Overview

overview

10

Static

static

AnyDeskAPP.msi

windows10-1703-x64

10

AnyDeskAPP.msi

windows10-2004-x64

8

Analysis

  • max time kernel
    600s
  • max time network
    428s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-01-2023 23:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnyDeskAPP.msi

  • Size

    1.4MB

  • MD5

    4e4a4a4eb6a77d72af83b2bbd0698593

  • SHA1

    dbaeba54fcae50acc36565d0f61ad73df6df7d45

  • SHA256

    58e9f60d0b951029578cc1054668bfee2f00cfa029cfbd01ea65c7f61713a40a

  • SHA512

    69785dadc878bd1178672a8f08590eeccd268b4fd2107ae3909e59fba03e7cfa425f690580dfcfa1f5ec3e494e5ef0b7232a16a26c8fbf734ef3887da4044ccb

  • SSDEEP

    24576:Y+rwxLNjY3Wx0ECIgYmfLVYeBZrWAv12h2SekeUuyZD6lvs0zqa3:TrMjYMZKumZrWAWTreUuyZD6lvVz9

Score
10/10
lampionbankerevasionpersistencetrojan

Malware Config

Signatures

  • Lampion

    Lampion is a banking trojan, targeting Portuguese speaking countries.

    trojanbankerlampion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Blocklisted process makes network request 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 7 IoCs
  • Modifies registry class 27 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\AnyDeskAPP.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3260
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4968
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:3844
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding F678549A6A0C9AC0AA88AC2C77FE0307
        2⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:4620
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss49CD.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi49BB.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr49BC.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr49BD.txt" -propSep " :<->: " -testPrefix "_testValue."
          3⤵
          • Blocklisted process makes network request
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:4760
          • C:\adjacente\formal\Winresolução.exe
            "C:\adjacente\formal\Winresolução.exe"
            4⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Executes dropped EXE
            • Checks BIOS information in registry
            • Adds Run key to start application
            • Checks whether UAC is enabled
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of SetWindowsHookEx
            PID:4800
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3672
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
      1⤵
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:2852
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5052
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5052 CREDAT:82945 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:5092

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Registry Run Keys / Startup Folder

    1
    T1060

    Privilege Escalation

    Defense Evasion

    Virtualization/Sandbox Evasion

    1
    T1497

    Modify Registry

    2
    T1112

    Credential Access

    Discovery

    Query Registry

    4
    T1012

    Virtualization/Sandbox Evasion

    1
    T1497

    System Information Discovery

    5
    T1082

    Peripheral Device Discovery

    2
    T1120

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      14bf85de793cea23b81c15fb4078caac

      SHA1

      288eb197e359344a18d65724ff854bbe482be6fb

      SHA256

      a6a1d1ce7bbc768eeda3b115f96805c7a7b79b2a1d456810842bad24fcf6d1f1

      SHA512

      cb7bfb330f21e1d4ef49d92c86c77c12a58ad8fe37e57a745539f0902ef2bb063f6e4236146584c4dbd2c5d48510c7500577e7d0b41724ccad1f017cb2da70c1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      3beeca1c0381bd9463db2aee0fc65985

      SHA1

      1081c43f9c75f644eb229f4b424b695501e56a68

      SHA256

      d042a81cdc28f8277e659376f9a21206d9c12657e44f83bac06159e6fd8e921b

      SHA512

      ff8bf164ddf64de984a0ffc9dea0547209a9162079eb63c605d6b7bbd69c86de3909243448232a5de355fd0cd885ee6abfc75e885273f79c9508565be7c440f8

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\Q9DZMV42.cookie
      Filesize

      611B

      MD5

      2eac673bc1b0a02baaac204bb536c72c

      SHA1

      b78bc409ea46195a2db6ba9e0552a8c9c395c3a2

      SHA256

      44d826e784b1ec3255cf5018896584aee1efe3619c06b90a51f95a40e395f66e

      SHA512

      4da2bf53ace28ce0069af0900c8db3086b372c982bfc21e709be9b67ece79dff19ea8a543d050083fcf4dfe42a793f5df4b5872a0fe7533dfd295da623bf71dd

