Overview

overview

10

Static

static

3

Quote 1345 rev.3.exe

windows7-x64

10

Quote 1345 rev.3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-05-2023 19:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quote 1345 rev.3.exe

  • Size

    1.4MB

  • MD5

    34aa0ca40863c30653a0b6ba10d3daa2

  • SHA1

    c5dbbc9a3f6d537ab49aeb89223810cd67c256f7

  • SHA256

    427279a267a65691961da1112b7c562ba7c707709b681c71a7194aa136066eb9

  • SHA512

    34e46909f3ea586033baa5f73ecbf1f5072f2d05cfaf77f6ab2535ee0798f01427b1e62719fc4026f4b38af03e445a33ff2deb22ef9817ab42e506cfb5cb10d2

  • SSDEEP

    24576:O94Lauo2BLrZ6dj7Wd50QKQIsBJXkQsUc/i/Egj87qLom0Y5m6Uy:O/uHrZ6WPKQ5X0QsUN/EgQ7qEmv

Score
10/10
blustealercollectionspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 24 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 43 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe
    "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2724
    • C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe
      "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3572
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
        • Accesses Microsoft Outlook profiles
        • outlook_office_path
        • outlook_win_path
        PID:1996
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:548
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:4592
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4268
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:1948
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1636
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4528
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:932
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:1844
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:956
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:3080
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:4188
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:3552
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:2352
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:1640
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:516
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:540
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:2916
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1076
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3184
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:2860
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3124
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:932
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:4128
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1840
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Modifies data under HKEY_USERS
          PID:628
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
          2⤵
          • Modifies data under HKEY_USERS
          PID:2148

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
        Filesize

        2.1MB

        MD5

        a15d859441fc1bf4909c7ec55a5a5224

        SHA1

        50dd0995674f18f4519a8b19b84512f5b317ee81

        SHA256

        04da984ecc76cd1b12a718e0ec1cfbf684e7ac150de0dbcb8ea8300f2340047f

        SHA512

        cd84737e17574d2e7ab21063e47822aa1c167eeede93d31c844aad8ae4b626304b8b26ca2049f529ee81d678a5e0cd5a8f8498948144a100e0c2f0292d912ad1

        Download Submit

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        Filesize

        1.4MB

        MD5

        30c7f7b26306c5f743503443bdbeba7f

        SHA1

        750b16eb02ac6e5f45ae88b45e3e748cd0290781

        SHA256

        56aefdc95250d518c053faa02da7eb8e7fa0d842f04b7b1e15ad3cbfe86f9945

        SHA512

        6be7a0df974944538fbb3a34f500ca324120f44e54eb1b28ec368c1b278fac72dc1c5983f8617ac717d1999cd94843ebdd3435dbe24d072ac41d0fe34a6beb5a

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
        Filesize

        1.5MB

        MD5

        9f76ac88e8f1387c4a64c77f39a33917

        SHA1

        368582cd0c6b3ca2c67bd9bd550baad460716029

        SHA256

        9f7a786904b51fd5f282aa22eba87b6909517faf1a0f26166b1cec8375b8b0a5

        SHA512

        c2eb87ad4028926a0c6758b1b17d6613f942a16bbd610b49f48105c1c6739d59a1d6b0749317e4c6c5cd1b6daf6271c99ff5ea11e3fb244a52807e440a5fc2d2

        Download Submit

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
        Filesize

        2.1MB

        MD5

        db1ad9ba3a21df96219e53e2a320e811

        SHA1

        4153294817323892301c75e269edbe98a5a22cb6

        SHA256

        9cb4ed8e11d6b0d39474fec43f93225681a55c366b0c7c0bea909ba65cd435ef

        SHA512

        5d68a02745965fefbe088bb7f5aa0f55a29c2580337a404843261aeb2efc3e545d97f4b326fa05fafe70e234380fb4192496edf3b4d1ffcf82a7d144074cd3a7

        Download Submit

      • C:\Windows\SysWOW64\perfhost.exe
        Filesize

        1.2MB

        MD5

        1f0504b7a8090df9dc8a27456695dc03

        SHA1

        1eeabcfeb0d603dab597c8490ae558f282431538

        SHA256

        f4a84f6ffce1e60a825fcbf3391235cf785893b6f6c69821e13ee976e9e04bfe

        SHA512

        8ba0a7ae2eff5f5f1ce72afc139b290ac635ab1f99c6b74ec1a5cfeb30a0f3a7ccde6196b22caedfa336ebf5b2c24a776cdbd2cc4b32ed30711df65eba915ec5

