Overview

overview

8

Static

static

1

voltaire.msi

windows10-1703-x64

8

voltaire.msi

windows10-2004-x64

8

voltaire.msi

windows11-21h2-x64

8

Analysis

  • max time kernel
    1195s
  • max time network
    1800s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/03/2024, 23:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    voltaire.msi

  • Size

    8.9MB

  • MD5

    8d35f3ca2e59b85c8c8caed123a4f6cd

  • SHA1

    54ee7e40bab670bc2fdc5dbd7787d705d643b0f9

  • SHA256

    8ef318fa5dba85344f79f7e4a7b022d09d99bbd36d5e8aa5353018c867e85b2c

  • SHA512

    192ed0a8536356af37d2ec9e9597bef3befa3d0911bea214702ed1dd761b761bc54204a409618ce4e51fbbaf256f97f73fbbc139e729a64412db930413a8d025

  • SSDEEP

    98304:WOPvLtabi4X0MV+dYdcGt7VIb4JOPvLtabi4X0MV+dYdOOPvLtabi4X0MV+dYd+X:Wws3V+arws3V+xws3V+dws3V+6ws3V+

Score
8/10
persistence

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 16 IoCs
  • Drops file in Windows directory 17 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 20 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 18 IoCs
  • Modifies registry class 37 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\voltaire.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2536
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Registers COM server for autorun
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1016
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 1B0C5F2C19093828C772A47BA3C53374 C
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4796
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI8B48.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240618921 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
        3⤵
        • Loads dropped DLL
        PID:4456
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4460
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding B51EA6A9E1201FC270197BFC940328F2
        2⤵
        • Loads dropped DLL
        PID:3716
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 1BF1CF96E45AE13AF4D80AB4911C4F0D E Global\MSI0000
        2⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        PID:1860
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:4128
    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.ClientService.exe
      "C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=45.77.160.195&p=443&s=bea0db4d-ee86-46a5-8b98-3fa4abca2e4e&k=BgIAAACkAABSU0ExAAgAAAEAAQBVCWTmLE33JcPLjJezBrwOkI%2b8ZLWJbkfPUj4mui8bB5aA3FfDWdE9pv45IhOy%2fBuonb5uY75AfdUpovFKH%2fT5By3gQjBf88HWFgEN4iYik1B0e0et7Wc3hyBM431MAKUyIkltdyvKpZKW64L6nfS5pt97i3Yfvb8341CVuyHBwTCtb68JStzGeeJIVNMcVnasP11V204VVtDpkTbD2skXmonez4hN3YcdzNCQuj%2bBlDFuy4wTUA7kSe%2buX%2bV5cNkyWYPRaewb%2bDhQnlYr9ytCGLjTmzjKLeHWBKAEpEapOzJiFHMMa4XISQtJmK5t%2bfxXYWUuhnCDHnlSoipWL5Sg"
      1⤵
      • Sets service image path in registry
      • Drops file in System32 directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.WindowsClient.exe
        "C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.WindowsClient.exe" "RunRole" "5cba2285-a256-470c-a53e-bd37b97ef680" "User"
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: AddClipboardFormatListener
        PID:4008
      • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.WindowsClient.exe
        "C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.WindowsClient.exe" "RunRole" "89b079fb-c50e-4da5-be74-2485c43b7d5f" "System"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Checks processor information in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: AddClipboardFormatListener
        PID:2576
      • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.WindowsClient.exe
        "C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.WindowsClient.exe" "RunRole" "4a2d378d-a2a7-4645-8a6c-2a1c6a4258de" "System"
        2⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: AddClipboardFormatListener
        PID:4952

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e57c47a.rbs
      Filesize

      213KB

      MD5

      f58aef89464c26e7011e06b95f9411fa

      SHA1

      86991848c600dcbe6339ac4c05a790eed6836658

      SHA256

      dc73f02034507fbc6e3cb483f2f7084a35f06673d72435b3ec58cf773cff9722

      SHA512

      db9a70f7ce352c54e5e7d03f99afc0aa0ce9430fb59eab77442d8b787b359ddf09ff92ca9927df58b423c81f7a47962d47c2b17829067a8339df80bd1369da45

