55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
148s
max time network
158s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
18-02-2024 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133526983589861987"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
224	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1392	AnyDesk.exe
1392	AnyDesk.exe
4456	chrome.exe
4456	chrome.exe
1392	AnyDesk.exe
1392	AnyDesk.exe
1392	AnyDesk.exe
1392	AnyDesk.exe
204	AnyDesk.exe
204	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
4456	chrome.exe
4456	chrome.exe
2908	chrome.exe
2908	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
224	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
224	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of SendNotifyMessage 41 IoCs

pid	Process
224	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
224	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
224	AnyDesk.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1176	AnyDesk.exe
1176	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 204 wrote to memory of 1392	204	AnyDesk.exe	73
PID 204 wrote to memory of 1392	204	AnyDesk.exe	73
PID 204 wrote to memory of 1392	204	AnyDesk.exe	73
PID 204 wrote to memory of 224	204	AnyDesk.exe	74
PID 204 wrote to memory of 224	204	AnyDesk.exe	74
PID 204 wrote to memory of 224	204	AnyDesk.exe	74
PID 4456 wrote to memory of 1580	4456	chrome.exe	77
PID 4456 wrote to memory of 1580	4456	chrome.exe	77
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4896	4456	chrome.exe	79
PID 4456 wrote to memory of 4596	4456	chrome.exe	80
PID 4456 wrote to memory of 4596	4456	chrome.exe	80
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81
PID 4456 wrote to memory of 4124	4456	chrome.exe	81

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:204
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - Suspicious use of SetWindowsHookEx
    PID:1176
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbfe929758,0x7ffbfe929768,0x7ffbfe929778
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2636 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5028 --field-trial-handle=1740,i,13433962257180943887,13653453065890341474,131072 /prefetch:1
  2⤵
  PID:820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4260

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4
1⤵
PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
0fe26de837f17db43605abedc9942a8c

SHA1
4a81062d0d983cc7660e9a8ca88c55cb3bbd8eb2

SHA256
cafdf1c2616a1d2ebd603ead9d4cefa3484dc52cb14b8504129cac53ecd37e1d

SHA512
2f484e13e587ea80e7791af49c28fe8f676dcba98d422de4dc0ca52e76210eef800316ff2e684160d1f2fbd9c0d8793ccabee667ef3d3716f77719c93ee08a02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b0060f275e0617fb240cd2949e47c50d

SHA1
04da6c0c978c94a39b2982f531814704173f2372

SHA256
d1a61fb08b3293ec93876d44fb0d21dd34fa16e67114bde193124a0219dfa066

SHA512
12d2d24dfbf90a074b4e4e01f15c76a838c4fcfc2068ae75cd7215d920e5ea3e3fdb8ed47522e5c781e90923986c0bb9cde587d89b47bcfc7d80e6607c1fddb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ea86ef34c180d4af6f6260811777a8b5

SHA1
50f313daa46b6238c373e1fabc580eece757523e

SHA256
450e398c2bac705680481f8f91528ae8f41b15b989963c74ea74df4a3ba88964

SHA512
28e0d4a5d56d2b3ebea7794b7482811475b72b341792656e9adf2daaa6727ed019c02ac7d9a64ecf5216cc54095012d6b79cc11317d86025e0c42259cb7801f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
67b0f50ed0155a99cbcd7e551785f6e1

SHA1
23c0b7e897b4b648f759865a13f141b4223a4c3b

SHA256
91a2ddd64a2de8978a4cc7fcd3a2a800651fb08b1a3043d485b80dddedfaa763

SHA512
f01b7e94077cfc66243bfa0e0e6c64f39c6fbaf4666da96a0aa2bd2257bd7e489681e3bb1d8552e0baa0a17802621eae0cee0fb522d0f9b0c32b07b3a336b738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
59d29b5d8ecd99dcfc02bca308ec14df

SHA1
936c3f66a7990652fd13cf48a61c94b043616bfd

SHA256
e87bbdd597ae01307b1f57cf4389f23286f6f501a491559a37f271113d4bc6fa

SHA512
f92c52f4a1f1c49d208376ff57648e187376244e7515e36c220eba6a851a826a8bf89efe01ccb8f9844c85dd89b097814a269b5d5042f4f22d5a75531548bd23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2998a94c5abdc1c34c3d4a1916cf9bf0

