Overview

overview

10

Static

static

3

PO39100.exe

windows7-x64

1

PO39100.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-05-2023 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO39100.exe

  • Size

    1.5MB

  • MD5

    13dc441ec2f9e3f9aa1f354a4b14d318

  • SHA1

    05b62c596ca78745d73514cd5d43434929955863

  • SHA256

    6f35bb0a7644cfda2468e984269f7febafcb672591a887a8029257dea0801a7c

  • SHA512

    30f4da77bf1ba35334fc1812a6792bb91396fdc8cc7b918f81c6395a48523079cccc89c7090b5c21c30ab62939fa8663cc695ad7d876f083773f7c85cffc5242

  • SSDEEP

    24576:TwMryIYPOfPFxgvnRnc215nETdxUA6p7GDHDCf0uEywBk1EM8Xzd:Md5PsPfgvRv0gA6pYC52lD

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 22 IoCs
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 24 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 16 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO39100.exe
    "C:\Users\Admin\AppData\Local\Temp\PO39100.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Users\Admin\AppData\Local\Temp\PO39100.exe
      "C:\Users\Admin\AppData\Local\Temp\PO39100.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4388
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
        • Accesses Microsoft Outlook profiles
        • outlook_office_path
        • outlook_win_path
        PID:2152
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:232
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:3920
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4144
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:2948
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:3988
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2116
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:4652
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:2088
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:2936
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:4600
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:1100
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:2076
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:1456
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:1692
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4952
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:452
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:2656
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1332
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3600
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:4512
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:448
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4272
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:1340
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:924
        • C:\Windows\system32\SearchProtocolHost.exe
          "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
          2⤵
          • Modifies data under HKEY_USERS
          PID:3600
        • C:\Windows\system32\SearchFilterHost.exe
          "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
          2⤵
            PID:4812

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
          Filesize

          2.1MB

          MD5

          e1dd59ca2ee56f26c2926d0ea9ee6f9d

          SHA1

          f855a65897efb9743ee4b3e18f5e77bd733573f6

          SHA256

          08ec1be4a11ef31b8bec196ed4519800fbca9bc8aac01082ce938c91f54b7afc

          SHA512

          2ba5780fb7f75b0e09ad9822653706ccaf5d5ee05facdb3a55433c7ebf4b4a6df45a6a811127affce3262fd5177c62325a26c44a97d170ab846f600ad772c8ce

          Download Submit

        • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
          Filesize

          1.4MB

          MD5

          29e81a43d3f737aa10597d5b479a99b3

          SHA1

          9f33b192620e915bdd4de6d45f6459538526f649

          SHA256

          4d574eca2abcc061d439e7306dd2c990c0d81912aa986eab92a0ce9715917a1d

          SHA512

          2e6564e61f653925bfe2c528b3fea14023a63ad4132e90d755fc469dd1de1622dba09f85d898d7b5bd030f0ff6aeb5d2ddd71889f5e3ead82fe40bc4aa5cd964

          Download Submit

        • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
          Filesize

          1.5MB

          MD5

          d291b22c03929b89ed159a3dcf15f0cf

          SHA1

          4fc62d0aa27cd0eb68c31c42fda8a7b4600007e2

          SHA256

          1a45b3b0473d98e93fc211345f04825d0ffef06ef412b9c5d306c7a5ec283078

          SHA512

          afe29110df41655bc210ecc4cb641cbc17c2b8aa72fd3d8592cf50947158b917d52ecda3f98b1eceb80a4013e3dadba90bf1be16c3a6c4d76deb3c25f4021710

          Download Submit

        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
          Filesize

          2.1MB

          MD5

          d5e1f23478539c53f6705181cd22528c

          SHA1

          b0eab97dde710591037e8622158467f943677132

          SHA256

          4c708f28cca9113e58605661dd6436ebf4f291595301f7975ad72e5eb5d5662b

          SHA512

          35b77a45de5d14e9a530c44e819446f9115d9074c6188be256dc2704454fcc72c60d71f64a334b22250314108d0e6d9cb3ade6d5118a79860a56489edd1b2be0

