Overview

overview

10

Static

static

3

tmplhf3940d.exe

windows7-x64

10

tmplhf3940d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    74s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-05-2023 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmplhf3940d.exe

  • Size

    1.5MB

  • MD5

    13dc441ec2f9e3f9aa1f354a4b14d318

  • SHA1

    05b62c596ca78745d73514cd5d43434929955863

  • SHA256

    6f35bb0a7644cfda2468e984269f7febafcb672591a887a8029257dea0801a7c

  • SHA512

    30f4da77bf1ba35334fc1812a6792bb91396fdc8cc7b918f81c6395a48523079cccc89c7090b5c21c30ab62939fa8663cc695ad7d876f083773f7c85cffc5242

  • SSDEEP

    24576:TwMryIYPOfPFxgvnRnc215nETdxUA6p7GDHDCf0uEywBk1EM8Xzd:Md5PsPfgvRv0gA6pYC52lD

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 22 IoCs
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 24 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 5 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmplhf3940d.exe
    "C:\Users\Admin\AppData\Local\Temp\tmplhf3940d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3600
    • C:\Users\Admin\AppData\Local\Temp\tmplhf3940d.exe
      "C:\Users\Admin\AppData\Local\Temp\tmplhf3940d.exe"
      2⤵
        PID:4000
      • C:\Users\Admin\AppData\Local\Temp\tmplhf3940d.exe
        "C:\Users\Admin\AppData\Local\Temp\tmplhf3940d.exe"
        2⤵
        • Drops file in System32 directory
        • Suspicious use of SetThreadContext
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:212
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          3⤵
          • Accesses Microsoft Outlook profiles
          • outlook_office_path
          • outlook_win_path
          PID:3592
    • C:\Windows\System32\alg.exe
      C:\Windows\System32\alg.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:2120
    • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      1⤵
      • Executes dropped EXE
      PID:4692
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
      1⤵
        PID:1440
      • C:\Windows\system32\fxssvc.exe
        C:\Windows\system32\fxssvc.exe
        1⤵
        • Executes dropped EXE
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        PID:1292
      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
        1⤵
        • Executes dropped EXE
        PID:3684
      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
        1⤵
        • Executes dropped EXE
        PID:2456
      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
        1⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:4452
      • C:\Windows\System32\msdtc.exe
        C:\Windows\System32\msdtc.exe
        1⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        PID:4812
      • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
        "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
        1⤵
        • Executes dropped EXE
        PID:756
      • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
        C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
        1⤵
        • Executes dropped EXE
        PID:3044
      • C:\Windows\SysWow64\perfhost.exe
        C:\Windows\SysWow64\perfhost.exe
        1⤵
        • Executes dropped EXE
        PID:2740
      • C:\Windows\system32\locator.exe
        C:\Windows\system32\locator.exe
        1⤵
        • Executes dropped EXE
        PID:3548
      • C:\Windows\System32\SensorDataService.exe
        C:\Windows\System32\SensorDataService.exe
        1⤵
        • Executes dropped EXE
        • Checks SCSI registry key(s)
        PID:1416
      • C:\Windows\System32\snmptrap.exe
        C:\Windows\System32\snmptrap.exe
        1⤵
        • Executes dropped EXE
        PID:2012
      • C:\Windows\system32\spectrum.exe
        C:\Windows\system32\spectrum.exe
        1⤵
        • Executes dropped EXE
        • Checks SCSI registry key(s)
        PID:1512
      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        C:\Windows\System32\OpenSSH\ssh-agent.exe
        1⤵
        • Executes dropped EXE
        PID:3000
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
        1⤵
          PID:560
        • C:\Windows\system32\TieringEngineService.exe
          C:\Windows\system32\TieringEngineService.exe
          1⤵
          • Executes dropped EXE
          • Checks processor information in registry
          • Suspicious use of AdjustPrivilegeToken
          PID:3452
        • C:\Windows\system32\AgentService.exe
          C:\Windows\system32\AgentService.exe
          1⤵
            PID:2032
          • C:\Windows\System32\vds.exe
            C:\Windows\System32\vds.exe
            1⤵
            • Executes dropped EXE
            PID:2872
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:5100
          • C:\Windows\system32\wbengine.exe
            "C:\Windows\system32\wbengine.exe"
            1⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:4292
          • C:\Windows\system32\wbem\WmiApSrv.exe
            C:\Windows\system32\wbem\WmiApSrv.exe
            1⤵
            • Executes dropped EXE
            PID:3140
          • C:\Windows\system32\SearchIndexer.exe
            C:\Windows\system32\SearchIndexer.exe /Embedding
            1⤵
            • Executes dropped EXE
            PID:4452
            • C:\Windows\system32\SearchProtocolHost.exe
              "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
              2⤵
              • Executes dropped EXE
              • Suspicious use of AdjustPrivilegeToken
              PID:2032
            • C:\Windows\system32\SearchFilterHost.exe
              "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
              2⤵
                PID:428

