Overview

overview

10

Static

static

3

Quote 1345 rev.7.exe

windows7-x64

10

Quote 1345 rev.7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    174s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2023, 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quote 1345 rev.7.exe

  • Size

    1.5MB

  • MD5

    e67a119b25c041892a38c6147fd54c60

  • SHA1

    8c3c63629929b9754c62fbad1e731f33758d2d2d

  • SHA256

    2bfafdc20b461ef574d77bd7c29d586c6a7c3ad6b3ad9bbecab8c014308b07d9

  • SHA512

    414e8de5219f34c4abcf885444dfab93e794abf69808d9c2e9e70f8de806da9e2159ba3d58dec41991be675955d7bb99b596e6b358a4cf7b3a32881cbbad1776

  • SSDEEP

    24576:OwwBIEAbPY00PXKtW93ZwJGRNI7MhXOd+DsyFqcpVsZB4yYH:0BIENBvDIwmeqcpVSed

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 22 IoCs
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 24 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 28 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 36 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.7.exe
    "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.7.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.7.exe
      "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.7.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4796
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
        • Accesses Microsoft Outlook profiles
        • outlook_office_path
        • outlook_win_path
        PID:2668
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:4412
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:5092
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4620
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:5000
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:3940
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1608
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2108
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4536
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:4716
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:4544
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:5108
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:928
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4528
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:4604
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:3876
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:5084
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:4420
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        PID:3800
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4324
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:5036
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4444
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4088
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
        • Executes dropped EXE
        PID:392
      • C:\Windows\system32\SearchIndexer.exe
        C:\Windows\system32\SearchIndexer.exe /Embedding
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4784

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
        Filesize

        2.1MB

        MD5

        0716b840f4b2dd12949e78cb8a7da8d9

        SHA1

        b9a8f4cb198550692c9e25b584e82257dec581c7

        SHA256

        c559dfbda9d0ace09a754eb723d48143d79bff256228e4f29e53bca2e608c280

        SHA512

        69b06ca9075a2a33646b5d896b5d6e749dd6f63b366c0690de0c268dbb4fc4a64970a5cfd111182bf4ea4eed851bbfcaef6af010100f7efb47233a6aac764687

        Download Submit

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        Filesize

        1.4MB

        MD5

        f54b3e28632581a9c7a24cbe87799b47

        SHA1

        761997d0933c057d9cf89d1f67da953c62f533dc

        SHA256

        3f87bab31f692fe47a57576cc995e504db7ad34457ed0abf2d2f8845a7a38bf3

        SHA512

        0b1159eb86c0bd5236a3f6ff835984af6a96d329402508f68e3db6cfdf611f123e80f87d9afe0155961d4061bfc1dfc8425e4b91d465d85b21e9a54733d23721

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
        Filesize

        1.5MB

        MD5

        12ab1b223547eca04931c22668122f1e

        SHA1

        9219b85c474a3131132e76d4ec0aec3e4f3bb8db

        SHA256

        e5de78c994bf5bfd700b36d6d524f97c7a6a15fd1a193bebba7fb657ff1c6e43

        SHA512

        678dcaf6d09278bba2873af751f85c0b46ab5bca7c7e2005ccf5204b4afd5e96ac427e78577d1064e5a22d923b4986fd9d51b2c9381330c1680d8acdd1b6877e

        Download Submit

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
        Filesize

        2.1MB

        MD5

        59bdd8880a4c116b25e3183147038dd3

        SHA1

        20322dffd57f673f76d15694d7842934a8649f0a

        SHA256

        22feee728794960abe27594577b590312a1fa3ae8a199f4fd048d1e2a16a3573

        SHA512

        6c4f4f6d2247cd2a739f760d6a7328c273dfc1ee17e559a052bcd4320d168fe748cae759cf4aaf03f3956ff633a32a364b6369f36c9eaf7dfd3c6a598176ebed

        Download Submit

      • C:\Windows\SysWOW64\perfhost.exe
        Filesize

        1.2MB

        MD5

        bc7ff843e258977b25d00e2e2303ab04

        SHA1

        a36ee7e906865951396b6dbe956781e97104c3ac

        SHA256

        9975f4b94331573af7d5da534938ad2e2dcc9f95d0b262a91a7b873c603d6faf

        SHA512

        6c3b7196d10a746a053faa67b257a38c824b3e8aec84b44c056e80aae4297377356ebe34001790ecdf288b4c5691a5eb3954f2a2139269df629ae922aaae0c4c