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\Client.en-US.resources
      Filesize

      47KB

      MD5

      3e83a3aa62c5ff54ed98e27b3fbecf90

      SHA1

      96d8927c870a74a478864240b3ace94ad543dfb8

      SHA256

      2d88b97d28be01abca4544c6381a4370c1a1ce05142c176742f13b44889ddf90

      SHA512

      ea9d05a4aa1ee5cccc61c4f5e8994efba9efff0549b69577bef1f2a22cce908739124eff1e0db5cfdd69e077ad2d7cdb1307de92d79673c9309ee621cb139956

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\Client.resources
      Filesize

      26KB

      MD5

      5cd580b22da0c33ec6730b10a6c74932

      SHA1

      0b6bded7936178d80841b289769c6ff0c8eead2d

      SHA256

      de185ee5d433e6cfbb2e5fcc903dbd60cc833a3ca5299f2862b253a41e7aa08c

      SHA512

      c2494533b26128fbf8149f7d20257d78d258abffb30e4e595cb9c6a742f00f1bf31b1ee202d4184661b98793b9909038cf03c04b563ce4eca1e2ee2dec3bf787

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.Client.dll
      Filesize

      188KB

      MD5

      6bc9611d5b6cee698149a18d986547a8

      SHA1

      f36ab74e4e502fdaf81e101836b94c91d80cb8ea

      SHA256

      17377a52eeae11e8ee01eb629d6a60c10015ad2bb8bc9768e5c8e4b6500a15ed

      SHA512

      3f23670d0ba150de19a805db6beb6eed8538bbad6fbe3cc21d17d738a43cf411c679a23cea11549e69be0321e672f740791d40e92498aef9d1f8650743ee85ea

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.ClientService.dll
      Filesize

      60KB

      MD5

      22af3a23bd30484514cdacf67c5b3810

      SHA1

      e92a4eaee9d896964de541ce2f01c2404b638258

      SHA256

      7c5442121dba2a30ab9579ec08e111ded372cf9cf90fb3256f273980b975afa9

      SHA512

      95e40b27e90fce7ca85e76afbbc16eb62b4bb977664702b987de2eb2294e6fe9e6df5610ec7b2362c2c68493313f30fbbcbd3446dbe8ae2fa47b89407f5d5936

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.ClientService.exe
      Filesize

      93KB

      MD5

      dc615e9d8ec81cbf2e2452516373e5a0

      SHA1

      ec83d37a4f45caeb07b1605324d0315f959452e9

      SHA256

      e9ab064ed381c29a3930f75ca3e05605c6ee07f30a69c043f576a5461de3bafc

      SHA512

      82fe00447fb9785264dfb8032399adf6d33d91d71058212d252742c9e5fd54f5a52f6baf4fb05e95f9a4055057c60a33a7c1c642f18a6a4e045b49be88fa5d9f

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.Windows.dll
      Filesize

      1.5MB

      MD5

      b1cc522694539e2a5ab9c424529fe0b9

      SHA1

      75f1fe286985461da47edc9c4af90175c3c8d152

      SHA256

      c9137aee3b4d152e9d70ac203b31565b250c6687440164924f86f4e633185908

      SHA512

      867cc3cb4d80633a0920accbf3a0d5621ba6a71f69622e5f98d59a2fe927ae6dae2967f2f8c3996acdac1a68805ccaa8d7c611516de27c9b3975c3b70549d2fb

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.Windows.dll
      Filesize

      1.6MB

      MD5

      29454a0cb83f28c24805e9a70e53444a

      SHA1

      334202965b07ab69f08b16fed0ee6c7274463556

      SHA256

      998cc3f9af5bd41ccf0f9be86192bbe20cdec08a6ff73c1199e1364195a83e14

      SHA512

      62790920974a2f1b018d466ae3e3b5100006a3c8013f43bdb04af7074cfe5d992caaeb610de2b1b72ff0e4acf8762db1513a4a0cf331f9a340ae0ce53c3be895