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
              Filesize

              2.1MB

              MD5

              415fca1d0ab64db6af68c7e19df61b93

              SHA1

              da31f1150d3e5568a38ca5de493cfabec1490c41

              SHA256

              aa3ce632a54bb76df0028fb12b34833c75fb20570df9ba68984309b0b383b25c

              SHA512

              c04d529465c5085cca2af1568d6a7c4f6bf9b783021a94d3c9be4215036bb6e4642d0411d07943c24fdc2a4db7a1d1763b271ee1e8a59bd1a5137c70b465b78a

              Download Submit

            • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
              Filesize

              1.4MB

              MD5

              5edbbf0ede87b0d89fecfa1127d09553

              SHA1

              6ab66d2895f2f567ff2b7a1789bf50e9bace60a6

              SHA256

              3fcb67e48fa3f5db932909ec989eb1439bbaa8e4164e16b9f00e3b5f01115ed0

              SHA512

              a46dd3b2d21917548daa4de182f13bcbfbbd7adddc7db8ed7f7c32f618125aa52ad7cc284511c43198d9869204a4b77a34a47ffefefdae178899b28757327a9c

              Download Submit

            • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
              Filesize

              1.5MB

              MD5

              4148129b05267bf2e811fcb9c79ae730

              SHA1

              2ee29f252d77c9dd7fd19bac733c5f3ad4920866

              SHA256

              cc46a7d371bf662c1f7aea978df947dd33c5f5ec535c5d9a6e579b33e7e2dcad

              SHA512

              77b5e70a1f351c7e16c06d0624a967cefc57805c1f209d7e473e53838ea9eab011467b40898b498c1b2cb0559a9443d2de87861eb1c236543caada97a8a3ddcb

              Download Submit

            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
              Filesize

              2.1MB

              MD5

              686c4c45ad3def993b0a70bc43d11e5e

              SHA1

              3bda14ca2a975ea2138efea37b47ee65b99372c4

              SHA256

              ea58ebcaa52a2d95cd68d7cfdb5cf696ed8e60c86b3b3f6d7ed3b4f7c6b3af99

              SHA512

              e33005e4ab7583ab9bd7dad7666e76f753a4016bad61ff47671d3bb4ac44418974d94b5a6e5dd1b7d49cc2361c0036f364c9c47b7df15e4682ac4a8c8a070549

              Download Submit

            • C:\Windows\SysWOW64\perfhost.exe
              Filesize

              1.2MB

              MD5

              b8b50d677c08ef2728a6bc734bc16392

              SHA1

              8ee774154af7d9e95e7a3f1fcf7b57379b8baa43

              SHA256

              38ed8a598d7526f0cacef91f3f6372f4a93dbda583d9fa0dfd2465e979112a15

              SHA512

              eb119091fd4b9b44bc016c9e63cd9441290f672c09fc736368cc1e2558765ab87678ba796e224e030946fc5e489f92151079a0cb6ae0f304154da41e5bd13798