        Download Submit

      • C:\Windows\System32\AgentService.exe
        Filesize

        1.7MB

        MD5

        54425541c7098b753c960a4afda2f49d

        SHA1

        7667f811f6f1087b118f8f2d2859912bf9238357

        SHA256

        bb90a0537f9f5125e72caffaaa63362f613c9b99eb4d2e55f0f811fc3fa8283d

        SHA512

        515ad4b7711965a2d1701ffd1b2bc23b3799e309c0df0fed9cdfd08559e9b15aaf8c77b323f320de2f88b8b4f19dd289b4d72cf34487a5d252c3c53ad358c006

        Download Submit

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        Filesize

        1.3MB

        MD5

        45b13beba4090a6261d8ff5c63ea8bec

        SHA1

        95da5cbeff05ba99f32e5a8d1d9eba8638a4b25a

        SHA256

        e2edfe71f47785958d534d70a1d608973410d6f1ec04db2511a827f493b09bdc

        SHA512

        44c9fd999728b38ce24db0c56466fb8fb88540b7872a0a3a579a8acaed39bef464794a2dd6665e36327adfaa665b5d270649a517b4985e987146fb900d47deb9

        Download Submit

      • C:\Windows\System32\FXSSVC.exe
        Filesize

        1.2MB

        MD5

        947d74488469832aa4ed929bbce978bd

        SHA1

        b4dfb3f7a6a7675ad7fd86c64c478943d713860a

        SHA256

        bc749e566c8511f505d3ab92163599078358dfd37975434a25d1db92fd23f4e5

        SHA512

        aa260d76c5f387222ee9e2d3746c1e9069c530a75f63716b205cc39c3901248b0b57b6f7ee4ce4d17295619410449bb8793ba6d081ac39709ecdcaf516dd1d40

        Download Submit

      • C:\Windows\System32\Locator.exe
        Filesize

        1.2MB

        MD5

        ad81b4726f40aa764f1b4311acbd1823

        SHA1

        7ca873cead96c0c54a5506b8a889e52a7f3358a2

        SHA256

        878b238217f264cd3394682c2334bc54a6ce7f9978fd543b86c71f91813ad189

        SHA512

        3fe9baffb3cfdff7e3eb87a4d7c3a5c705c7c4c6d7755c1d4c45991bde44dcb12566e50f88ada29e64d77ca15bee8e2dbc16031a0c7389b93fc9c1b9c25ba358

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        b03a6a54f04eca12c8c0028451095c51

        SHA1

        ddf4c67cc8f89614c57f08f419481df296a6cb5e

        SHA256

        7463d2518a2911843aaeaec018978c4ac4fdc6c871a7ad5b326a2782289696fc

        SHA512

        4f00b2533645f8b5c54032ef2872d4e0a79a50b69e8bd61ec490d05489d726b5d0204b540d85c17b7e24835864963ff7808672b0eae2e5a924032b92488b0639

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        b03a6a54f04eca12c8c0028451095c51

        SHA1

        ddf4c67cc8f89614c57f08f419481df296a6cb5e

        SHA256

        7463d2518a2911843aaeaec018978c4ac4fdc6c871a7ad5b326a2782289696fc

        SHA512

        4f00b2533645f8b5c54032ef2872d4e0a79a50b69e8bd61ec490d05489d726b5d0204b540d85c17b7e24835864963ff7808672b0eae2e5a924032b92488b0639

        Download Submit

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
        Filesize

        1.3MB

        MD5

        cdf9b39fc5be04ae5a8ab1e21ce079bf

        SHA1

        4c6bfe29bb866893a445cdd235af50285a799725

        SHA256

        0821b32251a8a7fce9118a435113f2deefc6c118fc692e0a46f31a0e00291b9f

        SHA512

        6624384660e803a6eb7860ccd5f8e0cdf60bdd9ac462aae844f6b24bb8437e5ff1093df019d7fbe2a2344c1805c8f183bddd47e8345246735201217138cce44f

        Download Submit

      • C:\Windows\System32\SearchIndexer.exe
        Filesize

        1.4MB

        MD5

        b3f8f06d54d6617bc161458637e2f7af

        SHA1

        7a36555239f7052c570d1b9686f569407866c475

        SHA256

        14d800e4ed1af197dfbaebca4c74c54a073c1e7e272639ba75203fb94337d753

        SHA512

        1c3028d7617df5435ccfb0886da08ceb3140146a74fe159b328796cd23d96238a8db2881da3c93b8844b8df6cea5d2ddc3ca5c4d5c91fef27ac8be8057906526

