55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
128s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-02-2024 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2664	AnyDesk.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeDebugPrivilege	2572	firefox.exe
Token: SeDebugPrivilege	2572	firefox.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2620	AnyDesk.exe
2620	AnyDesk.exe
2620	AnyDesk.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
2620	AnyDesk.exe
2620	AnyDesk.exe
2620	AnyDesk.exe
2572	firefox.exe
2572	firefox.exe
2572	firefox.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2664	1992	AnyDesk.exe	28
PID 1992 wrote to memory of 2664	1992	AnyDesk.exe	28
PID 1992 wrote to memory of 2664	1992	AnyDesk.exe	28
PID 1992 wrote to memory of 2664	1992	AnyDesk.exe	28
PID 1992 wrote to memory of 2620	1992	AnyDesk.exe	29
PID 1992 wrote to memory of 2620	1992	AnyDesk.exe	29
PID 1992 wrote to memory of 2620	1992	AnyDesk.exe	29
PID 1992 wrote to memory of 2620	1992	AnyDesk.exe	29
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2540 wrote to memory of 2572	2540	firefox.exe	31
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2004 wrote to memory of 2860	2004	firefox.exe	34
PID 2572 wrote to memory of 1344	2572	firefox.exe	35
PID 2572 wrote to memory of 1344	2572	firefox.exe	35
PID 2572 wrote to memory of 1344	2572	firefox.exe	35
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37
PID 2572 wrote to memory of 2100	2572	firefox.exe	37

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2664
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.0.782961182\724517948" -parentBuildID 20221007134813 -prefsHandle 1152 -prefMapHandle 1144 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83fd381b-d03e-4629-83fb-93c6a3a5d839} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 1284 14209158 gpu
    3⤵
    PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.1.1137952006\1527565323" -parentBuildID 20221007134813 -prefsHandle 1528 -prefMapHandle 1524 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {71f72cac-78e9-4061-9e3c-367a0703540c} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 1540 ddfe58 socket
    3⤵
    - Checks processor information in registry
    PID:2100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.2.868382581\170951393" -childID 1 -isForBrowser -prefsHandle 2068 -prefMapHandle 2064 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2112dab4-8b9c-484d-bf4e-3010f6cf1f10} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 2080 173d6f58 tab
    3⤵
    PID:1996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.3.1863831869\838557607" -childID 2 -isForBrowser -prefsHandle 1708 -prefMapHandle 1704 -prefsLen 26046 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c79ce389-a90c-4fba-a8ad-25dae1186a8c} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 692 d69658 tab
    3⤵
    PID:1568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.4.1253482075\1149452932" -childID 3 -isForBrowser -prefsHandle 2840 -prefMapHandle 2836 -prefsLen 26046 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c689cba5-d899-4a5c-a2fb-7c66e5495198} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 2524 1c727c58 tab
    3⤵
    PID:2300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.5.896182240\639362273" -childID 4 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f29f7652-b154-47c7-9ea4-d785b3b06f14} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 3676 1e60c558 tab
    3⤵
    PID:456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.6.1027057747\705884089" -childID 5 -isForBrowser -prefsHandle 3664 -prefMapHandle 3632 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2b9212b-c2da-4193-bf87-aabd9a63fd31} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 3696 1e60e658 tab
    3⤵
    PID:436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.7.938707742\1845705251" -childID 6 -isForBrowser -prefsHandle 3788 -prefMapHandle 3772 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd51abe2-dbc7-4cd6-ad7c-f41fa8d50091} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 3940 18e20558 tab
    3⤵
    PID:3056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2572.8.1578090268\1407744338" -childID 7 -isForBrowser -prefsHandle 4272 -prefMapHandle 4276 -prefsLen 26516 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4bf6012-f292-4b8a-9df4-22d97f3b1cbd} 2572 "\\.\pipe\gecko-crash-server-pipe.2572" 4288 1e572858 tab
    3⤵
    PID:3492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:2860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2860.0.1244244800\426794314" -parentBuildID 20221007134813 -prefsHandle 1104 -prefMapHandle 1096 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87d27ac-44de-4afd-9aa1-94df6f8e5070} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" 1168 41fb658 gpu
    3⤵
    PID:836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2860.1.1724697485\1919569394" -parentBuildID 20221007134813 -prefsHandle 1312 -prefMapHandle 1308 -prefsLen 17601 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f3853b3-f59c-4390-bd1c-001e7422e561} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" 1336 3e46e58 socket
    3⤵
    - Checks processor information in registry
    PID:3212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7459758,0x7fef7459768,0x7fef7459778
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1284,i,17402583009629571001,5128488642518295211,131072 /prefetch:2
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1284,i,17402583009629571001,5128488642518295211,131072 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1284,i,17402583009629571001,5128488642518295211,131072 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1284,i,17402583009629571001,5128488642518295211,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2140 --field-trial-handle=1284,i,17402583009629571001,5128488642518295211,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1284,i,17402583009629571001,5128488642518295211,131072 /prefetch:2
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2964 --field-trial-handle=1284,i,17402583009629571001,5128488642518295211,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 --field-trial-handle=1284,i,17402583009629571001,5128488642518295211,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4088 --field-trial-handle=1284,i,17402583009629571001,5128488642518295211,131072 /prefetch:1
  2⤵
  PID:3992