              Download Submit

            • C:\Windows\System32\AgentService.exe
              Filesize

              1.7MB

              MD5

              e08cbf43561f9fa5468e63a184078409

              SHA1

              71f1e06cee5049ed426927eef4a6ea6ca4fa0867

              SHA256

              d1bd0fbc9b58210a3b171ba23b3d1b010e0c4563ad91704ea8711d5213d8b39b

              SHA512

              db29fd5ccc00efe1f3b730f509cd0234ed6e06e3aaae9745cf36d1ea5964af92447829bb151b3115349b5dbeadc5161ad1d7cf432503f678504ec47325c6807f

              Download Submit

            • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
              Filesize

              1.3MB

              MD5

              200988d6c99ce9be6fe98bd8ea72ed56

              SHA1

              b84cb9db8360bb8546b9535c56f1922864a7443f

              SHA256

              0fa97b9ffc91ca26b987a364ed9309c2a0f2a084c1006538b80c6697decf2792

              SHA512

              5d4e545025eeb17666206cec1cc730ff8691aa4ef62b170c607b01f26f2d41d35bfd16d9dc0b297bf9fff88f390297d7648f02d5575d700a2d0012ea370d4493

              Download Submit

            • C:\Windows\System32\FXSSVC.exe
              Filesize

              1.2MB

              MD5

              08070ec5f8ccc6a56ce70549b67b8842

              SHA1

              0299ca3f97c0fc721ac13f34d105497d028a262a

              SHA256

              fdf0fd094b9dc416d0e0447e7263c26258c5806b3bf528b5e0158b46c2058d7b

              SHA512

              c01dec5be2eb87161d60d2e88b08a2ab82492b9a26873df48c36f1de54a205a654bba9a2ce89f55e673619c7e311de4fd96e01569405b753d08a83401a843c50

              Download Submit

            • C:\Windows\System32\Locator.exe
              Filesize

              1.2MB

              MD5

              3c3ccae12696c723d63d9cf538cb48ff

              SHA1

              ad0960931494398b033986087352fc5b463e9b55

              SHA256

              65e435ff461a6ed857ee8df7ec12e7cd71fd7a4ebde98137e4b02292b591114c

              SHA512

              175aa59f87eac0bf91fd172def7dacb1c81cd3886ec4edc89a91f95699988269cec036e88561b0d5d1984dd210a2d80511e26ed324007ce3329b304091f57c53

              Download Submit

            • C:\Windows\System32\OpenSSH\ssh-agent.exe
              Filesize

              1.6MB

              MD5

              82f715172ee7e154998e4407a707252e

              SHA1

              fe7cc7e7f650d3f1a4dcbeec9d4f9a7e3211c59c

              SHA256

              e421a3e507d810e831aeb1792f3093101672188f3d50dd509d8169237e65be7c

              SHA512

              e29c826711fa529fc411d89677fb7f89434f02309e1eec4c17841864683384e36922fc9a728d77fe50253f2eea4100c8db7973050998a7100e20f2b34f53b299

              Download Submit

            • C:\Windows\System32\OpenSSH\ssh-agent.exe
              Filesize

              1.6MB

              MD5

              82f715172ee7e154998e4407a707252e

              SHA1

              fe7cc7e7f650d3f1a4dcbeec9d4f9a7e3211c59c

              SHA256

              e421a3e507d810e831aeb1792f3093101672188f3d50dd509d8169237e65be7c

              SHA512

              e29c826711fa529fc411d89677fb7f89434f02309e1eec4c17841864683384e36922fc9a728d77fe50253f2eea4100c8db7973050998a7100e20f2b34f53b299

              Download Submit

            • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
              Filesize

              1.3MB

              MD5

              a9480a8301868710328cca59246a52bb

              SHA1

              0dcbb5645030d7e958ec3ca177421882e52a66b6

              SHA256

              cb0ba6b78c329cdb51a1f85337092868b55595358c3a04a0158f86ba0df7ba9f

              SHA512

              a870283266de06fa6f3295edbdf93ad266331da5cc5073a0bdc7d519c013ec1499e129bce3788c06efe6036ab7f0d7819e242f8049f81ba0067c0c15abe8aabf