        Download Submit

      • C:\Windows\System32\SensorDataService.exe
        Filesize

        1.8MB

        MD5

        8af9df4a29794dcbede7e83baffa4210

        SHA1

        358383858deb33ac12c127e9a6e5e186a0a57d83

        SHA256

        6ce51d483513af6c0b0b326132f1d9c72b6e21f5423107c4f95cd39a528eb5cf

        SHA512

        b9d027f6fb71003ecc17c0d44526d45aceef32e7af6cdb3f74f5707c36bf07e3e52fc5328e436543b0381ac2235a1376b9d51ba094c98eb6749b075a428f1261

        Download Submit

      • C:\Windows\System32\Spectrum.exe
        Filesize

        1.4MB

        MD5

        eb63fa21fdbb9c3364da478d62c04734

        SHA1

        d5039df908de24749727f155fbd5171753e87a65

        SHA256

        3321006b33d0900a4c1e3877559eba687f09bf67e775715610321f0cb67875a9

        SHA512

        3d3d280b94164d9d384da85804cd6584a39a76c3c29a56ccfaf5fbb8560e90bba8df722c79f57c00fd321c311f0283766c4a8a3f93a428cccd5d61c9aa1a7055

        Download Submit

      • C:\Windows\System32\TieringEngineService.exe
        Filesize

        1.5MB

        MD5

        8e951e8042db4945115d4de3cac0052a

        SHA1

        a131281b4ceec68a1616546ddeb10427956b9c23

        SHA256

        1b7084fd8ea40cd01a114c45e2ab0c67c2ee697f01c3f15f697cdb0654c03f48

        SHA512

        bb93ddd9844d53567909ced7b507a9f3430e69160752dbc1e6bcfbff16b195818ae7693a7072aaa16e9809f58061b21a5c3a53c88a17b0af65cb98e6be0a0adc

        Download Submit

      • C:\Windows\System32\VSSVC.exe
        Filesize

        2.0MB

        MD5

        752bc3ec621fe4425bffff96ea2b791b

        SHA1

        81e958e101bc1bd70c664521d68764588015a585

        SHA256

        e0e24b67c14b497d884d58aff1029127bc64cf0c1c14e03e86ffd41ec64af199

        SHA512

        8b11d3f3ce076c5ce3fea4648218dcaefea8175331e57b38de28fd12d8df936f945da6bb086406697dedcac03f34b503c5a7546ac09ca55e1c32dfd38e5f21d9

        Download Submit

      • C:\Windows\System32\alg.exe
        Filesize

        1.3MB

        MD5

        75616f40f5f8410173e4a054fe5f29fb

        SHA1

        b2a39cbcadf4e3393ba630f2be256781fe9384e9

        SHA256

        3900069f79def0ee4c1a47c722f6342e61e93b9fac48550eedc95574ecde1862

        SHA512

        df6c6b5ff83ee8d89d861a6f1a712c78fffdf40d69e86d9203e53d0ebc02ab2eb239baf773ae223acf412abefb10c53a6068e2e752b77d6c3d73d3b5c0bb453b

        Download Submit

      • C:\Windows\System32\msdtc.exe
        Filesize

        1.4MB

        MD5

        2ec6f0aa94e8ae24bf3e41ebaa4af275

        SHA1

        610eed6134a75f29a6d434785f039a7a9a7c1ae1

        SHA256

        6690b8d148bc3c14049ef3f033d7c095181e2782c5a40aa940a6cda05394e700

        SHA512

        3542ee36aefc67a4bca2a0c25b0997b14933cf361045d18860882c43271aa4975503f2546edb9d43d89d050a16f66adc2fc4c77b3361e4bc4fd8f7946f233f67

        Download Submit

      • C:\Windows\System32\snmptrap.exe
        Filesize

        1.2MB

        MD5

        a53376906f84810868246a2fb2bdc175

        SHA1

        e9f1639f0fc5090d4df3b840f6d32ec7d984f2e8

        SHA256

        ce96d1601fd1c4fc1bae02e013d7686605de1211b076741e634be51fe496b177

        SHA512

        3f8265a226138cde414d4d0a8d0ad1c31f0afb8747a8cda06f70101f4590b2010d58e47c9866c8a6e0f6d4c12425381e072db359a3ac7f044c8a558a132ac031

