fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2023 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

3.8MB
MD5

e546506082b374a0869bdd97b313fe5d
SHA1

082dc6b336b41788391bad20b26f4b9a1ad724fc
SHA256

fc19f3275d02764cf249dc6fe8962e06b83a4f5769cc369bc4f77b90c567df18
SHA512

15a8d7c74193dffd77639b1356ccbe975d17de73d0d6d177b8ecf816d665f620adefcded37c141bac0b2d8564fbba61aca4d9b01885740f23fbcc190515cbd08
SSDEEP

98304:uSCb8xJlb0VgU/vZaZKa4opQILfbsLajDMWEeq7PbUs6En5:uH8HCOUZakpAbjbsLsMmqM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

AnyDesk.exe

pid	Process
2236	AnyDesk.exe
2236	AnyDesk.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

AnyDesk.exe

pid	Process
4580	AnyDesk.exe
4580	AnyDesk.exe
4580	AnyDesk.exe

Suspicious use of SendNotifyMessage 3 IoCs

Processes:

AnyDesk.exe

pid	Process
4580	AnyDesk.exe
4580	AnyDesk.exe
4580	AnyDesk.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

AnyDesk.exe

description	pid	Process	procid_target
PID 4924 wrote to memory of 2236	4924	AnyDesk.exe	84
PID 4924 wrote to memory of 2236	4924	AnyDesk.exe	84
PID 4924 wrote to memory of 2236	4924	AnyDesk.exe	84
PID 4924 wrote to memory of 4580	4924	AnyDesk.exe	85
PID 4924 wrote to memory of 4580	4924	AnyDesk.exe	85
PID 4924 wrote to memory of 4580	4924	AnyDesk.exe	85

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4580

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
0736ac6dc7badf9fb9b30b9a5b722b5a

SHA1
78a95efb43942cb0bbbe3dfb2ce79bc37fe30a94

SHA256
e66c1a2529f3888d08492b81d002316ba0338b4e97b9e01546101b434bcfa142

SHA512
112c1f8fc784f1913c9dc4716d553bc2bc47dfdaa5c1c69c2d86e7ee22de2ec7294cc2f1eb761c32c1e30ccc393bfc3828f3282b31f08b7301d663c64a6e4ddf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
0736ac6dc7badf9fb9b30b9a5b722b5a

SHA1
78a95efb43942cb0bbbe3dfb2ce79bc37fe30a94

SHA256
e66c1a2529f3888d08492b81d002316ba0338b4e97b9e01546101b434bcfa142

SHA512
112c1f8fc784f1913c9dc4716d553bc2bc47dfdaa5c1c69c2d86e7ee22de2ec7294cc2f1eb761c32c1e30ccc393bfc3828f3282b31f08b7301d663c64a6e4ddf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
3e3e78f3df1718e20eae8cf28c123e8b

SHA1
465fceb08965129108552cad9dbe475f0059aa9c

SHA256
0b47854ec96b793bfff369135a9073be202dfa02eb169e92ed4e32d8b3b8a54b

SHA512
7ab982d8e30a097a3da27a56eb21fec8357b7ba691308299bd7e1c3a575c6538f7fa8d3ff0ab1243f62de39cbfdf6b0be2ec50436acc364a2d08df1337227986

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
3e3e78f3df1718e20eae8cf28c123e8b

SHA1
465fceb08965129108552cad9dbe475f0059aa9c

SHA256
0b47854ec96b793bfff369135a9073be202dfa02eb169e92ed4e32d8b3b8a54b

SHA512
7ab982d8e30a097a3da27a56eb21fec8357b7ba691308299bd7e1c3a575c6538f7fa8d3ff0ab1243f62de39cbfdf6b0be2ec50436acc364a2d08df1337227986

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
cdf6ffed0575b47638401234a1f0f699

SHA1
ecb8df659869cabf3dc49a616b3e0fa702dab07d

SHA256
1ac95fa0758e4c2d3a4f27a097ee09e667cc0b75ae75fe0613dc432f1e1839fa

SHA512
d120c34d5fb086424b4f93648522f237cf9d9e2d7610afe516ff16f3e2d8c86e3c182610324da1e8389e9ce6a5e8ed0b1d8bf48a5c3532fb37f3275919efc2bd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
312d262b2cc258858e98b286d149b304

SHA1
5ea2a191e69bf04192b696a5211c73e1f36a755e

SHA256
bd523281292e64cf344a524a10436afb91ed372d4e2c988d4058e2401a9ebb1e

SHA512
4fb8de560aecf4f9718f2ca2f9aa1e74ee0e85853b8629f445e27eae8717727d6457b6a7fb30166c7e4b12467d8e929a2353a24021173cf67398b6e8c3c7f902