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\V40R8QX7.cookie
      Filesize

      610B

      MD5

      d4cb67b0a0dbb01c740b57f90e0dce02

      SHA1

      2e52271084291b601311ce323cef7a3351082dcf

      SHA256

      bfde1fa38eeb781c41902ccf5bb58d61802c924f9e708ee21889bf322cc19761

      SHA512

      5456f52746eb63f5be28ba5716f12813a0866fb8916a69e8d0939fd97c9f0500a958aedc8a16d155cbfb27af9e5edfc8ed3eaec5d481bab7b6ab4d70d33221d0

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\pss49CD.ps1
      Filesize

      5KB

      MD5

      fc1bb6c87fd1f08b534e52546561c53c

      SHA1

      db402c5c1025cf8d3e79df7b868fd186243aa9d1

      SHA256

      a04750ed5f05b82b90f6b8ea3748ba246af969757a5a4b74a0e25b186add520b

      SHA512

      5495f4ac3c8f42394a82540449526bb8ddd91adf0a1a852a9e1f2d32a63858b966648b4099d9947d8ac68ee43824dacda24c337c5b97733905e36c4921280e86

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\scr49BC.ps1
      Filesize

      17KB

      MD5

      7c5b73168b207a9c580eb62dd1588fef

      SHA1

      cdd8f39b7a12aa0b3c62a3c0c19572976d0444dc

      SHA256

      6d6b711685d829f27fcfe579853e43d993bf6e935085161d0dbee6abb43f60d5

      SHA512

      7ea9836bc57698341d18154e1b76ea6d1ee67b68504c2076b7125374c63298a9bf3580b4d2c2936ab19d0831940bb927171b6ad5a46fb87caf7f43b2b82696f9

      Download Submit
    • C:\Windows\Installer\MSI203A.tmp
      Filesize

      436KB

      MD5

      475d20c0ea477a35660e3f67ecf0a1df

      SHA1

      67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

      SHA256

      426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

      SHA512

      99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

      Download Submit
    • C:\Windows\Installer\MSI3F6B.tmp
      Filesize

      436KB

      MD5

      475d20c0ea477a35660e3f67ecf0a1df

      SHA1

      67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

      SHA256

      426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

      SHA512

      99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

      Download Submit
    • C:\Windows\Installer\MSI4335.tmp
      Filesize

      436KB

      MD5

      475d20c0ea477a35660e3f67ecf0a1df

      SHA1

      67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

      SHA256

      426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

      SHA512

      99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

      Download Submit
    • C:\Windows\Installer\MSI44AD.tmp
      Filesize

      436KB

      MD5

      475d20c0ea477a35660e3f67ecf0a1df

      SHA1

      67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

      SHA256

      426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

      SHA512

      99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

      Download Submit
    • C:\Windows\Installer\MSI4905.tmp
      Filesize

      574KB

      MD5

      7b7d9e2c9b8236e7155f2f97254cb40e

      SHA1

      99621fc9d14511428d62d91c31865fb2c4625663

      SHA256

      df58faba241328b9645dcb5dec387ec5edd56e2d878384a4783f2c0a66f85897

      SHA512

      fbaa1560f03255f73be3e846959e4b7cbb1c24165d014ed01245639add6cc463975e5558567ab5704e18c9078a8a071c9e38dc1e499ba6e3dc507d4275b4a228

      Download Submit
    • C:\adjacente\formal\Winresolução.exe
      Filesize

      5.5MB

      MD5

      caa7805c7dc283359293bae074cb85ec

      SHA1

      f21c4880fbf40b8f03ed8954263106d814ac014d

      SHA256

      e24fbdd85caccbf63428e12d5e0afb7529c6c22469ed7414e80d5a6b9c02ac23

      SHA512

      206a54b956f7bed6f63a2f08b9ec6b9bec32fb628356e2b6189edea814e403bee385ce46420ca5a4d41e33d6306376c7c605f3645c5c3b85a0f0980d4ba5e8f1