SHA1
a29215145a444529f8e462e38e4990cea506f0b9

SHA256
08aedff04baecbec6819be7ef1be5437513c2ce0b34e7418daceb8e454ccf2dc

SHA512
521aa730677a2541188273f578bd57e2ed29dddf4a4868efcdefaed2a192ac867d32780650cda05dc475554108ed135eaa7e3a12191d62f6c03a7d319e193059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
341ce24af46efea80e87fe1b4f7a24a5

SHA1
ba91879d191730cccefd8dde33775a098002e5fe

SHA256
983756a0cde1e336fb42aa3f866d2d92ae51c42a2e37c824f35a4c383dda098c

SHA512
2a393b6f5296852ecc88e235598c38f6e19c4db6bc012262f9ea94e338745e3942697320c8432ee9c1e9b876b1c88d7a118fa43d5dc38f94ae762603a1eba4a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
43c7141eda3766e16d54f6c4055bdb07

SHA1
084ae2d198d4ab94ad012e06bf7e74865c5024de

SHA256
908f4ab01a97066cff7b1536302c2a14414b42c955a1780a4a0fc33a2587d1b1

SHA512
e7d49d920415779dbc1ff2a499c7d65d515b17d7683d7fdc59ab687f18caa76a99e57d42bd14a0dd6d43bc25fa791e66162f31bdc01f588dd8cabbb830daf4f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
573bad89cfcd89933eda5240c36ba55f

SHA1
d5b3014a99525f2dee7e2e790a4d8c55f5641b4d

SHA256
3983a7e34506ab9f07a205d3308ebb58693daf279c5a4f768425817093085aef

SHA512
31984d836fa45639348788661766f1f9d1a915b86a3eaa2f12aa2e96eaf879e04b0644c04d1ce8572b79661c5d4bd7d04f1ceab182fa0a33e0566663408c4813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
5cfd965094dfa0bcea3cf5c2733d85dc

SHA1
60165144f5472df250db8121c8c4bee615442cc7

SHA256
89672df7b82b6e30bf803d9048e4d25b1dfb57e4edd08370ebd1039a62323535

SHA512
ff01453a5e71154a21accd395667167305a25886be6c39cc2a895af26f6b2b8b14e7536f650cdc44cebdab88b18b41eecee608369d644cdc04c693be3f9f9066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
dab16c5d15148d49041717ffd9fd8b6f

SHA1
55a12c61bd1a21a22085df7e6d3a0ab8215161f1

SHA256
a19e6935eedee44e21ab72593ed9f037f84876ae6e14a51c2ec9fb34f1e1ab07

SHA512
14e886d0738f8d5b9d262f0324d3d4853207565b91d44266139f89e5fa9ec9770836d81932e791e5aa647f730bd165dfd61cc18b3c6026e114647cc749d70d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
5a2ed8dd45e02cd3d0142d9c8fbdfd4f

SHA1
fc3d306ba79df2ee320b4d5172b8c5c8fc0ccc87

SHA256
f03fa970311de6cb3304492247e09e4babb60084be724292997bc47e97f7e5f0

SHA512
284c10462abe7fc4941bf8d6a1d28335cc50d695970f1e8c2e5d2c81582d4d8bbe0b691be4d8a948bed272711b22de580fec7b9cafd23eed7f5d12414414c512

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
473ea093bfbd970179865713d20a7303

SHA1
33089ddc098e80f2ec526437b4d21c7bc921964d

SHA256
1064d775b390516e58121fe995c6c3f98569c0db6317289601187a0f86ce43f8

SHA512
a47bfd1d14226bd261fdf7d17f7c44ef0d087ffd0728586d93fecc7754a824aa4706117110b0b5b4816004acabcef2125197d4746479b6460b2898032aac85a9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
38KB

MD5
588af0ad850d29c95b6f85a696684d62

SHA1
75e539ab010dfd7b4415f4398975d3b98fb02297

SHA256
efd592c9dc7b9465d52ac9eebbea481b5f4853336f1a8dcc37dabd6d53e42bf4

SHA512
f387a580bc19773f6ce0c566ce8ecdbb3a17dc1388d77bbea02f98507100ae95f8eb89ff26dfa6306ef9e1937f9d40f2488e08ab6d4f4512967667119e9057aa