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
312d262b2cc258858e98b286d149b304

SHA1
5ea2a191e69bf04192b696a5211c73e1f36a755e

SHA256
bd523281292e64cf344a524a10436afb91ed372d4e2c988d4058e2401a9ebb1e

SHA512
4fb8de560aecf4f9718f2ca2f9aa1e74ee0e85853b8629f445e27eae8717727d6457b6a7fb30166c7e4b12467d8e929a2353a24021173cf67398b6e8c3c7f902

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
312d262b2cc258858e98b286d149b304

SHA1
5ea2a191e69bf04192b696a5211c73e1f36a755e

SHA256
bd523281292e64cf344a524a10436afb91ed372d4e2c988d4058e2401a9ebb1e

SHA512
4fb8de560aecf4f9718f2ca2f9aa1e74ee0e85853b8629f445e27eae8717727d6457b6a7fb30166c7e4b12467d8e929a2353a24021173cf67398b6e8c3c7f902

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
680B

MD5
e436d81ebe3d1498c645a1a6fd30cd8a

SHA1
9988997a310e79d33d5efe9a07a309cade0956ba

SHA256
5775285222b6cfeeb64ac4627d07b3d53aa4a7c6400c4c3ca7ebb4e5b80b86a8

SHA512
2927716810c6b616f39190733c711584661c8b6e5c6c0446cf7e01ac178e90ca8ddf831cfdfad0d4702a4352643aeee22fd0c43664c1ebb0a74b390516d6dc36

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
680B

MD5
e436d81ebe3d1498c645a1a6fd30cd8a

SHA1
9988997a310e79d33d5efe9a07a309cade0956ba

SHA256
5775285222b6cfeeb64ac4627d07b3d53aa4a7c6400c4c3ca7ebb4e5b80b86a8

SHA512
2927716810c6b616f39190733c711584661c8b6e5c6c0446cf7e01ac178e90ca8ddf831cfdfad0d4702a4352643aeee22fd0c43664c1ebb0a74b390516d6dc36

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
737B

MD5
c51a27ce01454c86c233eeb4e119c08a

SHA1
60e6011cb93ec2be2d405c627acece78f5e922ff

SHA256
a8203873597f98ecbc2218a5328e2db6e2416fd138d9057c8c9e1f2574d7530c

SHA512
baca3610937240084885c6407642f7ed7a71572cb1d2f9ff230c3ebc2cdca8ae5c23d6e06d98742a277dd626dede68ede4cbd0428bd638f527a514a81a0312ba

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
801B

MD5
a9431c68e570d270f74777660632d9b2

SHA1
02a307c056f4d64ec486f862f6e14f392e62f047

SHA256
73dde5b2f7fda40045fc0d9bbb379f61f9a8828991850afc813731ab933022f8

SHA512
13ddbbf2202db1a5c6231d6a45bbd21c79979d1a99222ff4c6ef34d1c3b0444771ae39632e3a58b1a8db6c2b976b838f91d399c92f04b91545373c678cc0e5b4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
848B

MD5
78501988ecca3039d0eb0453fb6c10fc

SHA1
dcdf3dfef98a775cdb700b02c57f5180ea981323

SHA256
62af30cecd609f6e44115a0880a177282163c62f668e060cd45c9c91b84e0527

SHA512
200f885f58283add7f547b8bf82e6890fd18c9642a9f3846fd979b883ce5d66769ae8955c88d7f6b7965abd19aadb2d8b140722e1549887a9286a61778a33066

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
848B

MD5
78501988ecca3039d0eb0453fb6c10fc

SHA1
dcdf3dfef98a775cdb700b02c57f5180ea981323

SHA256
62af30cecd609f6e44115a0880a177282163c62f668e060cd45c9c91b84e0527

SHA512
200f885f58283add7f547b8bf82e6890fd18c9642a9f3846fd979b883ce5d66769ae8955c88d7f6b7965abd19aadb2d8b140722e1549887a9286a61778a33066

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5e77f7952883c03fb4b080c5b85019ee

SHA1
662b791cf66fab39db29f1b80239585fc88ef0e3

SHA256
d04c89c290db285e1631aa79f7972775a925569416092d9b0ce925cf54712aac

SHA512
1238df7b614e01a8f3fff10256b8098efda800c1d560fc4b5ec84ec832d6a3ca72a51fc14a12dc435f02573b3793de39134b02e89bb4b97942be926c2acec14d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5e77f7952883c03fb4b080c5b85019ee

