Overview

overview

10

Static

static

10

3816-142-0...ry.exe

windows7-x64

10

3816-142-0...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    12s
  • max time network
    29s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-03-2024 05:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3816-142-0x0000000000400000-0x0000000000654000-memory.exe

  • Size

    2.3MB

  • MD5

    28af75842a4a507ed1bc04782133c1cd

  • SHA1

    c0198e76b972772adf04b9a37b575db0e2a1a65e

  • SHA256

    5ab9feae38e3b0f409af2261cdddc44676b301ed4df03adec3bcae88d1fe58da

  • SHA512

    15739906e7041e4fd7e65c90eb65513113bc7356863285a881a932c35223a56e269355a1e00e504f88d2c0dda1817e0850fb0340c855a9efd1b82e0384257590

  • SSDEEP

    24576:wxgsRftD0C2nKGH0Djsf9nz4mloFQnpXUMPQDR6q79dA:waSftDnGUDYf5zaCpXxPuR6E9dA

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 17 IoCs
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 19 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3816-142-0x0000000000400000-0x0000000000654000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\3816-142-0x0000000000400000-0x0000000000654000-memory.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3400
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      2⤵
      • Accesses Microsoft Outlook profiles
      • outlook_office_path
      • outlook_win_path
      PID:2412
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:224
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:4760
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:244
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:960
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:944
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4008
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:3648
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:3016
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:4704
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:220
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:2804
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:1696
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4144
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:3928
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:3636
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:5004
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:4168
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1780
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        PID:3872

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
        Filesize

        2.1MB

        MD5

        cc6c209cdd2197f972d1d84cc651cb80

        SHA1

        4a5c76c2b649f7d090b34fb78037e84eba621fdd

        SHA256

        38708391a470b6c95d120c0bc3416c10125c7330ababd2080325d9be78e1f574

        SHA512

        7143bd6bfd0c9e8f1083b4368fe7c4172a1b3f8b61c9273ae44d3319268110b9f3d774a9f5c568d014623dd6ef8e0e9a4d7f32c10eabc824b0b2c6d001e4ebea

        Download Submit

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        Filesize

        960KB

        MD5

        03602ccaa70930392422fec6c5cfd07d

        SHA1

        0d5cbadf785a737559fd60c3607fb87104e0b9c6

        SHA256

        d85672070ef6e032bc012ea74ad4018b2f81c99ce0b7f74f2631cb05f74b2f66

        SHA512

        5d83125a346ad8d853ec05437c865796e9d0b3338c454d23d8067df103e685b40099e1d5b57192ddc03121a7de2240a7ff72b9d3bfe8a21d393005df3fca08a9

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
        Filesize

        1.5MB

        MD5

        9141c10958232303bfe19a8c3d47a7f7

        SHA1

        3d4f6db48573c81ebb310f05053f7aa53e225b76

        SHA256

        2fbc691be992aefedbfe18874f1485412bdceebfa4c24dd91311505c34d048da

        SHA512

        d93491cfeed509e86172bfcf3c0ae07171025e6366b9a5a92bbfe371d290e0386c7eaafea987bd06bc12527acc3d10e669115aa858ef330d34f7a638fcded6f0

        Download Submit

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
        Filesize

        2.1MB

        MD5

        a63737c3b6e8d6835e999a1d91757e6d

        SHA1

        9370cac4085af626645d5aba9797d48d96315d7b

        SHA256

        6e1e14d8804a3d1b0549f81f7efee1f3df2b4594fe95266a88fe09ef2115e3d1

        SHA512

        c3a8084d78a29964856a73214b72dfada9fb917a1e2ca420d1c8e4ba53275e6631ab8a0281c9d194378bc4f3912ddfc6bb9f621b8cfd5176a181f6fc9d15d5d5

        Download Submit

      • C:\Windows\SysWOW64\perfhost.exe
        Filesize

        1.2MB

        MD5

        ead4ac8ed6342f18fea0f69567af2958

        SHA1

        92698ba90460def2b2df469af404748affcb6106

        SHA256

        fddb515ceee04390174ed1e1b71f311f4e532905a4b7d0caf0d962fa3a306c76

        SHA512

        7b9db2519211b407a7e78fde8f6c71c27605474f9e464f7619701a1b7b802693968c9187893333d52fd276a7c3733ea42d39cf83cac2e789d8cc1d570b2a9958

        Download Submit

      • C:\Windows\System32\AgentService.exe
        Filesize

        1.7MB

        MD5

        5dda609ab94ea5749da8254a95df17e3

        SHA1

        888ae00d020c8373ab217d07d2a0b4c0549c59b7

        SHA256

        e6e4f34d7054e8faf4c321d0ed5f375e5fc3134aa375cd230a0a30c4c470a1b1

        SHA512

        cf7f72be0899e28fa00d4163157b6f22ff179444c91abdfe464518a7046bc745a2c2d0dad9df477ca3f1e47a029ac0f34f4a2ca4c8cfc19b412d78940c1efd47