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.Windows.dll
      Filesize

      1.6MB

      MD5

      3dcd24e859584a9b8ecc9870a12edc01

      SHA1

      209b54e4d7261216e74cbd7062ef90f136b8db31

      SHA256

      963a2f940b9cc7e5972c17fe22e0bd6bc71c4aeac48a92cc8bf14db726cd5cfd

      SHA512

      8cc4c870af605206c081ca00e1768a8e825b6a52e3184d35136a7eb08f86b3cf814b8d2aaf6f61d482fdbbcf7c20165516995b0ffba1b7e218676e50de245be4

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.WindowsClient.exe
      Filesize

      573KB

      MD5

      5dec65c4047de914c78816b8663e3602

      SHA1

      8807695ee8345e37efec43cbc0874277ed9b0a66

      SHA256

      71602f6b0b27c8b7d8ad624248e6126970939effde785ec913ace19052e9960e

      SHA512

      27b5dcb5b0aeadf246b91a173d06e5e8d6cf2cd19d86ca358e0a85b84cd9d8f2b26372ef34c3d427f57803d90f2e97cf59692c80c268a71865f08fc0e7ce42d1

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.WindowsClient.exe.config
      Filesize

      266B

      MD5

      728175e20ffbceb46760bb5e1112f38b

      SHA1

      2421add1f3c9c5ed9c80b339881d08ab10b340e3

      SHA256

      87c640d3184c17d3b446a72d5f13d643a774b4ecc7afbedfd4e8da7795ea8077

      SHA512

      fb9b57f4e6c04537e8fdb7cc367743c51bf2a0ad4c3c70dddab4ea0cf9ff42d5aeb9d591125e7331374f8201cebf8d0293ad934c667c1394dc63ce96933124e7

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\ScreenConnect.WindowsCredentialProvider.dll
      Filesize

      746KB

      MD5

      f01a59c5cf7ec437097d414d7c6d59c4

      SHA1

      9ea1c3fbf3b5adbe5a23578dea3b511d44e6a2dd

      SHA256

      62b405f32a43da0c8e8ed14a58ec7b9b4422b154bfd4aed4f9be5de0bc6eb5e8

      SHA512

      587748ad4dd18677a3b7943eab1c0f8e77fe50a45e17266ba9a0e1363eda0ff1eabcf11884a5d608e23baf86af8f011db745ad06bcdecdfd01c20430745fe4bb

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\app.config
      Filesize

      2KB

      MD5

      7012f3944344133dff0d9e648d7b9b8b

      SHA1

      742f3a7ccac32bf015f517e6e50cc84050a2db51

      SHA256

      bb1eb1ec1d63e5c07341c3495792fe1bed30d974b81ee05194221a427a46ed5d

      SHA512

      aa1ee901a6c2c2b394642129743771cf8873f19e190c3558488871921216f1c3310fe5d31e3f3e3390a601a5732a834a922f700890375d105ab1d1a42e60c112

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (6c9c2b0db070ede3)\system.config
      Filesize

      934B

      MD5

      eb07a1f7e75a6dce30622a35383223f7

      SHA1

      32bedd045211ac7913a2b7e17b4971bfba96c41f

      SHA256

      df73cba8fe1a419f7d9bd50e1e33be7f243dad5408c9112606b283506548df8d

      SHA512

      499ef84d6e2cc00f63f65e0f09dbd48f18036954b886d1b3133c1f336ed12770ebe452b4fbda0ca2a6be6efa2b56c7b1abb13e8154fec60822e2d21bcad10454

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8B48.tmp
      Filesize

      1017KB

      MD5

      8d94c9f4c07b76b4e32daffcc51109da

      SHA1

      62e31a89c488d6745abb72a3071f688fd6180d33

      SHA256

      2b35c0e4088b2a7728fa7bc6a5bfdefed7665598de6d49641fdf5d1f1271a4d7

      SHA512

      0092cbbd95777e6931864d61931efdf3a349f79c575030cad9a1771432f52e1bdc25d5640e2923d202c42c2ce242d00187486334a946e97319d48211233eb0ac

