Overview

overview

10

Static

static

3

SecuriteIn...39.exe

windows7-x64

10

SecuriteIn...39.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    171s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-05-2023 20:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Heur.24719.4239.exe

  • Size

    1.6MB

  • MD5

    170860057f4aad06ddbeea0ca2b3f1b6

  • SHA1

    db04c735b769df458518f959ae7eca39cfa06213

  • SHA256

    e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998

  • SHA512

    f8bf57126bad026be2414121c798d5688119f06312404c35dea3f457deb717f6422291f5401178586fd23055577f893b4e6236e413c909e3b526c45d3b957766

  • SSDEEP

    24576:uU7taDBzgNEfeEvFTMxdzYPh1ogay/zj1weNgcHFx5MpfTjU/c7jNXPohE:uU7PNBmMxdEvogdzxzHFx+pfTgE7VPI

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 22 IoCs
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 24 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 16 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 5 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heur.24719.4239.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heur.24719.4239.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3628
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heur.24719.4239.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heur.24719.4239.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1496
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
        • Accesses Microsoft Outlook profiles
        • outlook_office_path
        • outlook_win_path
        PID:2852
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:3900
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:1388
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3952
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:1840
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2824
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1076
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:4332
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:2208
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:1372
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:2064
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:4244
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:2364
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4220
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:4128
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:2068
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:3924
    • C:\Windows\system32\TieringEngineService.exe
      C:\Windows\system32\TieringEngineService.exe
      1⤵
      • Executes dropped EXE
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:2700
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:1116
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4684
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:4756
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3568
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4160
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:4732
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        PID:5100

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
        Filesize

        2.1MB

        MD5

        493024b1358ab9cc58e6ad583eff6a11

        SHA1

        2856de332d911e0adf79e677f4c48e88cd83fa9b

        SHA256

        81c546c1a570516837a9e8a7b99ce1e3e789857c8c5112ca826e2345161adbc8

        SHA512

        2c49684e4f92274485487988f40be147edfb570c30214a7e6a54603577b51f22f30556a5af7be0833233acd0d01dc412f1a4d50e61fa97efb8f4817825d51a20

        Download Submit

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        Filesize

        1.4MB

        MD5

        8fd7c7ce8d587ff2d3991814db8eb403

        SHA1

        f746bb35b71da6958699ccd213eec15a009feec2

        SHA256

        f3f1dd83126bfdbbb9c0f6196b08665b92fd8626290445e7d9d042f1b6107664

        SHA512

        7227a8311755564fc2e033d1704e64631fb030feda96c1e2b6e463a3d54e492c777f91cb9b091649d9c6de7e040fcbb2afd49255a1d57475f2137a3a99eda489

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
        Filesize

        1.5MB

        MD5

        d42b617f3116f8131f6b42478533bc74

        SHA1

        58d764aca0a65a01a20805e8ce001befe5816abb

        SHA256

        fc979b82a7b83f4888786cd3fdcc712a969101d61c58cbd76c6c460252dd05b8

        SHA512

        396419494548b9ea6c8391582139cc61f32396f6da67a59ef1502115523c7c8ed39baf2a5e44161aab6a6a9b95ac73ba333922cb7bcd1a8250b0b59870563e30

        Download Submit

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
        Filesize

        2.1MB

        MD5

        949ffc62dd3c38b44772e1d7b623e5e5

        SHA1

        fca5c8009d93e0752f6096d57c2440c7d3e171e2

        SHA256

        4f8f468aea770766dce5f5c466464f638523ed08c03a92e4a30bc36c9893206a

        SHA512

        dd81b9feabdd896e3b03e1105f8657cb3eaf6df3c1739064326797d7584ece889e50570ccc70490fec4e3708bb8b3cd44c98eae6d46e866de0b834f30000c65e

        Download Submit

      • C:\Windows\SysWOW64\perfhost.exe
        Filesize

        1.2MB

        MD5

        ad0a19f3e54ea74464224f60243b1a7d

        SHA1

        64185820f088df700834d30d8ebf5ef46f5e7796

        SHA256

        b8ea50f59412bdabc6672f4b601e6a613e9bb7b281d4690c7abf9643f50da5eb

        SHA512

        fc6262ae58cfa76fd05db5d80ed2d6a376f1cff2b9fa3ae659aec5547e7ae41dd6c2c297dc135170ec1b740eba3061c8a2ad93a74a45ba165dbf15a077b3b4ff