              Download Submit

            • C:\Windows\System32\SearchIndexer.exe
              Filesize

              1.4MB

              MD5

              168fd9f69676ec9b7bd073c416a5c962

              SHA1

              fa5c3f37d7942f994afce2e8832d84c84f226e04

              SHA256

              c21a7e433c2e3fb880ebca90f588da9996545c596db4e38a7a65dd8b2f56cb8b

              SHA512

              755e81e2046f57610c6aadae11de9dca289c36f60da8b0285f9920caacfba04048ecef007d9e579c81e7fe0ebe3c947ae1cad6516d9bab4ce763cacb39a66c35

              Download Submit

            • C:\Windows\System32\SensorDataService.exe
              Filesize

              1.8MB

              MD5

              814d03ed9228c60dc04fbe7c71c40887

              SHA1

              9352c4095d6085001a714cf4b27e71fadbb5695f

              SHA256

              5e6284871e8e80b334ad05df7d8ab725771a8c6d51be5122776bac1b12637957

              SHA512

              20bf96f9dc4d062c336a59ab3eaea29190ad529a84a62eb4aa365a1b0ea85de97bb8359b13bc6317cf9b002c94fd49c679b4238f683f3221d15d3c5c6050f4ae

              Download Submit

            • C:\Windows\System32\Spectrum.exe
              Filesize

              1.4MB

              MD5

              20a83c40114d334e775e96c17d1b3fab

              SHA1

              4d0517d4c36c6dda133033309a120ddea634f2ca

              SHA256

              d8b57d0fa610090d0462d2285ec2621ffeafcdec0dc2fd4aa3235c9b296b83ec

              SHA512

              054ec90cdacbfe208aa6b6c46005386b52c331a3e5571e6c84cd6b89ab5d6fa1c626c989b1f29950140de73e6a2c250af31070275fb0c3fb3e74a0e590c20220

              Download Submit

            • C:\Windows\System32\TieringEngineService.exe
              Filesize

              1.5MB

              MD5

              a0b613fd2a042da9d4f6f0d4d8ada0bd

              SHA1

              ab58a09904cd3e95c8dd026e5a5426caf0deb537

              SHA256

              a34d4d4078b3ed3992a971db6d13e61c7a4c5edd5ca03e00c7320b3ef8bcb3c0

              SHA512

              c8ee7473c70923a2c65d9795b8790434c8b73da3bfb8c77a6e8bfc28ea156779fec6d2bdffa7bd886bbcb666b522220edc1de20ca6e5f000ddaba158f72294fe

              Download Submit

            • C:\Windows\System32\VSSVC.exe
              Filesize

              2.0MB

              MD5

              9978d55de26d3124dd9a4cb6e87fb641

              SHA1

              3cc5228dab32f24da27ce46fcf91e40b678a706c

              SHA256

              2d4428fce7eb3ddedea3e3009b77a02fd2c7eeb8dc377e23614642bac1791bd0

              SHA512

              c71d95e92b47c0a469f0f203e187b40b849475eb2bdb5d702bd8b6ab240765161a3d4e93d03b5a590d859220a8f2eb5bcd3c9724a75ca248f2e19bd397230a3f

              Download Submit

            • C:\Windows\System32\alg.exe
              Filesize

              1.3MB

              MD5

              6c0dcf9b4ff6e205c56d2c7fb5ed7698

              SHA1

              8955b645dce4e800c17504088a6d83074f19c79b

              SHA256

              042ee41c4b1168d204301b1088eb2f2ddb990db39c0c2577cd26516519332c9a

              SHA512

              3c484298654a4759bda6f0c7617e11d73bb3a799f7c5ae1be2054160219ec6533308c0f19c9d360350efb2be90e7bd215771e1706be50b0f43d821e461373b1d

              Download Submit

            • C:\Windows\System32\msdtc.exe
              Filesize

              1.4MB

              MD5

              052bf8ca2e7b868c6f251dbb25240d72

              SHA1

              70a6b7ab134f67b5de4abb70b2e89ebee945caa1

              SHA256

              ad40c5beae02b7b54c73a89ecc8608b9a2b6a47805b8f18cc038e515362c6cb2

              SHA512

              bdd5f82c06c0fa97b013b3836f0027d30c1c1e8157905511ebce3a2dd81a8d915146d0d44fefbb80f45f5aa4c2fc99cf922bd4458224af758744cf37be3ae7fc