        Download Submit

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        Filesize

        1.3MB

        MD5

        8426972ca36e3783a4fdb2c7064e121f

        SHA1

        1e4a8a31e4052461a75b65a179a1387b735693a6

        SHA256

        a4682b97b31a1f566becf5df4dda7ce217b615225d73ad3da465d990fc2c1773

        SHA512

        e4e50ff1ec03864e34cfe7b401f945a3a397f1254f21f44bd1939829b63f078091df37336b3b8fc3452e2b5c53c1413060e2ee756f79d0a7fd48f8d2d75efd71

        Download Submit

      • C:\Windows\System32\FXSSVC.exe
        Filesize

        1.2MB

        MD5

        9c5889c359bd1fc072fa7b882db09e4c

        SHA1

        8ce698bf9b216e864a607c4a8bc3a87f4638971f

        SHA256

        dfed4d3d4b2002f8edcc3ae6e7aa9801814bbbf6d1c5f450fb6dd0df2a858ced

        SHA512

        46d2e5faf40e6915314fd751958d3564f1bdab3f2793f9a125b8fa44797d4bb5d21cb482fc18ee2a1a30eb9c8cd38e72f1036bbb8928c30cc05be3ce95fd7e83

        Download Submit

      • C:\Windows\System32\Locator.exe
        Filesize

        1.2MB

        MD5

        5ab152c749e47da4b5fe45026ee77b77

        SHA1

        547b7fcc21c36c8ca36ee2498effefdc85cfc362

        SHA256

        832d929cf38f6373766d0c80f4a5ee135f712e3c6ddd34421e27ac229279796e

        SHA512

        31380e11d3e42192b04febcb4a9a3f837e6c8a37512a7fe5267939cc1a0b399666915218c0f3c90a111e588cf5e9ebfd5df6071d43efafdbc17c6adaad9d8d88

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        62ac2e29099010a6b9017c838e6b3b98

        SHA1

        bde17653af7b834c715bd5111b91506ef687ea63

        SHA256

        668ffd191e117d514c53ae71633584cf115d6dd46d4b96d3e80e652e47d59dcc

        SHA512

        daaff4dfbf7de6559e7aa5e97027b9654e789fd9729a1f72d84a441c7228495071c855a04bc9d319ff829c0cc640e7f1304e3433e790eefcea7d2e864a9eef1a

        Download Submit

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
        Filesize

        1.3MB

        MD5

        91d87e364f9ce3e726b0876f6f92c2e9

        SHA1

        77e789675e8c09439b0daa93ac178149ca30f1aa

        SHA256

        03be9a205e405108e3ef6230389e628eb06bd5ad88e7d4ce31158b7ed6442dd9

        SHA512

        499635e03830cf95a174afc3a2db7a3387a2c90ca975347e44c7cfc3ae21ed105bac9df911816491f66b1cbeb5b9387c13fc7c5a171e8b33400fcf79bfa7ad07

        Download Submit

      • C:\Windows\System32\SensorDataService.exe
        Filesize

        1.8MB

        MD5

        d0d892e50e6a2c535b8724bcab2f5b7c

        SHA1

        ab00dcb74e6c142eab3aa829ef763581e7ffebf2

        SHA256

        e12fb154cd6771774cad5028e6d92f1e47daa593563188aebecb18fd2488bbce

        SHA512

        3e3ce52360ac941e9e757fd5d0c28ef58ee32666d90bd68aa1bf47f209009cec7f098a7a51ac7cdd1a9008171385c00f162726b56c1fafa6cc1b7c8687a3f33e

        Download Submit

      • C:\Windows\System32\Spectrum.exe
        Filesize

        1.4MB

        MD5

        6ea4cba9d5e3cc9081899593faed7ca4

        SHA1

        1e0f1fa82873e067345a711ab6dd26579e492729

        SHA256

        e697f618f1b20dc8fc76ef04ba04793691198a39e106cd86d18bd1e113aeba46

        SHA512

        d205b3065e69330aafa416dbc06643da752d20082803969d6a63b5a6bef5ec3c4ab0cf078ffd1bcc981f4f8162f9863cf7c26f8a659579a9fe9a5a4f804f0faa

        Download Submit

      • C:\Windows\System32\TieringEngineService.exe
        Filesize

        1.5MB

        MD5

        39544d87f3e01d1b1efdd3ee9b5011b1

        SHA1

        eb81aaae7dae10cb6635282208491583042a26c7

        SHA256

        600c8bcbb102578f364f3824efda097de5b656cc6f9669bdcd20ab2e59a43b96

        SHA512

        bfe8f94a5da4f43e0184f873b62a5f19e4645a675a5f1ad8fc31208484b2646199c9a3eab4ac9da9a2ef12eb05dc332f41d416cbf952bcff1724d6420acc5da2