        Download Submit

      • C:\Windows\System32\AgentService.exe
        Filesize

        1.7MB

        MD5

        19e918531e2fa599bcf4a8759922190f

        SHA1

        cbdac5e19a371fcd41dd6aed47cb88e4ab39142c

        SHA256

        d0b2c971d649608c0fa32e0bdff178e0fb73214865cfbbf49a5b086fb3df5ea3

        SHA512

        7907251885cc1ed45200da332881e6b8c1bd653be8873a8da6c35f1b6fe27e0d4630d8859720646c4d77a0547ec02c054dd59ad9e710721eebac39f047ae41c4

        Download Submit

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        Filesize

        1.3MB

        MD5

        4e4351cff04a937990dda051551877b7

        SHA1

        bafce7c7c59db97184415f55a5cc59402463a13c

        SHA256

        e58c9c89de63f6e8637417b1d0714a4d56218694e8f9a0a92aa1a34c7e1939fe

        SHA512

        66cb613e9a95adab7edd4ff6471a9b64ab911b61f5105cfa32537854e3091842905ff98ae6c64adf959f9bf84f7fa74977b61df17310d329d03244549a971f18

        Download Submit

      • C:\Windows\System32\FXSSVC.exe
        Filesize

        1.2MB

        MD5

        75fa3ac4e2e1b15a1b4fe8763adf2eaf

        SHA1

        ce9856e8dc16a98e946443897b25f5f1e9e5ab55

        SHA256

        5cb72d3d7184061523cd2a729dca59df4b429a176ef5b7f719b6673211a879c9

        SHA512

        30485551b9cf02bc5061e7126c4e082f8c81f7a591d0f978d78cb74ce11a0dcd681f5d0ae78fe1fa19bf091db5ba6422893ab00fd7167bc6f05f3bd68c4eb6e8

        Download Submit

      • C:\Windows\System32\Locator.exe
        Filesize

        1.2MB

        MD5

        0df96ceea13d45ace0816a1dce5731c7

        SHA1

        71e5b4b644e0e7aeb6f4a86a1bd75591aee36072

        SHA256

        be21d3090a5745f5703db7e9a19bfd8deb485d7511ee193284cb5fb6bb7545f8

        SHA512

        6bf060e5487a001a93112cc92fe0361d5ed120b654e3321a6a3d5d2201801afc5f03afafb86101c4742a7dce4bf26d56abc2d2944b712fc0e6c5ed3d17080ae0

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        1c759eb97c355edcb1316642e53fa78c

        SHA1

        ef2e9fb966449fe1a4e1178c50c324565cf83059

        SHA256

        eaafc8976ae084577cee0f3588e4325e70a5894dd492317b5c15ce5635a34d18

        SHA512

        8188553102a6d83c2815b1576c6a0642b6af4e551f72253068318fee1e635142f1f24c5c03d74007d89689171683cd3b08c8681c317a6a8b7b51a9e9b138091e

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        1c759eb97c355edcb1316642e53fa78c

        SHA1

        ef2e9fb966449fe1a4e1178c50c324565cf83059

        SHA256

        eaafc8976ae084577cee0f3588e4325e70a5894dd492317b5c15ce5635a34d18

        SHA512

        8188553102a6d83c2815b1576c6a0642b6af4e551f72253068318fee1e635142f1f24c5c03d74007d89689171683cd3b08c8681c317a6a8b7b51a9e9b138091e

        Download Submit

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
        Filesize

        1.3MB

        MD5

        af15896522e69dec1144e376a8357f7d

        SHA1

        45e4464cbe66189520c6dd4fbba47436138059f2

        SHA256

        35a5999c0b438a4d8f0cabe8f06655b91f259f9a7282d5349bc3a6156e816ce4

        SHA512

        940b580b0e65bfcad35feb4973fd206bcd7220a4cb80874c31fc08c3d2df3e591465a16902b2c7c072a2d37e61934a974e44e2a9e47d1569bacedaefbf3f8b72

        Download Submit

      • C:\Windows\System32\SearchIndexer.exe
        Filesize

        1.4MB

        MD5

        7b06723da8c0d15f5c6c0680fbcb6e0f

        SHA1

        507af4e06c0c6c68f89a12a63705491875a871e4

        SHA256

        18511c5b27ca0d177959ce2f964db4bcf13352b83bde6bda026ab4e310c6667f

        SHA512

        f51b554ff46e71475bb07dc41cdc4373684af015135e4e5460071f6de9786b1ac7e1e3c65de092a1b6439dff975bf9a79614660a24a8f8efa46ef531ff31b489

