9eb721d95b956f251a72caf5a7e504b2aaaf082b17a81af83d187e48fef4da5b60be43f2277eae38

            Download Submit

          • C:\Windows\System32\OpenSSH\ssh-agent.exe
            Filesize

            1.6MB

            MD5

            6626bccd1b54003374394c3d211e4f06

            SHA1

            eace0d4b81f90ca9debcbf30c3100e703d588777

            SHA256

            1e7af66a907c183b056d7497bde7c3032afa72b7898e50f9b93a8b2b8cc56ba4

            SHA512

            512f2b773b393ad9978216dd566c0d535aba8fdebee5005b9eb721d95b956f251a72caf5a7e504b2aaaf082b17a81af83d187e48fef4da5b60be43f2277eae38

            Download Submit

          • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
            Filesize

            1.3MB

            MD5

            bf9f0c13d09825c1977b0c92a48870b6

            SHA1

            19e8446189cf21627ed1d947f205667fdbc342d4

            SHA256

            e7cda41b22a1f124c6f594ac7ba900978d4055d64fde44d678146ac0a3501ccd

            SHA512

            9aa93f452c7cd39726299d2e90c311dad4f3e0a10f6cf00727477f9c3929c703153bcabd6d1c1940a0265994f0ddb8e0c4c6aeda3196caac6812d9435fbc6e25

            Download Submit

          • C:\Windows\System32\SearchIndexer.exe
            Filesize

            1.4MB

            MD5

            fd0c43c517009f144c7293319e215ccd

            SHA1

            580cb8f3fa9b0c8bd40d5361502560e8392f0126

            SHA256

            5834fd204c1432cc9b278ac9c237d3b7411176aed7529272d69a203d7321f940

            SHA512

            ed998e817ef1b0dc3efcfb332266c31c159da0481562fba6ec839e3481efba5f9e3d6ea1f862e6354d2b5028115799562b6bfbbd5788523b16fd8b6c0f941211

            Download Submit

          • C:\Windows\System32\SensorDataService.exe
            Filesize

            1.8MB

            MD5

            23cdca343ae80b91e66a75b4a734c4e4

            SHA1

            e6d0ef0ba4a52ce1f36ab53313a99b64a066c4fc

            SHA256

            5470917e7c70b0840bfc28e23e0bf8de3726e1e4cb7f68304f1f93a19c3e2353

            SHA512

            497c1a8f3a211844206c6f40bec39c4ec1a902bc5813518ebbb66a6e1c264b58e4ad3fba85af99d620166fcfb9e9e83b4ca4ac4761293c086d5dee1ed29800ab

            Download Submit

          • C:\Windows\System32\Spectrum.exe
            Filesize

            1.4MB

            MD5

            4f18cbc652948bb7ad7f886d5fd84575

            SHA1

            e218c314c4dfe308310a01f36ad7266990e6ceed

            SHA256

            b6ab6dc4cab522411f4e65b695d3f3d37a01d8a03cdf1e99eeaa24d15a9726ca

            SHA512

            cb64dd4c15cec87fa4ec2307e92044888642b7f7316216a82483e06bc69810da01a9e4284e5511370b30d3fea75e7afe54eaffdbcfa487024c5caaec808b3dbd

            Download Submit

          • C:\Windows\System32\TieringEngineService.exe
            Filesize

            1.5MB

            MD5

            fcdd1e90a20effbc47fdf58904aa0012

            SHA1

            64f1abc17aad168d2a505c0652d5396868997343

            SHA256

            60b4533362a608153f409a5e81473f67e6e7a5990cc992906f4d367e7f9568ab

            SHA512

            58d4fc27e4634a7a04af87306a6e177fa054ef9f54d8d278aa73c697c3e592283fdc360bdbbb40716d8932b1bf1eee3cfa72881b9f552aff7e0ab7272771662a

            Download Submit

          • C:\Windows\System32\VSSVC.exe
            Filesize

            2.0MB

            MD5

            d7e09aab3bd0bfa83cb78ff63ba7a361

            SHA1

            bf22b229565039bbcc8ba91e963b9302274b689e

            SHA256

            b2c0e3bfa8c1904bb1277e6e829f95dd0a5ac0afe4b48a75c8cc0d835a8355a4

            SHA512

            3cbe6fc8427802ba92aff875c3cfe01860748642ff557d38a2cdb1e61e7507681d2545cfc3bf3e1232ff770b3d931ba47b5182e77e7fde56f600e23bb8917e5e