        Download Submit

      • C:\Windows\System32\AgentService.exe
        Filesize

        1.7MB

        MD5

        6227446f5442a757f510d4348c21ea2f

        SHA1

        d9f22f74bebc892af7d47de95e92a562372aa7b0

        SHA256

        2b036ba374a3ee06c8ba50ed82f4f2ae6bec6875e119c42f4ab99ad70c785f17

        SHA512

        effb0d0967f6bd4451b27f400fb09ee40bfe1be1bdead5221cab94e8be93a438b59b8c873feb5519e3566e80cb4d6ddc68e48c8cc33f5a8d4d28f22b8dc6bac2

        Download Submit

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        Filesize

        1.3MB

        MD5

        729c66da5ddb15dda15d327c6148c2bb

        SHA1

        4869caff3f2b56e8a5fc703d8cc2442eee27c226

        SHA256

        579f94d3da2faa3265466b9910000c5e776177f146737b37bc1edc6286c7fd4f

        SHA512

        b8aee03e19c650f2e3254fd03b717c559e082fa0ad2ec91e3301437fca5b3619e1fef7c66c46ee1c2091aff8260b37237693d0c207fcb1496e9ca536a3bdbda2

        Download Submit

      • C:\Windows\System32\FXSSVC.exe
        Filesize

        1.2MB

        MD5

        c0aaec263324c30cc056169b836cefab

        SHA1

        43e643771566bc451708a526245dfdb04987c5ae

        SHA256

        620976f667f80e64c8665dc590adc88cdad76384c9521ea25e73b2698ba5589d

        SHA512

        c956d0494cf07b4b85856e2028c3fd81714fe301a0ea2deecfcca9fbf2071c07b45dce8244ff3856ba82a0dc7dce019cb62c10add2f12aef6d38fe3ae9a88002

        Download Submit

      • C:\Windows\System32\Locator.exe
        Filesize

        1.2MB

        MD5

        8b6e76c22ba5055ed7eb6b9b261fb6d8

        SHA1

        a42ab3bcee35c1ae44fb8fc261cd0a0bc7875196

        SHA256

        b9b326a45b534095a4f375be27db71a8f52792abd37e8b3cff4adcc0bbf762d7

        SHA512

        13f036d38da9b3f59aaab079c2f7b9f9ce990c152d9e62811a788af208b76c1ebe38f01958c5618fddb2a71995f88230c19237481390c18e725a01a205a94b46

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        48c4c3cbed35240cbecd009a1c15398a

        SHA1

        cba141b30ddd68b0263a00bc59a122a6b8113920

        SHA256

        5250ded50b657ae14b4800ea7f05ae7e6227b3c9db37fc21d7203004d4c0a1cd

        SHA512

        cc026f8d9bd675a54b78b83c29abd2e0306d47f7bdb61eb83a74d5964de2895a83de76240a62aad05214701d9ae046ababd3eede3a5cb6b0f2673e80185ccd1a

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        48c4c3cbed35240cbecd009a1c15398a

        SHA1

        cba141b30ddd68b0263a00bc59a122a6b8113920

        SHA256

        5250ded50b657ae14b4800ea7f05ae7e6227b3c9db37fc21d7203004d4c0a1cd

        SHA512

        cc026f8d9bd675a54b78b83c29abd2e0306d47f7bdb61eb83a74d5964de2895a83de76240a62aad05214701d9ae046ababd3eede3a5cb6b0f2673e80185ccd1a

        Download Submit

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
        Filesize

        1.3MB

        MD5

        ecbf456ad7aefc4d9cc8b3c0c040f330

        SHA1

        26667438e0e87cab22cac9c83b51ca74a0b6f1e8

        SHA256

        9d93b1253dacfbab5eee7d63937573bfd181a79ff73c366e5e58b9be6bfedb85

        SHA512

        88ad794159d58fcfb976fdd5860e573c477aac96c68b8b0dcf1afc6339d58dc12f258b2e8a5d03cea170f049fe61775a185f090c2b317ff6cc13aeb0cf8e8945

        Download Submit

      • C:\Windows\System32\SearchIndexer.exe
        Filesize

        1.4MB

        MD5

        93dfcc50c26cc7a28c977c0c10b4d0c3

        SHA1

        2ee8dca256391cf12af6191b967f905f092bc44a

        SHA256

        da7a4de845b44d546ab992ac68de1f8e78c887ab3db9e0dfbf2b62d976090418

        SHA512

        c98d0794891e5b0095848ddd1f6beb198a6e4781be48ec87b2f30b09290af67ec6c248ab3daf500a134d7e301fb3097544c5814f0f1b7c09ed77f2a569c0ac2f