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
3fffaefcb9583a4ecbc4af5c9e93ef76

SHA1
0eaf4a64fbffe3f961b9fb5112ca04dc0754a6c8

SHA256
b512b32c28922a1ece69477db242af45c153247625f74ae85437dfa576e17232

SHA512
408ba3fd2189ac97000c55a5e2f9dfd612a36c648fd2bbacde94ea91cb6b90808f4a480aec9dd3b110220d762b3574fc42a6ff871f9d4b96682476be01edf449

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
d2dccc2f192943b5e7fa83d7e8eb94e5

SHA1
2adada4dda231abbff189583d9bf8f43bcaab350

SHA256
4e2018632cd54e58e066f2d18aac01a3c4b6db399f8fc78768c910b3f63b56aa

SHA512
32a1630afd6d5343de029bafe24b7730239354fa96341a52173fdf31a82eb02a3a245c9e34a47f1bba76c892bab345c36d2e8ea2563661f0b140b8d0a8e3d5a8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
676B

MD5
004f441924dc2635e888e8a86388963e

SHA1
3c479457111e49c0f53f3fda0a3e297151fa5736

SHA256
5282b5fef56dab18f7d9c3cd1c2aa5f2d5ea04498350334696f03ab857c9c4a8

SHA512
6bb9ee93da00a6e2e9a2c5ee3665112c999452641e026b26932f295e504843988fccbcd4795f289898f6e3790c6dc980f0f21342ce2ee3cab2bb27af18fde133

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
733B

MD5
aaac65ed4a27b69d1f7380009b59d310

SHA1
97017a043f478b0c98cc6d8acf9aa5273a26993d

SHA256
53de4a91b081f4dc30bd865edc3c2ebd89e9581e4eef32b9da340b07cf8e706f

SHA512
d6535d80355a0b5402023508f783ca0ce9de37908c67fea2eb34c0482a924ce44c2da5e5f6b03fc9cdc3f04b96e1fa2d7e96005e9c13d488badb946bda1d260d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
3e4c3f72821a9cd4e5d20d48c1480cc2

SHA1
172367f747702a1d8cb50d421c3a2749e02e82fc

SHA256
a6938a81d88b3085567e3bd17d28ad54baed38b7041f174479ac329647b6be03

SHA512
a6defa16798460b6625d5511829938f57b0238772c8dc57822479235f3776cce1c094d6a92d46f3f18a35e5a4dc8b6a2e4d868a73aa941faed7a8b1123c7a6c6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
f543eec74f824b7f54764b9f25cbc893

SHA1
a1d21198a58a7d8a98d0b6ee89e4ccf6f030cb80

SHA256
d448838d2bf94737a01e090c116a054b09f2b4d56b11d576fe82203451382d45

SHA512
072afd2383bc615425b9ea6b3747eb592deb8b72f8206c6176f97bf1ad2c0232371eba989cc41e4825f487f76aa5e90a71c4b4042d1ea587092ba8ffabedfa07

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
15b5ebbb3374f59ca9d046a6aafd12c4

SHA1
5ed370e03d7fec2ffc7110d4f0da2e3cf3634e23

SHA256
d0ac3198db9caefe5fc6b1bd5484a8c6f481e7eeebb6cd16dddff9db7d5e67b2

SHA512
00dda5c33be833b006cb111cdd8657caac66543ab0f67039b7e06f5385a4c913bb3b57d53080533943ce9690f40eecdcf07dc0d1a14958a0b70df85cd7ad004d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
55d26b8dec8f251de4dc5c96ff41437f

SHA1
6188ef9c2f8b0927cc3a07c23a5358f4a23784c4

SHA256
ab33b09cb951f4c4c95e153ff92931df1f568c3658413f32a241060c5b624ca0

SHA512
6b55634b7cbf4d1361d1385d46a3707a1496c71822b66bad0400b7a8936b2143a3ff5b90126b0989ee0584a916b8f75b3e5a7887b74a08975b15133ba0b40ce0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
5730b23957fee6675309abe872ae71ef

SHA1
b08039f5eaa5aeabc742764cbdd5ffccba030e45

SHA256
c1d09e3fc57b9dfc974e32333a05a82b37fa6f869bb6240b95580a404c0cacac

SHA512
fc35d872431a42c564b9ffd4b44b7be36ea1bf4fc13954f84fe48be521115a5bfd4e0e67cbd194dd7d924b3626eb6dd483c1acb7e69d72c587855e3a616d88b9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a95e2f30590a59da1de135a5de2c47e4