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8B48.tmp-\Microsoft.Deployment.WindowsInstaller.dll
      Filesize

      172KB

      MD5

      5ef88919012e4a3d8a1e2955dc8c8d81

      SHA1

      c0cfb830b8f1d990e3836e0bcc786e7972c9ed62

      SHA256

      3e54286e348ebd3d70eaed8174cca500455c3e098cdd1fccb167bc43d93db29d

      SHA512

      4544565b7d69761f9b4532cc85e7c654e591b2264eb8da28e60a058151030b53a99d1b2833f11bfc8acc837eecc44a7d0dbd8bc7af97fc0e0f4938c43f9c2684

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8B48.tmp-\ScreenConnect.Core.dll
      Filesize

      519KB

      MD5

      b319407e807be1a49e366f7f8ea7ee2a

      SHA1

      b12197a877fb7e33b1cb5ba11b0da5ca706581ba

      SHA256

      761b7e50baa229e8afcd9a50990d7f776ddb5ed1ea5fbb131c802e57cf918742

      SHA512

      dc497643790dc608dece9c8fe7264efedd13724bd24c9bf28a60d848b405fddefb8337a60f3f32bb91518910e02c7a2aaf29fc32f86a464dfcafa365526bdb7f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8B48.tmp-\ScreenConnect.InstallerActions.dll
      Filesize

      21KB

      MD5

      b0585159161d50e330b7f8eda50a2770

      SHA1

      8636fab3ce6c21a42d3e5fbd495c2ddad4279162

      SHA256

      ca9e51d51f24e16428d1b0e9a0829a44da2678bfc7ba00f0b46a57dcd6d734b8

      SHA512

      e9ae99bdce64ca4282fa4580d3b081f7d0874c756aef77fb58e10db148e2f670ba48667ce62033c6f514ff825dc54c1bdbae2c7f8d5f9355486402cf75e1d5ad

      Download Submit

    • C:\Windows\Installer\MSIC610.tmp
      Filesize

      202KB

      MD5

      ba84dd4e0c1408828ccc1de09f585eda

      SHA1

      e8e10065d479f8f591b9885ea8487bc673301298

      SHA256

      3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852

      SHA512

      7a38418f6ee8dbc66fab2cd5ad8e033e761912efc465daa484858d451da4b8576079fe90fd3b6640410edc8b3cac31c57719898134f246f4000d60a252d88290

      Download Submit

    • C:\Windows\Installer\e57c479.msi
      Filesize

      8.9MB

      MD5

      8d35f3ca2e59b85c8c8caed123a4f6cd

      SHA1

      54ee7e40bab670bc2fdc5dbd7787d705d643b0f9

      SHA256

      8ef318fa5dba85344f79f7e4a7b022d09d99bbd36d5e8aa5353018c867e85b2c

      SHA512

      192ed0a8536356af37d2ec9e9597bef3befa3d0911bea214702ed1dd761b761bc54204a409618ce4e51fbbaf256f97f73fbbc139e729a64412db930413a8d025

      Download Submit

    • C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
      Filesize

      1KB

      MD5

      8adef61669398b1af8b0ef42632c24e2

      SHA1

      49e7467ca605496d76ff6447bed04c7a7db57fe6

      SHA256

      b55ffe7ed15b4a95676ccb59a38fa6ea7b0136642c39ff0ca5a4dab85fa4abda

      SHA512

      275324bf50f7816f12856492040ae39d8f96d15cb569d0bf5916aef5a13b8c6f61e94a658d55f43618722764a4873f4b601971faef4fd8408be1cfe32d5a2e21