          Download Submit

        • C:\Windows\SysWOW64\perfhost.exe
          Filesize

          1.2MB

          MD5

          5d8ca8c260a176c4cb428cd8365864a3

          SHA1

          590a26d397b7ec2a987ba9f172c30ff065fd6524

          SHA256

          e22a87276d6b84f6aa8a318b5fafb00ad38678c73d9e1dbc7fb149c23c431102

          SHA512

          0cd0f5f1a22e62c3486f7abc704943e2605cf393f7fe9095edb53b090033680c6000da1985ddfbe7a219450acb1247bff28829b8030cb7288ac594b9d1a39068

          Download Submit

        • C:\Windows\System32\AgentService.exe
          Filesize

          1.7MB

          MD5

          08e04fe38a910521f7a426e9fbad2773

          SHA1

          af9a60f9b3d61663fa859f60d970f4a8619ba7a4

          SHA256

          a75a6f6a18c26262d42b4cdcd3f57488cdae4f5bea64893807e099b770f2468f

          SHA512

          ed80e1aa152ac0319acbe8b1573ae98fa8ea2c9537c43f8a8a51f982fc516a61ed01f7c0e405a6a6db5a647aca29f3d07faafe653674e83cd6bf560d560033d1

          Download Submit

        • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
          Filesize

          1.3MB

          MD5

          93cb4aa3fbd2db7a3ac2be81f7dfdf74

          SHA1

          f43bc4e596f2c842b37d22901cff06fa271dac3a

          SHA256

          1738dd8e9c83bd21daa8065c33591ab395f65f2e0142430432a55d1c7136dcf7

          SHA512

          52c0e51db84efebf6723098bb9e524dd74b976bd0809e6dfeff76b7df787eef31ee840b701f674a38ba137bea0155db4554cbf914fed8c2dc925f8c48b4cfe15

          Download Submit

        • C:\Windows\System32\FXSSVC.exe
          Filesize

          1.2MB

          MD5

          ed4b6ba502d57a33a0266c44e825649a

          SHA1

          50447e8e316046a0d2db7fbcb4cf178640fbc1c8

          SHA256

          c2f4b2657de5dff495e9dbd0134e49e9b7c7cb400cf26ada887d828422a65bb8

          SHA512

          29eccf89c4e506068305ac6f611c6c433c8ee2b10db7434d83742dd504a98f07afa7894a6efc6f4474b2fdfe7283c68dc7b7c631eea32c2e1657e71cd9db8ad1

          Download Submit

        • C:\Windows\System32\Locator.exe
          Filesize

          1.2MB

          MD5

          974dfd87440b5d18f122c36e87b5440d

          SHA1

          9859722f96c9ab1224f13c0a221bb5ea7aaae713

          SHA256

          df843b0f4ed9eb24bfc36b7cc1ecabf4776963db3aad2b4b996b822896eca14c

          SHA512

          51e1dcc892a7d2673e08a368d757c9af0b20b42c908611e4c79287706a8978be323c3d2087b22375f652f3ec5e8d219eb3f1d0f15e1d53864adee6fb96638cc3

          Download Submit

        • C:\Windows\System32\OpenSSH\ssh-agent.exe
          Filesize

          1.6MB

          MD5

          c50edfc886a7b69916ef4ff6af7ac011

          SHA1

          3228f8d687f21c9a2550ea3eb5d4240893f00142

          SHA256

          0c632f8012fe766cd782dc60db0df34556842deb885f25609e5734689610c033

          SHA512

          48e1f1590273f81a895d08c9ac56ae2331227eb2036e7fb3eb2490229fb7cb90ec909c9ca4c01f9a00777daffcbf94a87a90060c1e6ecfadf8246476c1a5e07d