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d93c70ce5a29908e1ad9f05762cfcde1

SHA1
b6ef379de63fb7513badc05a37d097d6a90a85b0

SHA256
1013715957bb2ec1e2ba27101be4a93cbf76c4261eb410f6c0c7ca2c5a196587

SHA512
e049b21316486bb8e6559f1f69227af9d8c0f6b5be1f13bdf0d0802b68d678a1f2bcd4dcfcafc435611ad2fed3e2cf16510383c5cf87a5633173219d1a6b13a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
365fb7135d8d75afd0d08373ee284a67

SHA1
215d72e907c1cd4a655559f8c4981c215bec5ffa

SHA256
ad4e1fcb108dfcd4b66a290619be498193a35351caedc184a525c0ba702c0ea5

SHA512
6a2fafef074101de02807c1fc318bac49de4ef93846df98232d928319df9dc3d7714c51776fd0898d87e22677b81fe5406ed5740ff3214187fc9155e46126c44

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
22365a222afb0456fe02a597cc7bd3a7

SHA1
8cb442bc699a6a093ccb478b487598cd51285473

SHA256
c7bcf18bcbf5900941c9861360d65c8d77321c7664f316c9833635a68685b228

SHA512
9ce0957b7504770235bf4c09afdb0214fc6b2aefd6b1667cf9b38dc3c57cca2e45949158f35dbe5e1f6298600d0d4a020f0d77a4d3b394386f2ac4a1e424e41b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
ca64cffab1d2f5eea85dd10dbbc15c0d

SHA1
3e852dcd125c965c0dab3d8b69958f8640799523

SHA256
3734273c967fd44e309fa786505bdba4b335f400f29814ef2c101796d72d76fb

SHA512
5adfdf5c542fdb63d1f2f16e2488ce9603ef197183ec0e6c49af09eeee66c51b3bdf4b4241a619b10e8f71bf43e0f6d6e82b4473d1e767c55f31a9dcd87b0fcb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
e4f5a83c8c19b59df6947118f1a09cfa

SHA1
90f84e39d93299c8ff46b19bb6a6789bc51a8482

SHA256
159d892e1de8159c76593cc696d84ddd5f016f1660da134ef4c6b86629f1c622

SHA512
16fde8be8c8d89154174543b69a4b67e20c7405f52a1caaa2143c5ae3caec91243f79514b02f9a6d4fc79c03dbb9f19aefa46bb37ea82b6d06ec1f2042dca6db

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
612B

MD5
b1a13d0923db3db49f0754a958a18bf9

SHA1
201bbed7c9c90d179f8929a200aa4ffb718ea357

SHA256
ef1312a8fa0942ba10fc3e31d67e0df3935bc4003aaee63be43e650906e17a8a

SHA512
57a3b197c260e2972e3e8d9e221c0547c37527d68733ac9acb1029322191305104df2df63cfba2b65412d20d12ae0a3932d999a2ca58dc5bfbd9365255f41785

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
733B

MD5
548b9d0565dec2d2e1488f0d57564978

SHA1
1b0af223cfb5ad6d5d3c2fc0a367430e958fa11f

SHA256
8d518afd8b15cddd3a91389e8ec92c7cd45d29b64ec955fe66ca4780de2e7d0e

SHA512
c2e09a135f1f4218d96499896470961851f0861921fd249aaeb9731e487990ca8bbcaa1e5d65958b0e003411b5e3bff1eefafa713da4ca0889f6cda36f716acf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
9db53ceeb30c7a2a4b7da2b1ec795f99