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      12.8MB

      MD5

      cb1b88f2a9f3389c7636a90e7ce55f96

      SHA1

      ec06647c96be45c38c069087cab04639dc33db79

      SHA256

      d4f15c9e9d9c59d6334a9a3bd71fee3147c20b1137df661abcff15cdda84f9d2

      SHA512

      fd5026a2f1c7e6aa92add46b0b8aa3f3799f0111f027bf0143b50fef55e3aa5f0b5c6dcbd303b313ed6cb8e3e7730e9202f1bfd78e068cc99908e8bd7ee3547e

      Download Submit

    • \??\Volume{b33ab3a0-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{e0ee8de2-bd92-46f2-89c6-64cd4681ad7d}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      c2f0af0a6269aae757a5c611bcbc817f

      SHA1

      4cf90395ea15b69344f29f5fc25f6a331fad34a8

      SHA256

      79027322246f97e4115a75a7ab61dfdb52b984af7cf88db17490a7b1c0b2e61f

      SHA512

      a18de5d91c2398e5d14a9e82fcd58e70cb91d5551ea14373b49af0feecc041d039547237cc25a19bd1b958aa1ecd2b73a5a898363b6bcaacbf81f10b2f66bf19

      Download Submit

    • memory/2412-111-0x0000000004720000-0x0000000004756000-memory.dmp

      Filesize

      216KB

      Download

    • memory/2412-77-0x0000000004320000-0x0000000004336000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2412-85-0x0000000004380000-0x0000000004390000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2412-107-0x00000000046D0000-0x0000000004720000-memory.dmp

      Filesize

      320KB

      Download

    • memory/2412-89-0x0000000004380000-0x0000000004390000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2412-88-0x0000000004760000-0x000000000490A000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2412-112-0x00000000049B0000-0x0000000004A42000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2412-80-0x0000000074990000-0x0000000075141000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2412-114-0x0000000004A50000-0x0000000004B0E000-memory.dmp

      Filesize

      760KB

      Download

    • memory/2412-90-0x0000000004EC0000-0x0000000005466000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2412-138-0x0000000074990000-0x0000000075141000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2412-139-0x0000000004380000-0x0000000004390000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2412-140-0x0000000004380000-0x0000000004390000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2576-143-0x00007FFAC5E10000-0x00007FFAC68D2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2576-144-0x000000001C630000-0x000000001C640000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2576-152-0x00007FFAC5E10000-0x00007FFAC68D2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2576-134-0x000000001C630000-0x000000001C640000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2576-133-0x00007FFAC5E10000-0x00007FFAC68D2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4008-129-0x0000000002A10000-0x0000000002A20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4008-123-0x0000000000720000-0x00000000007B4000-memory.dmp

      Filesize

      592KB

      Download

    • memory/4008-130-0x0000000000FE0000-0x0000000000FF6000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4008-131-0x0000000001060000-0x0000000001076000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4008-126-0x00007FFAC5E10000-0x00007FFAC68D2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4008-127-0x000000001B9E0000-0x000000001BB8A000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/4008-128-0x000000001C9A0000-0x000000001CB28000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4008-142-0x0000000002A10000-0x0000000002A20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4008-141-0x00007FFAC5E10000-0x00007FFAC68D2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4008-125-0x000000001B530000-0x000000001B5B8000-memory.dmp

      Filesize

      544KB

      Download

    • memory/4008-124-0x0000000001000000-0x0000000001036000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4456-18-0x00000000028F0000-0x000000000291E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4456-12-0x0000000004F70000-0x0000000004F80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4456-14-0x0000000004F70000-0x0000000004F80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4456-22-0x0000000002930000-0x000000000293C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/4456-26-0x0000000004D90000-0x0000000004E18000-memory.dmp

      Filesize

      544KB

      Download

    • memory/4456-37-0x0000000074890000-0x0000000075041000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4456-11-0x0000000074890000-0x0000000075041000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4952-155-0x00007FFAC5E10000-0x00007FFAC68D2000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4952-156-0x000000001CB00000-0x000000001CB10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4952-160-0x00007FFAC5E10000-0x00007FFAC68D2000-memory.dmp

      Filesize

      10.8MB

      Download