          Download Submit

        • C:\Windows\System32\OpenSSH\ssh-agent.exe
          Filesize

          1.6MB

          MD5

          c50edfc886a7b69916ef4ff6af7ac011

          SHA1

          3228f8d687f21c9a2550ea3eb5d4240893f00142

          SHA256

          0c632f8012fe766cd782dc60db0df34556842deb885f25609e5734689610c033

          SHA512

          48e1f1590273f81a895d08c9ac56ae2331227eb2036e7fb3eb2490229fb7cb90ec909c9ca4c01f9a00777daffcbf94a87a90060c1e6ecfadf8246476c1a5e07d

          Download Submit

        • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
          Filesize

          1.3MB

          MD5

          336fc9506219569addb48413cd6ed386

          SHA1

          3b0d75a556847acba310f1be70553421b1394c4a

          SHA256

          e75d0571a7989c9ccb1a5f95a58e91d06b572a3bf38fd79cbda93ebab4936ddd

          SHA512

          9cade8a0213707f7404245ef7afa596f4c8e51cdb9b6fd5b35dbda164a9b190a3808acba43b06d7ef05041e234be6bee62ff63bed3f119c5d6c7e91a13facd38

          Download Submit

        • C:\Windows\System32\SearchIndexer.exe
          Filesize

          1.4MB

          MD5

          853cc135da5b1c934bd066fb6352c85f

          SHA1

          29953914eed77ff31cab819046809647b1f75e20

          SHA256

          af8e09e6bf5d2e744b8ceaf51ba84dd11af5772813adcc4425d322954dcd97a3

          SHA512

          852e0b42e61278739332017f2abca0163d8d484548e1d1b36150d6a4241fc72a132bb39f0d245f6efad68046ba5103d57d96fceb7c48ab37d9aa3d729566476e

          Download Submit

        • C:\Windows\System32\SensorDataService.exe
          Filesize

          1.8MB

          MD5

          ae0290097a0a42a5191473f75c279a24

          SHA1

          0fafc482664c07f3d02dec456910f99209a19d51

          SHA256

          999a148c71b181b8b42f83655f8da36d0a82fe627b2bec7d3e95bcf50c137d1b

          SHA512

          3d8fa2d7ffb975cc094daefee8da3539126059dbd7aa1605c574dece14e399c4ee6873c0c2ca16ceb2c869e0838f2754dd2186b01b79ea24527a0940a531c3fa

          Download Submit

        • C:\Windows\System32\Spectrum.exe
          Filesize

          1.4MB

          MD5

          4570d6fd2c7c411332919b16a540ca89

          SHA1

          c95acf559419ff27ea2953e6d0877f5b2b79d52d

          SHA256

          5dc622463ac826eda6cae274f141109466f5bceeaa4807539436813b8dc7ec43

          SHA512

          3ecd364dc7c0df5f95f2214ca837aeb9a42a3c8365e7c07388ebd89227088d7d4df5592a1e77b21e87a6203313524f0b71a02b203fc40c3504ff689bc947f870

          Download Submit

        • C:\Windows\System32\TieringEngineService.exe
          Filesize

          1.5MB

          MD5

          54f7cea90100102a21cf4fb5bdfb0815

          SHA1

          e97068f02b42763aff22f0ab79ef53881a11bc73

          SHA256

          34a15a470ef846e4451f1280f648c0ac5d1c67ce59a3ca0defda4891b3529f2b

          SHA512

          ecc45e3b4c9e72d0908285526966c6fda6c1e7354e67cb919835bb0ecece1fa8ec19b4e160245f6062d9f7b5da9d0bdee1152634a24ca0ea3468c026770c7846

          Download Submit

        • C:\Windows\System32\VSSVC.exe
          Filesize

          2.0MB

          MD5

          f6fbf47f0f06bec5c22ec747b17c2d29

          SHA1

          c40831a38b2d1fd433790594f739ed8645894333

          SHA256

          71823a57513dbbdc1f1755fe8c3ecb3abb7b8edd778b245822606422437330e0

          SHA512

          ca1ca976ba8a7a9a3d4cd72548ce73c10802d6522b383602315ac9f7206335f1f17bc9ee6a12fd15191a6d2798db161b3f7b837e919dccc30b6c03624214c99d