SHA1
445f7f37e2c3df8351fc1207510e3565de86f676

SHA256
14f6d747273d44be5a40d9c0720a64915efbdbe7409561034a927c6f651d81c5

SHA512
4c4e66173c47c58d8318e8c030fa96dbe117824c35da54655b938d47933213a2268f57c80290045d081836c4f0f585d57e18bb97e680addef60fe2c970a0824f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
e1d54c2d3454254ea10ec6213c74b7ba

SHA1
c11fa8ff3db3bac7aaf005ea3b17ac78042a27be

SHA256
a17a87e7b2bbd9c8104c69a504ffe7d611c84c9b98ec5d1eeee5cfe0f3a6cfbd

SHA512
36ffa285d975bfd11e52c68ded725ad3d0ec4103467b139a00d87f760aff3222e9565522befc63c596cbc23a3f951507556eba8484c5b3205120b2248c18b2c2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ccb85ba95bd3b45b6b5b2a1c98a4f46

SHA1
41e4bec423b8f9001e55dc98cabdcb1426305dd6

SHA256
600008fe4c3e7855fec5efe7cfeceb8740e783a481486db455213fe6a17a7872

SHA512
7508caf0147c722e695133dcb4a8fafa863ff4dfb8c817ef4a86d6058028a97dd3a18b1c9602c3b56e741002242b6315fa4f37c4d83d7f82b9821f2c6cd234ae

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fa6fce4d6e90c6eb156df038f4fbae1e

SHA1
601d4e035dfd21f4e0ba7acf635d8200364d4b2d

SHA256
d931202c4a081b14105d7efbe8f738f5c344bdd2845aa0641f062b02207b9cf3

SHA512
f7324d37aea1a62e1656198e737ca877aca2a7ebad3d8e9b568d41a9ec3a4a4ef3906e6d33433e31aa06597cd369dc4c97289d7b0897d0ce89a258258d1e5a2b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
7ed205d20f1fb97ec17922842cdba25d

SHA1
721a0e51c68cad6dacadce993512d76d031bb0b4

SHA256
2370f52dce553173f26accf9986fdb62a41788209e04eb8030bb8f16515b2cd1

SHA512
02c85a268f3ab6dde6e2240d2597bc8948164f181fb54546f3ebfa78c4946527517f745c69f02c16a17d1348770bbf2d30b65d0764b38ce901b7885568c4cc84

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
49ff21db89a73ea6f0ed41cb166f00a7

SHA1
6ad924e7e35248d59dbd7c75e2622d435a63a04c

SHA256
2edd37c8540c7f585e34929a55efc9d712cbe5a33920acfc75e452314cf0963d

SHA512
403609a27d72fac81b8e2026297a0d4a183a1e0aab8cb979f3a9e74106462aec3c50adf14d25931936d367ab045bb21359a91c133093adc129b80f47e78be871

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
e6a6d96f33ad5e090df1cfc0272e42f5

SHA1
da00d3fc8831f5f262870f5b0d902265d8999fdf

SHA256
b67f1bf3362dd815e6a68852a303b52724b210a9365f0c3206a689ba820db544

SHA512
c3acd9f206d85be1b8284ffc30d8efbc32425ba1735437e499e67a0e05838fb020065ec086ced930f0f1a78e9f51896812d53d57c2f2d457520a8ec6120fe07d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
2fdd6b2132c0d7e21e278c5c4601b638

SHA1
3191761f0e26faedfe01d1d784e3a2d9b30f4fa4

SHA256
ba8b83d437f3ff34c876a0efdd0b1d6656b46e89eba37ef3e9825ff5b56ffc72

SHA512
5752ad8724df33810f9fa793138c4a2fdfef2622733a830a22383f66e648eac47c4ea17a5be02b223e2c2bcd9b23a787ba63eb12eb630a6f7d628298f134ce33

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
74584d406dacd828d8e80fcc0e3d31b3