        Download Submit

      • C:\Windows\System32\alg.exe
        Filesize

        1.3MB

        MD5

        9df4f411d4449c69e18e2d517a422d3b

        SHA1

        945045331a81fa26f0ebdf762d39ba04aac448b6

        SHA256

        efa96f5d620ee408e40947a0840b8c93c30ea6c4b7a4c8e87029732ed69e00ef

        SHA512

        249034bb22c184d5dec02e58269e33619b02b7aa2eef890024bd74e87f6d40761e076636f49a409d4141196f5e64bbbb70a590e9aedb05730ce9554b3ea4969a

        Download Submit

      • C:\Windows\System32\msdtc.exe
        Filesize

        1.4MB

        MD5

        5601dc6bbce6558904d884cce1aacb25

        SHA1

        4dd39f78d2d6717c0433ffddc5e1efd50de823f1

        SHA256

        9cbdfa8e18f339125b39876ca1a31cbe752befc462bc2ea11b7e55e59cccf5f1

        SHA512

        3618a63980a9631dfb7cd1629ec668175805e0755735d1c12cd16d5700420324ace29fd55f08e3e793faf8fabd8d547742ff08049ac9b7aab4e3a4446629e5ed

        Download Submit

      • C:\Windows\System32\snmptrap.exe
        Filesize

        704KB

        MD5

        8c39564ad6462de5b239c32c23eda430

        SHA1

        230d0a77fb4132fc772ede915eb13bc3cd1580ce

        SHA256

        34f7dac79257730ea55657cb959c8ff20da1baed7e554023446b6b0614ceb4cc

        SHA512

        8c5865d1b261c2b26d7e5d0d025ccdf490d2dc91a5879ddba05975626bfd9dac20c62688bda068e18e4d3e5c0d67c4cf3899cbfd1e659111d8f9c26f02698fa7

        Download Submit

      • memory/220-131-0x0000000000B40000-0x0000000000BA0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/220-183-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/220-124-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/224-14-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/224-20-0x0000000000740000-0x00000000007A0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/224-13-0x0000000000740000-0x00000000007A0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/224-78-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/944-49-0x0000000000710000-0x0000000000770000-memory.dmp

        Filesize

        384KB

        Download

      • memory/944-57-0x0000000000710000-0x0000000000770000-memory.dmp

        Filesize

        384KB

        Download

      • memory/944-122-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/944-50-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/960-62-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/960-38-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/960-39-0x0000000000800000-0x0000000000860000-memory.dmp

        Filesize

        384KB

        Download

      • memory/960-45-0x0000000000800000-0x0000000000860000-memory.dmp

        Filesize

        384KB

        Download

      • memory/960-60-0x0000000000800000-0x0000000000860000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1696-164-0x00000000006F0000-0x0000000000750000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1696-223-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1696-155-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1780-225-0x0000000140000000-0x0000000140239000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1780-230-0x0000000000850000-0x00000000008B0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2412-148-0x0000000005310000-0x0000000005320000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2412-142-0x0000000073C20000-0x00000000743D0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2412-159-0x0000000073C20000-0x00000000743D0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2412-150-0x0000000005510000-0x00000000055AC000-memory.dmp

        Filesize

        624KB

        Download

      • memory/2412-149-0x00000000053B0000-0x000000000546C000-memory.dmp

        Filesize

        752KB

        Download

      • memory/2412-141-0x0000000000E10000-0x0000000000E76000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2804-145-0x00000000005F0000-0x0000000000656000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2804-196-0x0000000000400000-0x00000000005EE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/2804-137-0x0000000000400000-0x00000000005EE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/3016-166-0x0000000000D40000-0x0000000000DA0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3016-100-0x0000000000D40000-0x0000000000DA0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3016-95-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3016-153-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3016-92-0x0000000000D40000-0x0000000000DA0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3400-0-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3400-1-0x0000000000910000-0x0000000000976000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3400-6-0x0000000000910000-0x0000000000976000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3400-65-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3636-204-0x0000000000760000-0x00000000007C0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3636-198-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/3648-76-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3648-84-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3648-90-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3648-88-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3648-79-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3872-236-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3928-184-0x0000000140000000-0x00000001401ED000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/3928-191-0x0000000000710000-0x0000000000770000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4008-136-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4008-72-0x00000000001A0000-0x0000000000200000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4008-67-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/4008-64-0x00000000001A0000-0x0000000000200000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4144-177-0x00000000006B0000-0x0000000000710000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4144-168-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4144-234-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/4704-171-0x0000000140000000-0x0000000140226000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4704-117-0x00000000007D0000-0x0000000000830000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4704-107-0x0000000140000000-0x0000000140226000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4760-26-0x00000000004C0000-0x0000000000520000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4760-27-0x0000000140000000-0x0000000140200000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4760-34-0x00000000004C0000-0x0000000000520000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4760-93-0x0000000140000000-0x0000000140200000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5004-218-0x0000000000D80000-0x0000000000DE0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/5004-211-0x0000000140000000-0x0000000140259000-memory.dmp

        Filesize

        2.3MB

        Download