          Download Submit

        • C:\Windows\System32\alg.exe
          Filesize

          1.3MB

          MD5

          4c21578c0b5837826354c38bf8a6d019

          SHA1

          3d3c05e9fc101514005c4012211f9c89ec34b21d

          SHA256

          46c53c2ba3515dc53e0d8ec7b1dcefbb03da7b50fce657e08a16acbff48b34a1

          SHA512

          9bf02fdf65de8064eec0ada834d84df4044b6ffe64daac45dd0dc80e9b39c3b003d5c5aedd63bd90f14dfccda734edf23b486bd853f2a14134b8df85d31197c2

          Download Submit

        • C:\Windows\System32\msdtc.exe
          Filesize

          1.4MB

          MD5

          cdabd138b917d452d8159964a4701ae0

          SHA1

          f9eb11a72108631a082106efee7b213e8e4a455f

          SHA256

          901391d6770e4cc7126a446c396fff9abbbaa4856bd3b4b2e6a6ddc764c926a8

          SHA512

          5a82337254e35963182d19543193671af2959b8c6c969df53dad1b6c78b529cc679a3b026b5a688f8d6afedbfe910e4d569a1a6f5687d00e95c5784ef88dab0e

          Download Submit

        • C:\Windows\System32\snmptrap.exe
          Filesize

          1.2MB

          MD5

          6f2ac0f8d7a2b6838f20e9388f457fa6

          SHA1

          9d9434aa7baf3d309b7756e0f79cceb8aedde9e1

          SHA256

          d80998e73f401313c98fb657d1840397190721cd76367fed8e4bb99cb8682a07

          SHA512

          daab452644c694c57a512dd4eb8c0d4170cb09bb336a649f3bdad1f909de5424ed594f4909dc4d36e4badfbb6f83d3faa1cb91d1bd609bb25bc0d0105585d990

          Download Submit

        • C:\Windows\System32\vds.exe
          Filesize

          1.3MB

          MD5

          6c7a7c5ebe00433e69f25a96b4e994a3

          SHA1

          5ac7b12befe00559779ef8a5554885d4b7654b2e

          SHA256

          653f401a249bd30b8c060872c9b69d577728408f341157a8cca283dc4495b92c

          SHA512

          028dc030ff392e825c5b27354b008352df6ad940e77bb3ae1f51b95a9ea8c2eb4d1da54094f4a0132e2ec20155dbc41d7d42eb117e2f413d4438e0f3f9c540fc

          Download Submit

        • C:\Windows\System32\wbem\WmiApSrv.exe
          Filesize

          1.4MB

          MD5

          38916a8e2c232bc7ad6ac9e51d7d6056

          SHA1

          f6ed473a2bb565e8a9465b57d292b3fa91e735cc

          SHA256

          45f1ff6a30460abb24907b28df140ae30181598c6f828c4dc311216b18ca433b

          SHA512

          1da2a12231c80f31d7d3caff8b5be88d6adb78efa3e5072bf11b4327ec24893b25638813fb75ba32ce190230bb02ca6f5bf1b388f1c6b49afe674acf76c7b2e0

          Download Submit

        • C:\Windows\System32\wbengine.exe
          Filesize

          2.1MB

          MD5

          22fd034a8b5233eb7ad7c1a31e3c0b39

          SHA1

          cb510715b18648573800e4d5b56d50f5583fa663

          SHA256

          76074fd70b1a033be1a41b35b8d8ba103b527f785746550e488556d4cb602b91

          SHA512

          e222b7db66b0f4ad575fccf40f7de7cb32f3a6e3e065335f42048d437ca17feff29954788d13d937f4626cf82a8f42a396c6783dbd46bf7967d8430516894250

          Download Submit

        • memory/232-161-0x0000000140000000-0x0000000140201000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/232-164-0x00000000004A0000-0x0000000000500000-memory.dmp