            Download Submit

          • C:\Windows\System32\alg.exe
            Filesize

            1.3MB

            MD5

            659fec0891adb348d6b244fa969c342b

            SHA1

            294faf494639d2b66c57980899e04310f77a7fae

            SHA256

            a3cf741e1fe0d26c1187b4ab7d3a544fd0c014476dac812779029718b0a6b2ff

            SHA512

            b6ba8c53e41082bec0a976a50c060c5c88ec8f0bdcc9a093d565613006cd66f0111566bf7f220c91acbb381d0e05fcac1c3764c173f93ce85ce8a20d57366ad1

            Download Submit

          • C:\Windows\System32\msdtc.exe
            Filesize

            1.4MB

            MD5

            af1b3255e90a778edab70a3b046db0a4

            SHA1

            d71bc9926d06643f6466b7be647fe4d0277e8296

            SHA256

            4c909e372d270f3107a5ad2527ba90dd554c02880b1d56fa59fd56211c0d7813

            SHA512

            810d67f8df2bcc8771510580029248728391ab5d5d74a96ad8505945aa02eebc58d3d413f3867695834e90107b97995e1a95b2522f6e9202f7cb561e0ab153b3

            Download Submit

          • C:\Windows\System32\snmptrap.exe
            Filesize

            1.2MB

            MD5

            1a4aafd49d5a2c0b9e2e71558ee18667

            SHA1

            819fd1c37a2087e26e9a5e199cbf14441960c073

            SHA256

            174d75bc3c3ad9bc0448d456221ebb8d1d5534f9522d7ef27363f4725a0ef414

            SHA512

            7d2836d9d15ce9ecbbd125236ce3620283d165e1bfaa22f4e8eb8099bc5e873422724e4219278caa28cfa3bef797d8841320e8190e54093624bd6651a53fe5f7

            Download Submit

          • C:\Windows\System32\vds.exe
            Filesize

            1.3MB

            MD5

            ea3f78b3c51641842bd97d7edb7ff360

            SHA1

            710b339e830df68500ed1e86eca49332a08e1272

            SHA256

            82d97a704fff7545f37a14cd95308c1ba0aea1840d84bcca403efd6f2baa2071

            SHA512

            9ec432877e63f38bad20402a0d85b02585a41782a5a953c177f0bbd31c86feebd358fbf6960523b0271cbbe7c51f1e67fe31aaffd66de879bfb039e9ea171b46

            Download Submit

          • C:\Windows\System32\wbem\WmiApSrv.exe
            Filesize

            1.4MB

            MD5

            4967755ec14d204a4b041e54aef355d9

            SHA1

            f1f04965585e6e961d26c0ec03dbcab7ca6839c9

            SHA256

            7d58d1b50e2af692284297713f83d072c812643e4bd162dd0eff0d8ab84387f3

            SHA512

            705ee07f11fb811d337ba055759a577d6150ac27d4fa042786243543297ab55f2ef52a97e7fb0b3269dcf79102efa76bb143d85a9107bfe67f239ee8f6f34c4e

            Download Submit

          • C:\Windows\System32\wbengine.exe
            Filesize

            2.1MB

            MD5

            e13abb26b658a5c18743a5af287b91ca

            SHA1

            eedc320f4d7a2c5046874add2370ea639163cee0

            SHA256

            116bb63008161d6786cb1e293297dd91f9bfff0fbfb1d68005d0c0186818efa0

            SHA512

            6483fca1b91a325101b81d1bc48407bf17874a28dc17977828686149cc7b57f3430ae5fc13ba9de1da78bc97ec95cd6138ffca0e410449b9a5793244a2b99c7f

            Download Submit

          • memory/428-414-0x0000000140000000-0x000000014021D000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/428-524-0x0000000140000000-0x000000014021D000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/500-224-0x0000000002270000-0x00000000022D0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/500-230-0x0000000002270000-0x00000000022D0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/500-233-0x0000000002270000-0x00000000022D0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/500-235-0x0000000140000000-0x0000000140221000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/888-418-0x0000000140000000-0x0000000140179000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/1040-183-0x0000000000400000-0x0000000000654000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/1040-150-0x00000000030E0000-0x0000000003146000-memory.dmp