      Download Submit
    • C:\adjacente\formal\Winresolução.exe
      Filesize

      5.5MB

      MD5

      caa7805c7dc283359293bae074cb85ec

      SHA1

      f21c4880fbf40b8f03ed8954263106d814ac014d

      SHA256

      e24fbdd85caccbf63428e12d5e0afb7529c6c22469ed7414e80d5a6b9c02ac23

      SHA512

      206a54b956f7bed6f63a2f08b9ec6b9bec32fb628356e2b6189edea814e403bee385ce46420ca5a4d41e33d6306376c7c605f3645c5c3b85a0f0980d4ba5e8f1

      Download Submit
    • C:\adjacente\formal\vending
      Filesize

      89.4MB

      MD5

      3c6ef07082ae5cd1cdbb4c272f1da202

      SHA1

      4bbc70f293110dae93746e8a1fe7c5a47d1f33ec

      SHA256

      2bd1e88bcdd6377d1fa2a8f12b1ffec9c1a73e4aeea4a9eea31c359880a17b4c

      SHA512

      432d6c249b4b000c5cdf9600f8ca3f7771e55d41152abbc398b70a5b8cc5bd3d867a7febbd7b4d07186a519b04a7f552aa25712c099b16ebdb4575a751c73ee9

      Download Submit
    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      25.0MB

      MD5

      8ebc5cc3c2878a5ca86c47b6ce2117f2

      SHA1

      c4bb571123b5daf4864f52a3d22a40df08594eb4

      SHA256

      7db8287e7df857bda3f6ef2b43190ab94850f99a5e8af5360f86a01afcbcd626

      SHA512

      495a7f33d9c8a4689a77980784ca81054e4c4fbbee8380083a0f52ee041f79603d577d8eabab6b24568d1b0ee84bdf9ade3facf369357dfbd866582b3defaeaf

      Download Submit
    • \??\Volume{b79df8d1-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{b256fc53-46f4-4a4e-bc11-aad2fbce963f}_OnDiskSnapshotProp
      Filesize

      5KB

      MD5

      4fc39d248908e25af9bc250cb527a11c

      SHA1

      06f7c398c4a2b104d03895c16af828bba2bef83c

      SHA256

      02cb218d676e5f5a355e82d6ff94941f0d5c815a6dca6a8cfb100450d8920b77

      SHA512

      0081c21e4a1e179e70fac614ba309f635a715a63e24d1be89377090c2f78bf6e91bd9141490bac52f67fddd57eedd6c24f638870a40e5073f30bf87007c75c0b