        Download Submit

      • C:\Windows\System32\SensorDataService.exe
        Filesize

        1.8MB

        MD5

        a48a8d7099c814a36948a2545e54fb27

        SHA1

        e7d20258fe784bf120be52572356db2230016ab8

        SHA256

        f47931754d95963b5312b1c999c187cc476e8cf9a5b285f96756a5eb668ae4e9

        SHA512

        22b3aeca8bd48ab20d2ad4b1f31944cf4d79e8f68a6a9abf9e8ad214133ac49c436266620d29e3c8bd7485d940224580d6439dbd222aa687d9712c4d9a600f18

        Download Submit

      • C:\Windows\System32\Spectrum.exe
        Filesize

        1.4MB

        MD5

        16675c61625a3845f56a0206fab20fd6

        SHA1

        c175a2c7652350ddfaafd5b2713ecdefa6efea19

        SHA256

        729c1e16774d819f79b4b55209348f12784db9ea87a0efb1fbde817865ab4249

        SHA512

        a9658bc0b0320922532a77ee213a3c91ff0de55dea528b207163276c5faf743b55e2c09f1c7327f939642139c3cf5901c5f51189205265ebd13fb3dbfd96821f

        Download Submit

      • C:\Windows\System32\TieringEngineService.exe
        Filesize

        1.5MB

        MD5

        b6bb880f4de08b13da49899013f1cbdf

        SHA1

        a52eb1f029109dd9d6b9ec8a3f275ad42aee829e

        SHA256

        b8151f51d9cd026a212b1d123a605f23ba096c793f47c67ac9716181990b0a28

        SHA512

        f725d50e9fd1c6b94c75e66add13533433f676d438522ac7d8e22fa695dbedb14c4a9a3fcccdc179a0a84db383b5e9f9e88631bff6dbcb3fc05c5e2f2ec8b0b7

        Download Submit

      • C:\Windows\System32\VSSVC.exe
        Filesize

        2.0MB

        MD5

        94531532c8880615b1e2a910736249f1

        SHA1

        f0341cd557a1f75003625f63ef6d43659cfd8247

        SHA256

        1052c606c9bedc92e8bd37c27765546d75c55f3702f8358a8c68eddfd2687150

        SHA512

        cc5fb73ecdc75b240dc8c6aa5756ff21e01014763f4e41731fa01b82a2a4a03a4ea11c84b7786ad7e98e73da0d5a07a8665d3cf30c68e9db90f06795420be9af

        Download Submit

      • C:\Windows\System32\alg.exe
        Filesize

        1.3MB

        MD5

        852edc29cea0b9f85482c97a38982bdc

        SHA1

        0b3e8ab1eff46a17a92f9beef31bb1f93899295a

        SHA256

        983a9d8cb09e15e5ebef03f5cb8c058fffee73b262d897c18e33a3ebb8b8e9fe

        SHA512

        449a6846ee10948948065e47b795def253a63033e5f1c9ebc1dfe73c2d180f53ffab45b449e1475fc140ef10da531a61e9588a97b1d408a089089d0bcb62aad2

        Download Submit

      • C:\Windows\System32\msdtc.exe
        Filesize

        1.4MB

        MD5

        b358d03a63e0dbeb34dabb2fab4dcda7

        SHA1

        c411915f871e43006827cfcf545a5cda44bbfc9a

        SHA256

        f78a4581d940b4b933a0f787ac50bdd516e7eb136893cb6cc8bafb65364db51f

        SHA512

        b960c4a44022e0bf1e9e02c15645965de5897baf84bfe9c70d0cf75596bc1b9b35d63d075729c891d3446b9a13d8810f216f7937e3b298503d585fa9ef708903

        Download Submit

      • C:\Windows\System32\snmptrap.exe
        Filesize

        1.2MB

        MD5

        e7f44dfab97508e8c55bdfd6d48e15a9

        SHA1

        6bff170a9cd8edc78c31b59158f681f542d9f135

        SHA256

        182bc7c6b556e65dcbb346f48bce0f578eb50ed74a5e4e758628424e8f5c40a5

        SHA512

        8872479dc3ab8aedfe258d9a860c36c0bff61a565f37e4626b9bd98645336f20b54a826fcb0eafac6f596e8be9dfa2dead9f350289c2e2273a641a2c42a444ef