        Download Submit

      • C:\Windows\System32\vds.exe
        Filesize

        1.3MB

        MD5

        6f0dc039e9fd17cc2b096d436c7a8691

        SHA1

        02d78d07d0cad058063cee7da4f8a945f27206d2

        SHA256

        9e3350977c47f1b97e772a3673f5ca557f4d72165bc13486271446c8e5983305

        SHA512

        40bcde1dcf778ae4c80890166c8415f94012e18160f2a7554f716fc4deda9ae489c61c4379041b114adf9b7b64180847544b6b2e93b5cb3f7a20103fce017146

        Download Submit

      • C:\Windows\System32\wbem\WmiApSrv.exe
        Filesize

        1.4MB

        MD5

        7795a79e1a0fb0743643cec9ea97210f

        SHA1

        0166b9ea4db988caa3cd419c2f8081116b3e5f7c

        SHA256

        d58ac306ad93e01dc8e27d61c26a8c97ebb3c494162b2e53b45bb0578354ce37

        SHA512

        0275b29c8e611c87fbf81eacac736ba4d2b6179b389824cce70953fb42d9c35c922f99a054ed23d201f16362e7c8fe81d9b08473ff7e8c76ea0ea4715eef4da3

        Download Submit

      • C:\Windows\System32\wbengine.exe
        Filesize

        2.1MB

        MD5

        19b90cea264e049ff8435fb6b10d15c5

        SHA1

        f504a1c39ee91c40b458abdf3cee5b6317b10ae8

        SHA256

        9a81cccdb53e194ae0089183a43224974d0846b099ee56f928d64da305dbe895

        SHA512

        e1ac601d66d91f5c5c4a4069ddaedb20c2dc665d956f9539684ff752f3a15e47cd8402fe984f204ceeb6dfd5328e07f3472739213e8cf3e2ce99c4dd9e359395

        Download Submit

      • memory/392-419-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/392-479-0x0000000140000000-0x000000014021D000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/928-310-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1556-138-0x0000000005570000-0x0000000005580000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1556-134-0x0000000005930000-0x0000000005ED4000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/1556-133-0x0000000000890000-0x0000000000A16000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1556-135-0x0000000005420000-0x00000000054B2000-memory.dmp

        Filesize

        584KB

        Download

      • memory/1556-139-0x0000000008F70000-0x000000000900C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/1556-136-0x0000000005570000-0x0000000005580000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1556-137-0x00000000053C0000-0x00000000053CA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1608-214-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1608-212-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1608-206-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1608-234-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/2108-217-0x0000000001A50000-0x0000000001AB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2108-223-0x0000000001A50000-0x0000000001AB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2108-226-0x0000000001A50000-0x0000000001AB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2108-229-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2668-244-0x00000000050C0000-0x00000000050D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2668-235-0x00000000008B0000-0x0000000000916000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3800-354-0x0000000140000000-0x0000000140239000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/3876-337-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/3876-359-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/3940-233-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/3940-202-0x0000000000C90000-0x0000000000CF0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3940-195-0x0000000000C90000-0x0000000000CF0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3940-199-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4088-406-0x0000000140000000-0x0000000140216000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4324-373-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4412-157-0x00000000006F0000-0x0000000000750000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4412-168-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4412-163-0x00000000006F0000-0x0000000000750000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4444-405-0x0000000140000000-0x00000001401FC000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4528-311-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4528-355-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4528-358-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4536-232-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4536-245-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4536-236-0x00000000007A0000-0x0000000000800000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4544-283-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4604-325-0x0000000140000000-0x00000001401ED000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/4716-257-0x0000000140000000-0x0000000140226000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4784-420-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/4784-480-0x0000000140000000-0x0000000140179000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/4796-140-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4796-145-0x0000000001610000-0x0000000001676000-memory.dmp

        Filesize

        408KB

        Download

      • memory/4796-150-0x0000000001610000-0x0000000001676000-memory.dmp

        Filesize

        408KB

        Download

      • memory/4796-144-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4796-143-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/4796-230-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/5000-188-0x0000000000D50000-0x0000000000DB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/5000-182-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/5000-181-0x0000000000D50000-0x0000000000DB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/5000-191-0x0000000000D50000-0x0000000000DB0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/5000-193-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/5036-383-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/5036-477-0x0000000140000000-0x0000000140147000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/5084-351-0x0000000140000000-0x0000000140259000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/5092-170-0x0000000000670000-0x00000000006D0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/5092-176-0x0000000000670000-0x00000000006D0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/5092-180-0x0000000140000000-0x0000000140200000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5108-282-0x0000000000400000-0x00000000005EE000-memory.dmp

        Filesize

        1.9MB

        Download