      Download Submit
    • \Windows\Installer\MSI203A.tmp
      Filesize

      436KB

      MD5

      475d20c0ea477a35660e3f67ecf0a1df

      SHA1

      67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

      SHA256

      426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

      SHA512

      99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

      Download Submit
    • \Windows\Installer\MSI3F6B.tmp
      Filesize

      436KB

      MD5

      475d20c0ea477a35660e3f67ecf0a1df

      SHA1

      67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

      SHA256

      426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

      SHA512

      99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

      Download Submit
    • \Windows\Installer\MSI4335.tmp
      Filesize

      436KB

      MD5

      475d20c0ea477a35660e3f67ecf0a1df

      SHA1

      67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

      SHA256

      426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

      SHA512

      99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

      Download Submit
    • \Windows\Installer\MSI44AD.tmp
      Filesize

      436KB

      MD5

      475d20c0ea477a35660e3f67ecf0a1df

      SHA1

      67340739f51e1134ae8f0ffc5ae9dd710e8e3a08

      SHA256

      426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd

      SHA512

      99525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e

      Download Submit
    • \Windows\Installer\MSI4905.tmp
      Filesize

      574KB

      MD5

      7b7d9e2c9b8236e7155f2f97254cb40e

      SHA1

      99621fc9d14511428d62d91c31865fb2c4625663

      SHA256

      df58faba241328b9645dcb5dec387ec5edd56e2d878384a4783f2c0a66f85897

      SHA512

      fbaa1560f03255f73be3e846959e4b7cbb1c24165d014ed01245639add6cc463975e5558567ab5704e18c9078a8a071c9e38dc1e499ba6e3dc507d4275b4a228

      Download Submit
    • memory/3844-124-0x0000000000000000-mapping.dmp
      Download
    • memory/4620-178-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-189-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-150-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-151-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-152-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-153-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-154-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-155-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-158-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-157-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-159-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-160-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-156-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-161-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-162-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-163-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-164-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-165-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-166-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-167-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-168-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-169-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-170-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-171-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-174-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-147-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-148-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-175-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-176-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-177-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-146-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-180-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-179-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-181-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-182-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-184-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-183-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-185-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-186-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-187-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-188-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-149-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-145-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-193-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-192-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-194-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-195-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-144-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-143-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-142-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-141-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-140-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-139-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-138-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-125-0x0000000000000000-mapping.dmp
      Download
    • memory/4620-126-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-127-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-137-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-136-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-128-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-129-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-131-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-132-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-134-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4620-135-0x00000000778E0000-0x0000000077A6E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4760-363-0x0000000009700000-0x0000000009718000-memory.dmp
      Filesize

      96KB

      Download
    • memory/4760-250-0x0000000000000000-mapping.dmp
      Download
    • memory/4760-323-0x0000000007BA0000-0x0000000007C16000-memory.dmp
      Filesize

      472KB

      Download
    • memory/4760-336-0x00000000089D0000-0x00000000089EA000-memory.dmp
      Filesize

      104KB

      Download
    • memory/4760-342-0x0000000008A70000-0x0000000008A92000-memory.dmp
      Filesize

      136KB

      Download
    • memory/4760-341-0x0000000008CE0000-0x0000000008D74000-memory.dmp
      Filesize

      592KB

      Download
    • memory/4760-343-0x0000000009C00000-0x000000000A0FE000-memory.dmp
      Filesize

      5.0MB

      Download
    • memory/4760-318-0x0000000006A10000-0x0000000006A2C000-memory.dmp
      Filesize

      112KB

      Download
    • memory/4760-335-0x0000000009080000-0x00000000096F8000-memory.dmp
      Filesize

      6.5MB

      Download
    • memory/4760-319-0x0000000007A20000-0x0000000007A6B000-memory.dmp
      Filesize

      300KB

      Download
    • memory/4760-314-0x0000000006DF0000-0x0000000006E56000-memory.dmp
      Filesize

      408KB

      Download
    • memory/4760-315-0x0000000007630000-0x0000000007980000-memory.dmp
      Filesize

      3.3MB

      Download
    • memory/4760-313-0x0000000006C80000-0x0000000006CE6000-memory.dmp
      Filesize

      408KB

      Download
    • memory/4760-286-0x00000000047A0000-0x00000000047D6000-memory.dmp
      Filesize

      216KB

      Download
    • memory/4760-291-0x0000000007000000-0x0000000007628000-memory.dmp
      Filesize

      6.2MB

      Download
    • memory/4760-311-0x00000000047E0000-0x0000000004802000-memory.dmp
      Filesize

      136KB

      Download
    • memory/4800-637-0x000000000A290000-0x000000000FC06000-memory.dmp
      Filesize

      89.5MB

      Download
    • memory/4800-605-0x000000000A290000-0x000000000FC06000-memory.dmp
      Filesize

      89.5MB

      Download
    • memory/4800-431-0x0000000000000000-mapping.dmp
      Download