        Download Submit

      • C:\Windows\System32\vds.exe
        Filesize

        1.3MB

        MD5

        ae6a859ef6b075c5e818149656cb7465

        SHA1

        599be88bca8d91223ff956ad6ba81e2912ef44a5

        SHA256

        594475af9fe25322da9a170813139262234346f25cac843cef190455fcab7ea9

        SHA512

        c8e356d5e3b286cd4f04b13918a67fb95dec8fbd845ea76ea8cb8976446a7f60677cbd04c829140c00faccd45853b880cb52786de5e5f551ceb1cf5d0323bbb5

        Download Submit

      • C:\Windows\System32\wbem\WmiApSrv.exe
        Filesize

        1.4MB

        MD5

        d4d370544246437da23a9c0ed4ff4809

        SHA1

        31001f23eb6915a4eb719ded5146a0d713b5d8c7

        SHA256

        3867ec3594802ea37c6cca4ecc5603135f403e5802fe812d36e47c49dc6bf938

        SHA512

        911165cae87616223998eda0fedbabb2ad1cd28653ac4260c488c0286774cce90656ce59cfc9e8ba02cfef40a38aa28d48bf9b11c50bfaa2b4525ecba35613f4

        Download Submit

      • C:\Windows\System32\wbengine.exe
        Filesize

        2.1MB

        MD5

        15bc85807ebc27f21782f387091b2f18

        SHA1

        240f52b82d71d31798e4e2a75d87281ff647f18d

        SHA256

        a843be0e3ec1d72e63cc3d4727126ba32cd6d569bc3ac07387dfc469cde21b5d

        SHA512

        957222e04b9639b39ddcad3040c560b14b2bbdce9457bee9f4de907f8323e4c71c7edc7d379af49389c1a5e43d66cf359140d0ecec43a7e00d7b4be5ba031907

        Download Submit

      • memory/516-316-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/516-541-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/540-337-0x0000000140000000-0x0000000140259000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/548-165-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/548-403-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/548-163-0x00000000006A0000-0x0000000000700000-memory.dmp

        Filesize

        384KB

        Download

      • memory/548-156-0x00000000006A0000-0x0000000000700000-memory.dmp

        Filesize

        384KB

        Download

      • memory/932-406-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/932-231-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/932-218-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/932-224-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/932-228-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/956-258-0x0000000140000000-0x0000000140226000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1076-549-0x0000000140000000-0x0000000140239000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1076-339-0x0000000140000000-0x0000000140239000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1636-195-0x0000000000C10000-0x0000000000C70000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1636-486-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1636-207-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1636-203-0x0000000000C10000-0x0000000000C70000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1640-314-0x0000000140000000-0x00000001401ED000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1840-459-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1840-646-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1844-233-0x00000000007D0000-0x0000000000830000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1844-234-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1844-512-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1948-197-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/1948-180-0x0000000000420000-0x0000000000480000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1948-184-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/1948-188-0x0000000000420000-0x0000000000480000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1948-193-0x0000000000420000-0x0000000000480000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1996-189-0x0000000000F10000-0x0000000000F76000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2148-628-0x000001DF1F7C0000-0x000001DF1F7D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-739-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-703-0x000001DF1F7D0000-0x000001DF1F7D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2148-752-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-751-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-750-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-749-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-748-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-747-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-736-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-746-0x000001DF1F7D0000-0x000001DF1F7D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2148-737-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-738-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-741-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-740-0x000001DF20230000-0x000001DF20240000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2148-629-0x000001DF1F7D0000-0x000001DF1F7D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2352-293-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/2352-536-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/2724-134-0x0000000005140000-0x00000000056E4000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/2724-139-0x0000000007240000-0x00000000072DC000-memory.dmp

        Filesize

        624KB

        Download

      • memory/2724-137-0x0000000004E80000-0x0000000004E90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2724-133-0x00000000000F0000-0x000000000025C000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/2724-136-0x0000000004C10000-0x0000000004C1A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2724-135-0x0000000004C30000-0x0000000004CC2000-memory.dmp

        Filesize

        584KB

        Download

      • memory/2724-138-0x0000000004E80000-0x0000000004E90000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2860-361-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/2860-558-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/3080-531-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3080-261-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3124-405-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3184-359-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3552-291-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/3572-144-0x00000000011F0000-0x0000000001256000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3572-162-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3572-149-0x00000000011F0000-0x0000000001256000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3572-143-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3572-140-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3572-401-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4128-410-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4128-627-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4188-289-0x0000000000400000-0x00000000005EE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4528-511-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4528-214-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4528-232-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4528-208-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4592-170-0x0000000000670000-0x00000000006D0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4592-176-0x0000000000670000-0x00000000006D0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4592-182-0x0000000140000000-0x0000000140200000-memory.dmp

        Filesize

        2.0MB

        Download