            Filesize

            408KB

            Download

          • memory/1040-146-0x0000000000400000-0x0000000000654000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/1040-144-0x00000000030E0000-0x0000000003146000-memory.dmp

            Filesize

            408KB

            Download

          • memory/1040-143-0x0000000000400000-0x0000000000654000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/1040-140-0x0000000000400000-0x0000000000654000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/2180-269-0x0000000140000000-0x0000000140202000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2320-208-0x00000000007C0000-0x0000000000820000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2320-211-0x0000000140000000-0x0000000140237000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/2320-201-0x00000000007C0000-0x0000000000820000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2320-276-0x0000000140000000-0x0000000140237000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/2376-195-0x0000000004E90000-0x0000000004EA0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2376-179-0x0000000000900000-0x0000000000966000-memory.dmp

            Filesize

            408KB

            Download

          • memory/2548-185-0x0000000140000000-0x0000000140200000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2548-176-0x0000000000660000-0x00000000006C0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2548-170-0x0000000000660000-0x00000000006C0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/2604-260-0x0000000140000000-0x0000000140226000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/2624-388-0x0000000140000000-0x00000001401FC000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2624-500-0x0000000140000000-0x00000001401FC000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2688-382-0x0000000140000000-0x0000000140147000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/2688-499-0x0000000140000000-0x0000000140147000-memory.dmp

            Filesize

            1.3MB

            Download

          • memory/3256-340-0x0000000140000000-0x0000000140169000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/3256-480-0x0000000140000000-0x0000000140169000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/3756-343-0x0000000140000000-0x0000000140259000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/3756-481-0x0000000140000000-0x0000000140259000-memory.dmp

            Filesize

            2.3MB

            Download

          • memory/4016-365-0x0000000140000000-0x00000001401C0000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/4016-371-0x0000000140000000-0x00000001401C0000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/4060-323-0x0000000140000000-0x00000001401ED000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/4196-213-0x0000000000190000-0x00000000001F0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4196-277-0x0000000140000000-0x000000014022B000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/4196-219-0x0000000000190000-0x00000000001F0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4196-222-0x0000000140000000-0x000000014022B000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/4236-239-0x0000000000D40000-0x0000000000DA0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4236-278-0x0000000140000000-0x0000000140210000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4236-238-0x0000000140000000-0x0000000140210000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4240-395-0x0000000140000000-0x0000000140216000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4240-502-0x0000000140000000-0x0000000140216000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4268-157-0x0000000000560000-0x00000000005C0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4268-162-0x0000000140000000-0x0000000140201000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4268-164-0x0000000000560000-0x00000000005C0000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4268-259-0x0000000140000000-0x0000000140201000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/4344-196-0x00000000004F0000-0x0000000000550000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4344-192-0x00000000004F0000-0x0000000000550000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4344-198-0x0000000140000000-0x0000000140135000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4344-186-0x00000000004F0000-0x0000000000550000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4344-194-0x0000000140000000-0x0000000140135000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4448-303-0x0000000140000000-0x00000001401EC000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/4732-138-0x0000000005100000-0x0000000005110000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4732-137-0x0000000004EA0000-0x0000000004EAA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/4732-136-0x0000000005100000-0x0000000005110000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4732-135-0x0000000004EC0000-0x0000000004F52000-memory.dmp

            Filesize

            584KB

            Download

          • memory/4732-139-0x00000000071E0000-0x000000000727C000-memory.dmp

            Filesize

            624KB

            Download

          • memory/4732-133-0x0000000000350000-0x00000000004D8000-memory.dmp

            Filesize

            1.5MB

            Download

          • memory/4732-134-0x00000000053D0000-0x0000000005974000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/4852-362-0x0000000140000000-0x0000000140239000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/4996-463-0x0000000140000000-0x00000001401D7000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/4996-304-0x0000000140000000-0x00000001401D7000-memory.dmp

            Filesize

            1.8MB

            Download

          • memory/5096-454-0x0000000000400000-0x00000000005EE000-memory.dmp

            Filesize

            1.9MB

            Download

          • memory/5096-286-0x0000000000400000-0x00000000005EE000-memory.dmp

            Filesize

            1.9MB

            Download