          Filesize

          384KB

          Download

        • memory/232-157-0x00000000004A0000-0x0000000000500000-memory.dmp

          Filesize

          384KB

          Download

        • memory/232-207-0x0000000140000000-0x0000000140201000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/448-427-0x0000000140000000-0x00000001401FC000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/448-394-0x0000000140000000-0x00000001401FC000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/452-349-0x0000000140000000-0x0000000140259000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/924-426-0x0000000140000000-0x0000000140179000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1100-292-0x0000000000400000-0x00000000005EE000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1332-374-0x0000000140000000-0x0000000140239000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/1340-428-0x0000000140000000-0x000000014021D000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1340-417-0x0000000140000000-0x000000014021D000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1456-421-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/1456-322-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/1692-324-0x0000000140000000-0x00000001401ED000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1692-422-0x0000000140000000-0x00000001401ED000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1796-134-0x00000000054E0000-0x0000000005A84000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/1796-135-0x0000000004FD0000-0x0000000005062000-memory.dmp

          Filesize

          584KB

          Download

        • memory/1796-136-0x0000000004F70000-0x0000000004F7A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1796-137-0x0000000005140000-0x0000000005150000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1796-133-0x0000000000420000-0x00000000005A8000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1796-139-0x00000000072F0000-0x000000000738C000-memory.dmp

          Filesize

          624KB

          Download

        • memory/1796-138-0x0000000005140000-0x0000000005150000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2076-319-0x0000000140000000-0x00000001401EC000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2088-254-0x0000000140000000-0x0000000140210000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/2088-246-0x0000000000C80000-0x0000000000CE0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/2116-256-0x0000000140000000-0x000000014022B000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2116-219-0x0000000140000000-0x000000014022B000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/2116-211-0x0000000000190000-0x00000000001F0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/2116-217-0x0000000000190000-0x00000000001F0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/2152-178-0x0000000000160000-0x00000000001C6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/2152-182-0x0000000004B40000-0x0000000004B50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2936-267-0x0000000140000000-0x0000000140226000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/2948-183-0x00000000007C0000-0x0000000000820000-memory.dmp

          Filesize

          384KB

          Download

        • memory/2948-190-0x00000000007C0000-0x0000000000820000-memory.dmp

          Filesize

          384KB

          Download

        • memory/2948-192-0x00000000007C0000-0x0000000000820000-memory.dmp

          Filesize

          384KB

          Download

        • memory/2948-195-0x0000000140000000-0x0000000140135000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3600-372-0x0000000140000000-0x00000001401C0000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/3920-170-0x0000000000550000-0x00000000005B0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/3920-176-0x0000000000550000-0x00000000005B0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/3920-181-0x0000000140000000-0x0000000140200000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3988-208-0x0000000140000000-0x0000000140237000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/3988-197-0x0000000000C40000-0x0000000000CA0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/3988-205-0x0000000140000000-0x0000000140237000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/3988-203-0x0000000000C40000-0x0000000000CA0000-memory.dmp

          Filesize

          384KB

          Download

        • memory/4272-415-0x0000000140000000-0x0000000140216000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/4388-149-0x0000000002A80000-0x0000000002AE6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4388-151-0x0000000000400000-0x0000000000654000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4388-144-0x0000000002A80000-0x0000000002AE6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4388-206-0x0000000000400000-0x0000000000654000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4388-142-0x0000000000400000-0x0000000000654000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4388-140-0x0000000000400000-0x0000000000654000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4512-376-0x0000000140000000-0x0000000140147000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4512-425-0x0000000140000000-0x0000000140147000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/4600-291-0x0000000140000000-0x0000000140202000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/4652-232-0x0000000000C00000-0x0000000000C60000-memory.dmp

          Filesize

          384KB

          Download

        • memory/4652-235-0x0000000140000000-0x0000000140221000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/4652-229-0x0000000000C00000-0x0000000000C60000-memory.dmp

          Filesize

          384KB

          Download

        • memory/4652-222-0x0000000140000000-0x0000000140221000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/4652-223-0x0000000000C00000-0x0000000000C60000-memory.dmp

          Filesize

          384KB

          Download

        • memory/4952-336-0x0000000140000000-0x0000000140169000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/4952-423-0x0000000140000000-0x0000000140169000-memory.dmp

          Filesize

          1.4MB

          Download