              Download Submit

            • C:\Windows\System32\snmptrap.exe
              Filesize

              1.2MB

              MD5

              5d7d904bfade8ebef2df3fb65905ec09

              SHA1

              151292a16e73abe84d2706cae2e61fa28fb16af0

              SHA256

              b57bd5d96df9b90e78a4bb010cee27ac63d56cec13e2eacf59127acbe2b32ce1

              SHA512

              0ba8266860b0ab306bf2c3ca60b9c1ac6e92bf760d84b2df24c14f93e5133a512f151c8556787eccb1d643e7fc6c58506a995c30f67d7225ef797ad411f2bfd8

              Download Submit

            • C:\Windows\System32\vds.exe
              Filesize

              1.3MB

              MD5

              b9e6a012c1b77e2268a685590f72ddf0

              SHA1

              fd1d9663a721b6f35515bd4bd13cdf62f57c0469

              SHA256

              8b840e49d3648d8b31bd6d2c5d2f8d648c02a31ed67314fd4715031a0926685e

              SHA512

              6610c93427b25205008a172fe1d229fc36cf06ece0f561cbe439546089463e6158f62f41bd03b8b9f2aa8a2f15c790fe2ad6e3ab66deb3b2c368d17f468fbac0

              Download Submit

            • C:\Windows\System32\wbem\WmiApSrv.exe
              Filesize

              1.4MB

              MD5

              f5c29a4c0f97d2aca28e0c3fb18f47c3

              SHA1

              4037df80188bfe3ff68dd26b1da6a84b5c587348

              SHA256

              6c1189c1c9e3a99dd0c1239a5e1a1038357f21ce58895a49c1bc9f2659e0ff3b

              SHA512

              ba93db0f2592ea59ab315f83b1e65559f83eebbe89b891b976cae755b8bf75cdb6610ecfc364fcbf41f3a6d2b757d95092c0fbfaa10d7be396e640159b0d7e3b

              Download Submit

            • C:\Windows\System32\wbengine.exe
              Filesize

              2.1MB

              MD5

              05d1992cb5e6dda53ff7980dbde7a297

              SHA1

              4691d28ce42c712718f320807aff71b0c5a0e194

              SHA256

              2940d76e1faa2a48fdb8b44ceb91adcb8f084ea8eb0966f18914e4553cce01d2

              SHA512

              c94fb9a929cf240c5d12feab5e64ff4dcd34b1172c52efa1f5bdea3b99f9a21d74ed6ed6579a52e39995be09f49896427f92366d43f110015f5ed65d2b42c8d2

              Download Submit

            • memory/212-140-0x0000000000400000-0x0000000000654000-memory.dmp

              Filesize

              2.3MB

              Download

            • memory/212-308-0x0000000000400000-0x0000000000654000-memory.dmp

              Filesize

              2.3MB

              Download

            • memory/212-150-0x0000000002950000-0x00000000029B6000-memory.dmp

              Filesize

              408KB

              Download

            • memory/212-145-0x0000000002950000-0x00000000029B6000-memory.dmp

              Filesize

              408KB

              Download

            • memory/212-144-0x0000000000400000-0x0000000000654000-memory.dmp

              Filesize

              2.3MB

              Download

            • memory/212-143-0x0000000000400000-0x0000000000654000-memory.dmp

              Filesize

              2.3MB

              Download

            • memory/756-267-0x0000000140000000-0x0000000140226000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1292-188-0x00000000008C0000-0x0000000000920000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1292-182-0x00000000008C0000-0x0000000000920000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1292-193-0x00000000008C0000-0x0000000000920000-memory.dmp

              Filesize

              384KB

              Download

            • memory/1292-196-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/1292-192-0x0000000140000000-0x0000000140135000-memory.dmp

              Filesize

              1.2MB

              Download

            • memory/1416-305-0x0000000140000000-0x00000001401D7000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/1416-415-0x0000000140000000-0x00000001401D7000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/1512-324-0x0000000140000000-0x0000000140169000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/1512-480-0x0000000140000000-0x0000000140169000-memory.dmp