SHA1
662b791cf66fab39db29f1b80239585fc88ef0e3

SHA256
d04c89c290db285e1631aa79f7972775a925569416092d9b0ce925cf54712aac

SHA512
1238df7b614e01a8f3fff10256b8098efda800c1d560fc4b5ec84ec832d6a3ca72a51fc14a12dc435f02573b3793de39134b02e89bb4b97942be926c2acec14d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8ab48d46416c7adbed849203b73ae42a

SHA1
8f6ef2c859afbfb820b0c14b3666a4ec026c7cbd

SHA256
9bf8a6c6084d33caf2679e6610969292d3e79adc088dcd1152146284c71d999b

SHA512
d20f3fb2d9958bf6e005584a92e5c8cc28629b5859f527e3f8cb0e4745af066dad57435dce013564b4bbf63427280138e6311cba8983ed6449e16b9cdbbf96fd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8ab48d46416c7adbed849203b73ae42a

SHA1
8f6ef2c859afbfb820b0c14b3666a4ec026c7cbd

SHA256
9bf8a6c6084d33caf2679e6610969292d3e79adc088dcd1152146284c71d999b

SHA512
d20f3fb2d9958bf6e005584a92e5c8cc28629b5859f527e3f8cb0e4745af066dad57435dce013564b4bbf63427280138e6311cba8983ed6449e16b9cdbbf96fd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8ab48d46416c7adbed849203b73ae42a

SHA1
8f6ef2c859afbfb820b0c14b3666a4ec026c7cbd

SHA256
9bf8a6c6084d33caf2679e6610969292d3e79adc088dcd1152146284c71d999b

SHA512
d20f3fb2d9958bf6e005584a92e5c8cc28629b5859f527e3f8cb0e4745af066dad57435dce013564b4bbf63427280138e6311cba8983ed6449e16b9cdbbf96fd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8ab48d46416c7adbed849203b73ae42a

SHA1
8f6ef2c859afbfb820b0c14b3666a4ec026c7cbd

SHA256
9bf8a6c6084d33caf2679e6610969292d3e79adc088dcd1152146284c71d999b

SHA512
d20f3fb2d9958bf6e005584a92e5c8cc28629b5859f527e3f8cb0e4745af066dad57435dce013564b4bbf63427280138e6311cba8983ed6449e16b9cdbbf96fd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a0a8a9f77a6bad0aea51a3abca944b9a

SHA1
bbce6e719763d5fc926b86812e1525e466c1dd2d

SHA256
e217c427e0045b8808fc6753c946fa14316ec88df5faf64427a46baa713d0452

SHA512
b6ee8597da8dd4b5b6ad6826db803eccb9358ce00ced1413937fab1eb908070a86283dd113aa62c50e2e3473fef35dd0feb07a0aad086202a25c9d2e0f81b25e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a0a8a9f77a6bad0aea51a3abca944b9a

SHA1
bbce6e719763d5fc926b86812e1525e466c1dd2d

SHA256
e217c427e0045b8808fc6753c946fa14316ec88df5faf64427a46baa713d0452

SHA512
b6ee8597da8dd4b5b6ad6826db803eccb9358ce00ced1413937fab1eb908070a86283dd113aa62c50e2e3473fef35dd0feb07a0aad086202a25c9d2e0f81b25e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a0a8a9f77a6bad0aea51a3abca944b9a

SHA1
bbce6e719763d5fc926b86812e1525e466c1dd2d

SHA256
e217c427e0045b8808fc6753c946fa14316ec88df5faf64427a46baa713d0452

SHA512
b6ee8597da8dd4b5b6ad6826db803eccb9358ce00ced1413937fab1eb908070a86283dd113aa62c50e2e3473fef35dd0feb07a0aad086202a25c9d2e0f81b25e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a0a8a9f77a6bad0aea51a3abca944b9a

SHA1
bbce6e719763d5fc926b86812e1525e466c1dd2d

SHA256
e217c427e0045b8808fc6753c946fa14316ec88df5faf64427a46baa713d0452

SHA512
b6ee8597da8dd4b5b6ad6826db803eccb9358ce00ced1413937fab1eb908070a86283dd113aa62c50e2e3473fef35dd0feb07a0aad086202a25c9d2e0f81b25e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fe062d101e6ef4047990e56086b4a450

SHA1
322a343bb988577e370ee5ae5477a702a0a74941

SHA256
bdd4399da9fd2a3e7d9fdde84e2d8fce8576b958edd9c0b233a2480aba0eae5a

SHA512
23dc5242347897251fc64e55f8b6316d35673b296336ea105248937df5f9c57b758de03aef7215d4e45bd0345235d68dabf7468ba10f871c25676444d45c8376

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fe062d101e6ef4047990e56086b4a450