        Download Submit

      • C:\Windows\System32\SensorDataService.exe
        Filesize

        1.8MB

        MD5

        d53b0ea33ffe83a85fd89c68a8e6e1af

        SHA1

        8dd49f4a4aef976a837c5381050945765f3b23fc

        SHA256

        651bbf2a54d1d6fa582f94dcf30639ab4b6a9b47e199d9a9887d78515d4caf1e

        SHA512

        f80197d33db77ca1ae395a2f5451db936dedb89955bf23cd6cbfb25b2cc096371c72942a27ee2eb58033a43579f9d6a21f31f3e47ce435c9bffe050b49109192

        Download Submit

      • C:\Windows\System32\Spectrum.exe
        Filesize

        1.4MB

        MD5

        535c7fda089de4b4828ab3585981514d

        SHA1

        305aed213bc348d9060b19bd4cf2ca1bf9754fef

        SHA256

        3b1aed3ea77066d27aaafee83da59c56a329d3d89c550a9ac4b999922a89bce9

        SHA512

        24cb6a1dd8625fe9e7930516b993d2d16bf72023dc4e2a72de483cec4a385249d972a538a6b0fe42d191ebc203d5060b9295ebcd78ca2999b5fe51dbd40e3923

        Download Submit

      • C:\Windows\System32\TieringEngineService.exe
        Filesize

        1.5MB

        MD5

        e235b4c6538cb5b6d25dac0675008880

        SHA1

        b333e72f4b6d6a5b9f1c6d1cbdebc0288de1c41e

        SHA256

        850b0ac90c7b0e84d1494ce05250ddb60b4c17fcc7c3ca383701f390b801c9e1

        SHA512

        f01dacc2bd4c14b4b08fed6f18aea0d420dbdca7eece53f9830791eb1269b6dc8a370aed28fcd223d2f56f27835bfc83f99f47297473f244fac0d8ac191cb705

        Download Submit

      • C:\Windows\System32\VSSVC.exe
        Filesize

        2.0MB

        MD5

        7ec1b1ce504655e8348960489a55b37c

        SHA1

        163862c9f8a50a1a45bae5f14b64b1767bddd1e2

        SHA256

        31f5a4d33f93d3ca332497323dfdda0c72dfe9308dbc8bdc4ed445b6e28221fc

        SHA512

        bd74a82c1edd74bcacbb732fc1c3db41b49f7df6d0fe16ce523da1d9426becb5cbc81192e0c8d359b55848e8656e2e6b88a1c95929c03b47e11506397dac3662

        Download Submit

      • C:\Windows\System32\alg.exe
        Filesize

        1.3MB

        MD5

        3b299f4b3b87a1424bd55ac47d4a7bd2

        SHA1

        aba340ecb1acea78d642802fc372b825f9c0213d

        SHA256

        f60d838eced04c9c8f46e96cc2c6e89ec14b5ba2a4d89c572cfe38cb8d65bae0

        SHA512

        518064d2039cbb12c443ee687bff357fcc27006657f29e761a5336e4af264e3e4d69fb2609599322ed40c01caa46c597d7a463730e4d81396a1f7c421eb6e92f

        Download Submit

      • C:\Windows\System32\msdtc.exe
        Filesize

        1.4MB

        MD5

        e3e6f99388ed3cd278a5daeee388b266

        SHA1

        71304fcf60b376502c14ace902031e1ed94ef482

        SHA256

        5601fee0d9f8a1099a232aecbbeada86160b8e96f78c9ae6b535c501b6611996

        SHA512

        2b4a8f16a57dde097fc00dd47d3564238eaca7750fdfecc6746db2addb102f74b3b5ea6882ded3b916c3ae991ab3ba2012c3f69ec9349972b0bc0e3dfd264608

        Download Submit

      • C:\Windows\System32\snmptrap.exe
        Filesize

        1.2MB

        MD5

        bfde860516567531e6fdbcd4a356ac22

        SHA1

        310e15cf93c7630f7e9ba01177fd3b38b15022e1

        SHA256

        ffbc34222c9b5921eebc48742633e6e70b07f723d997754c59be407a25f3e377

        SHA512

        706e21dad6aa3c9e8368ac063bd10109448e53a1d9060127827caac6b60fd6f6178d5a87a85e4ddae77588471212f5ba129c008796cdf9d225e71e2e118e279f