SHA1
a0fb98506c433ac3c104510987f574686be2fd70

SHA256
d7f1e82e8620264274e6b8af9e523985a4a60eb586c536e2db4f2db1a5c8114d

SHA512
17b7d28576de0d02780ae18aa90753cccfb8d59dc926f92342121a25ea647acc9932fe9c8ade622faaf465a4ac4ba9f44f107c6829ae51236df3f264b3094dc4

Download Submit
memory/204-272-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/204-115-0x0000000007080000-0x0000000007081000-memory.dmp

Filesize
4KB

Download
memory/204-236-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/204-25-0x0000000005A10000-0x0000000005A11000-memory.dmp

Filesize
4KB

Download
memory/204-85-0x0000000005B10000-0x0000000005B11000-memory.dmp

Filesize
4KB

Download
memory/204-426-0x00000000071C0000-0x00000000071C1000-memory.dmp

Filesize
4KB

Download
memory/204-385-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/204-427-0x00000000071B0000-0x00000000071B1000-memory.dmp

Filesize
4KB

Download
memory/204-22-0x0000000005A20000-0x0000000005A21000-memory.dmp

Filesize
4KB

Download
memory/204-239-0x0000000007090000-0x0000000007091000-memory.dmp

Filesize
4KB

Download
memory/204-4-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/204-362-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/204-1-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/204-0-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/204-346-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/204-345-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/204-343-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/224-351-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/224-341-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/224-13-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/224-30-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/224-416-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/224-252-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1176-311-0x0000000005970000-0x0000000005971000-memory.dmp

Filesize
4KB

Download
memory/1176-329-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/1176-325-0x0000000005C00000-0x0000000005C01000-memory.dmp

Filesize
4KB

Download
memory/1176-324-0x0000000005BF0000-0x0000000005BF1000-memory.dmp

Filesize
4KB

Download
memory/1176-326-0x0000000005C10000-0x0000000005C11000-memory.dmp

Filesize
4KB

Download
memory/1176-328-0x0000000005C30000-0x0000000005C31000-memory.dmp

Filesize
4KB

Download
memory/1176-317-0x0000000005B70000-0x0000000005B71000-memory.dmp

Filesize
4KB

Download
memory/1176-327-0x0000000005C20000-0x0000000005C21000-memory.dmp

Filesize
4KB

Download
memory/1176-330-0x0000000005C50000-0x0000000005C51000-memory.dmp

Filesize
4KB

Download
memory/1176-332-0x0000000005C70000-0x0000000005C71000-memory.dmp

Filesize
4KB

Download
memory/1176-331-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/1176-288-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1176-315-0x0000000005B50000-0x0000000005B51000-memory.dmp

Filesize
4KB

Download
memory/1176-339-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1176-457-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1176-322-0x0000000005BD0000-0x0000000005BD1000-memory.dmp

Filesize
4KB

Download
memory/1176-316-0x0000000005B60000-0x0000000005B61000-memory.dmp

Filesize
4KB

Download
memory/1176-344-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1176-314-0x0000000005B30000-0x0000000005B31000-memory.dmp

Filesize
4KB

Download
memory/1176-313-0x0000000005B20000-0x0000000005B21000-memory.dmp

Filesize
4KB

Download
memory/1176-295-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/1176-312-0x0000000005990000-0x0000000005991000-memory.dmp

Filesize
4KB

Download
memory/1176-318-0x0000000005B90000-0x0000000005B91000-memory.dmp

Filesize
4KB

Download
memory/1176-310-0x0000000005950000-0x0000000005951000-memory.dmp

Filesize
4KB

Download
memory/1176-435-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1176-323-0x0000000005BE0000-0x0000000005BE1000-memory.dmp

Filesize
4KB

Download
memory/1176-333-0x0000000005C80000-0x0000000005C81000-memory.dmp

Filesize
4KB

Download
memory/1176-289-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1176-321-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/1176-319-0x0000000005BA0000-0x0000000005BA1000-memory.dmp

Filesize
4KB

Download
memory/1176-420-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1176-409-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1176-413-0x0000000006230000-0x0000000006231000-memory.dmp

Filesize
4KB

Download
memory/1176-414-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1176-418-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1176-320-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/1176-417-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1392-415-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1392-251-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1392-421-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1392-33-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/1392-404-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1392-429-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1392-350-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1392-436-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1392-12-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1392-340-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1392-458-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download
memory/1392-292-0x0000000000A00000-0x0000000002137000-memory.dmp

Filesize
23.2MB

Download