SHA1
322a343bb988577e370ee5ae5477a702a0a74941

SHA256
bdd4399da9fd2a3e7d9fdde84e2d8fce8576b958edd9c0b233a2480aba0eae5a

SHA512
23dc5242347897251fc64e55f8b6316d35673b296336ea105248937df5f9c57b758de03aef7215d4e45bd0345235d68dabf7468ba10f871c25676444d45c8376

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fe062d101e6ef4047990e56086b4a450

SHA1
322a343bb988577e370ee5ae5477a702a0a74941

SHA256
bdd4399da9fd2a3e7d9fdde84e2d8fce8576b958edd9c0b233a2480aba0eae5a

SHA512
23dc5242347897251fc64e55f8b6316d35673b296336ea105248937df5f9c57b758de03aef7215d4e45bd0345235d68dabf7468ba10f871c25676444d45c8376

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fe062d101e6ef4047990e56086b4a450

SHA1
322a343bb988577e370ee5ae5477a702a0a74941

SHA256
bdd4399da9fd2a3e7d9fdde84e2d8fce8576b958edd9c0b233a2480aba0eae5a

SHA512
23dc5242347897251fc64e55f8b6316d35673b296336ea105248937df5f9c57b758de03aef7215d4e45bd0345235d68dabf7468ba10f871c25676444d45c8376

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fe062d101e6ef4047990e56086b4a450

SHA1
322a343bb988577e370ee5ae5477a702a0a74941

SHA256
bdd4399da9fd2a3e7d9fdde84e2d8fce8576b958edd9c0b233a2480aba0eae5a

SHA512
23dc5242347897251fc64e55f8b6316d35673b296336ea105248937df5f9c57b758de03aef7215d4e45bd0345235d68dabf7468ba10f871c25676444d45c8376

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fe062d101e6ef4047990e56086b4a450

SHA1
322a343bb988577e370ee5ae5477a702a0a74941

SHA256
bdd4399da9fd2a3e7d9fdde84e2d8fce8576b958edd9c0b233a2480aba0eae5a

SHA512
23dc5242347897251fc64e55f8b6316d35673b296336ea105248937df5f9c57b758de03aef7215d4e45bd0345235d68dabf7468ba10f871c25676444d45c8376

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fe062d101e6ef4047990e56086b4a450

SHA1
322a343bb988577e370ee5ae5477a702a0a74941

SHA256
bdd4399da9fd2a3e7d9fdde84e2d8fce8576b958edd9c0b233a2480aba0eae5a

SHA512
23dc5242347897251fc64e55f8b6316d35673b296336ea105248937df5f9c57b758de03aef7215d4e45bd0345235d68dabf7468ba10f871c25676444d45c8376

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fe062d101e6ef4047990e56086b4a450

SHA1
322a343bb988577e370ee5ae5477a702a0a74941

SHA256
bdd4399da9fd2a3e7d9fdde84e2d8fce8576b958edd9c0b233a2480aba0eae5a

SHA512
23dc5242347897251fc64e55f8b6316d35673b296336ea105248937df5f9c57b758de03aef7215d4e45bd0345235d68dabf7468ba10f871c25676444d45c8376

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
51362fffba3fcbe2e7390244776b0ee5

SHA1
2d86e132f565c80bff47f22fe52184cce5f2fdb7

SHA256
1fa640c2593d3204ce20f967d9effba781b0ce22d1983da330687228de42ac19

SHA512
27217999010ecd67aa38e8d13ac46bf8f0e8eba9862e4677c6fffa47a7afc2a0d9aa5edb6b623774881d811505e7f1c60631d480ac95ee708268348b3342dd8b

Download Submit
memory/2236-149-0x0000000000B10000-0x0000000001B8E000-memory.dmp

Filesize
16.5MB

Download
memory/2236-325-0x0000000000B10000-0x0000000001B8E000-memory.dmp

Filesize
16.5MB

Download
memory/4580-161-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/4580-148-0x0000000000B10000-0x0000000001B8E000-memory.dmp

Filesize
16.5MB

Download
memory/4580-326-0x0000000000B10000-0x0000000001B8E000-memory.dmp

Filesize
16.5MB

Download
memory/4924-133-0x0000000000B10000-0x0000000001B8E000-memory.dmp

Filesize
16.5MB

Download
memory/4924-159-0x0000000004C30000-0x0000000004C31000-memory.dmp

Filesize
4KB

Download
memory/4924-160-0x0000000004C40000-0x0000000004C41000-memory.dmp

Filesize
4KB

Download
memory/4924-135-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/4924-324-0x0000000000B10000-0x0000000001B8E000-memory.dmp

Filesize
16.5MB

Download