        Download Submit

      • C:\Windows\System32\vds.exe
        Filesize

        1.3MB

        MD5

        3dd576f435b8ddae517456e1268ca195

        SHA1

        3cc9c7f42339abb3c5de93d04362306107aa8e44

        SHA256

        c4610552556a7de1ba3cab8ed407f3e7b5c353d28d9b3288481efc9e8f804527

        SHA512

        e9bc47139fc78676d2999c33ec457e2c34f556ba567b0635106a0947be9e4066932eb303d57c0ebba574798070c3ff9ea86dd9a07ba5a855523b2d9c2adc029d

        Download Submit

      • C:\Windows\System32\wbem\WmiApSrv.exe
        Filesize

        1.4MB

        MD5

        4a7b2e991c09f43e20274c96ab5cabee

        SHA1

        5f10e1443f8cf2cf9a21be6b53234218857561b3

        SHA256

        961469f65cb567698ca88be9aafec0cb04219448110979fc4dd80081ef2762b4

        SHA512

        2367d19583c1280ab213b6d9e02a43cd091b88d9e39a15323b66abd9345d0f83dcebaacbf5485a5259cf75c1cfe2b98173a23e6f2f22fd3e17518d94c3660d45

        Download Submit

      • C:\Windows\System32\wbengine.exe
        Filesize

        2.1MB

        MD5

        ec93a5fd7eddd3a33fc09f08e1958543

        SHA1

        ae178cd44b1fee81c86912f023f267a54dfe9c1a

        SHA256

        b8b249e021011ec8390622e30493cb6f4693795ded4fffa54c048ba3c69b2a4e

        SHA512

        19f9b3203f4f6bca6ec6355fe402a58110b96239f4591803d38e79e3fbf09efe4be5582e9825fa1d7364dd8f2e7a8c1f0b9d69495141c5773618b8cf3cba5d3e

        Download Submit

      • memory/1076-314-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1076-215-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1076-206-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1076-212-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1372-262-0x0000000140000000-0x0000000140226000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1388-180-0x0000000140000000-0x0000000140200000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1388-176-0x0000000000690000-0x00000000006F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1388-170-0x0000000000690000-0x00000000006F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1496-150-0x00000000029A0000-0x0000000002A06000-memory.dmp

        Filesize

        408KB

        Download

      • memory/1496-140-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1496-143-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1496-144-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1496-145-0x00000000029A0000-0x0000000002A06000-memory.dmp

        Filesize

        408KB

        Download

      • memory/1496-179-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1840-182-0x0000000000A00000-0x0000000000A60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1840-188-0x0000000000A00000-0x0000000000A60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1840-190-0x0000000000A00000-0x0000000000A60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1840-193-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2064-265-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2064-393-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2068-319-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/2068-426-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/2208-232-0x0000000000D10000-0x0000000000D70000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2208-231-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2208-339-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2364-290-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2700-351-0x0000000140000000-0x0000000140239000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/2824-202-0x00000000008F0000-0x0000000000950000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2824-288-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/2824-196-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/2824-195-0x00000000008F0000-0x0000000000950000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2852-327-0x00000000054B0000-0x00000000054C0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2852-325-0x0000000000F00000-0x0000000000F66000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3568-379-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3568-468-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3628-134-0x00000000057C0000-0x0000000005D64000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/3628-138-0x0000000005400000-0x0000000005410000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3628-137-0x00000000051E0000-0x00000000051EA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/3628-136-0x0000000005400000-0x0000000005410000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3628-135-0x00000000050C0000-0x0000000005152000-memory.dmp

        Filesize

        584KB

        Download

      • memory/3628-139-0x0000000005710000-0x00000000057AC000-memory.dmp

        Filesize

        624KB

        Download

      • memory/3628-133-0x0000000000570000-0x0000000000706000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3900-240-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3900-164-0x00000000006B0000-0x0000000000710000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3900-158-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3900-157-0x00000000006B0000-0x0000000000710000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3924-340-0x0000000140000000-0x0000000140259000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4128-317-0x0000000140000000-0x00000001401ED000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4160-396-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4160-471-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4220-301-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4220-403-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4244-277-0x0000000000400000-0x00000000005EE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4332-217-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4332-223-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4332-226-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4332-228-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4684-367-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4684-363-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4732-414-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4756-380-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/4756-469-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/5100-420-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download