              Filesize

              1.4MB

              Download

            • memory/2012-323-0x0000000140000000-0x00000001401ED000-memory.dmp

              Filesize

              1.9MB

              Download

            • memory/2032-353-0x0000000140000000-0x00000001401C0000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/2032-362-0x0000000140000000-0x00000001401C0000-memory.dmp

              Filesize

              1.8MB

              Download

            • memory/2120-347-0x0000000140000000-0x0000000140201000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2120-163-0x0000000000690000-0x00000000006F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2120-164-0x0000000140000000-0x0000000140201000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2120-157-0x0000000000690000-0x00000000006F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2456-236-0x0000000140000000-0x000000014022B000-memory.dmp

              Filesize

              2.2MB

              Download

            • memory/2456-411-0x0000000140000000-0x000000014022B000-memory.dmp

              Filesize

              2.2MB

              Download

            • memory/2456-214-0x0000000000190000-0x00000000001F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2456-208-0x0000000000190000-0x00000000001F0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2740-301-0x0000000000400000-0x00000000005EE000-memory.dmp

              Filesize

              1.9MB

              Download

            • memory/2872-496-0x0000000140000000-0x0000000140147000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/2872-373-0x0000000140000000-0x0000000140147000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/3000-349-0x0000000140000000-0x0000000140259000-memory.dmp

              Filesize

              2.3MB

              Download

            • memory/3044-268-0x0000000140000000-0x0000000140202000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/3140-499-0x0000000140000000-0x000000014021D000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3140-409-0x0000000140000000-0x000000014021D000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3452-351-0x0000000140000000-0x0000000140239000-memory.dmp

              Filesize

              2.2MB

              Download

            • memory/3548-303-0x0000000140000000-0x00000001401EC000-memory.dmp

              Filesize

              1.9MB

              Download

            • memory/3592-168-0x0000000000900000-0x0000000000966000-memory.dmp

              Filesize

              408KB

              Download

            • memory/3600-136-0x0000000004CA0000-0x0000000004CAA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/3600-133-0x0000000000180000-0x0000000000308000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/3600-134-0x00000000052C0000-0x0000000005864000-memory.dmp

              Filesize

              5.6MB

              Download

            • memory/3600-137-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/3600-135-0x0000000004D10000-0x0000000004DA2000-memory.dmp

              Filesize

              584KB

              Download

            • memory/3600-138-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/3600-139-0x0000000007050000-0x00000000070EC000-memory.dmp

              Filesize

              624KB

              Download

            • memory/3684-206-0x0000000140000000-0x0000000140237000-memory.dmp

              Filesize

              2.2MB

              Download

            • memory/3684-408-0x0000000140000000-0x0000000140237000-memory.dmp

              Filesize

              2.2MB

              Download

            • memory/3684-203-0x0000000000700000-0x0000000000760000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3684-197-0x0000000000700000-0x0000000000760000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4292-498-0x0000000140000000-0x0000000140216000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4292-389-0x0000000140000000-0x0000000140216000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4452-218-0x0000000000C00000-0x0000000000C60000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4452-228-0x0000000000C00000-0x0000000000C60000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4452-224-0x0000000000C00000-0x0000000000C60000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4452-230-0x0000000140000000-0x0000000140221000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4452-410-0x0000000140000000-0x0000000140179000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/4452-500-0x0000000140000000-0x0000000140179000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/4692-171-0x0000000000660000-0x00000000006C0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4692-177-0x0000000000660000-0x00000000006C0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4692-190-0x0000000140000000-0x0000000140200000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/4812-412-0x0000000140000000-0x0000000140210000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/4812-232-0x00000000007A0000-0x0000000000800000-memory.dmp

              Filesize

              384KB

              Download

            • memory/4812-239-0x0000000140000000-0x0000000140210000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/5100-387-0x0000000140000000-0x00000001401FC000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/5100-497-0x0000000140000000-0x00000001401FC000-memory.dmp

              Filesize

              2.0MB

              Download