SHA1
303fa4e9dc9451e1bc05aa7fce23b9f9f2c6433c

SHA256
d6a57b3e8c173d4afaea9b8c5f469bc3b68129d40ba54d1e1a5214caaa8d7641

SHA512
9d2de085cb8ca9c14013983042140cc0b44c92953021e4a463f5b8b35d4cfea91756ac13cf3d12e7e2fd0047c8924cb3261dc189d9717bd164b8bfb5f9024f9e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
5aeb40b2b9f12e815ae82b1da4e2a095

SHA1
8ca383c3d2c7cfab5fa4593039beb3524be5ea03

SHA256
3940d08fd98ffb435ea4a55b05c37bc7cdf1355a512be4fc62627488c27090dc

SHA512
5001898ba422b7391b999da93c2d6df6680d7929a597195365421d9931c0759462e2d0b510c7ad75c9b0b6d448362e1dd50282f7ac982841a0d9b0a3332d8102

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
2ddb993e3b7d4a441ad04080c1557058

SHA1
11721a50df7753775286e839e1277bf4ef96f880

SHA256
7be193bd9b6f9bd9ba215c2d0f99c7d555a2122ef56b803e031ef25ce12467d0

SHA512
cd3631b6daa0fa77f6c93c21d5e09fe3ee046c2149a72ea9e49cc65eae161bb1d02fdd17fdf46c1b753cf5f9d81cd26d533815fcc91deae648cecb62c8f8fb1a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f3ca27c611aea4b042e2e74807ea3546

SHA1
36ef9a1d3ecba6d7b51a5dbd1e50d6d804b9a7e7

SHA256
d44c8be8f67ef91500b7132dc0b48e4924e5bf1308c629c3c7ab00c7adbae41f

SHA512
7e26d9a6cbb4f5515d09285452995958d7b8aebe5ce749404d61ac758608523a3d7f97e0e11a82e0e9fed7e1875dbbf03b4074412207e1fc1b566278a7057fc0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
7f1d1f04f7f49a15f12e5af619964c9a

SHA1
e1eb3d628548faa206c5cd6b627ee0724084d3bf

SHA256
36e0a8d3ab872012480b490a8ba0658d277fe8ac16fcc5eb7d9827ee0b88d759

SHA512
271ccc93dbb6d7ccc7779b21d618d60bccea5c826d4e3ed063a74ff0dfc9bce141857a098837858db8d29c363afa7b0dc8ffbe636b73b44c19562d9152cebb05

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
cc76dce292fb83f0e310d6354e050b77

SHA1
24e0817bf0cc624ffbb0d114bf20ed852cede165

SHA256
fdf2586fae7e13b177a879be621f8ab623c4ee0f82234b136755c43ff81d7ee7

SHA512
3f884139231666b327556c37b73fd6d62e1431e913638cf50e5118ba621e82a740c233bc285c7f44b38b789498bd1989f8bc6d7c984a4a5ddae2021b912799e2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
201deedb09df93675da93ad20d447e9e

SHA1
1f46f692f320bda935be83508a70440457b981a6

SHA256
5ea3b6932b780b1e362bb6b198c6c3ad34842cb5b0fcefc992734e6ee8b5ffd3

SHA512
3d1e8f36a56607741f30814711674a7b540b9e538333c2f27c1f76232e6bc24877c139b40646195a62a0d6c70c7b3ba1edb4df7105aec03a1601587c59b4fe25

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
b0757315568d8bacb822b4ce064dea39

SHA1
ae4342e4c9b4ed4198d4d32035cbc2e2f9afece2

SHA256
5f0f0b118bb80c2f68d88e48d854470a86ac633174d054263c979421688b559d

SHA512
5e7467d2b68bc86d76b87a04225a684bfa7c592f2db787adaa0a286d1ff740e3a4a4cf9028e7fad4e81112543e393836eb6a6f404b7867c9b0bb250c71cdf0e3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
0c7f8b7f66850b5009f3a6fe55742315

SHA1
1a0430dcc879868c12b3a0f7d97c14e7b48b5f8c

SHA256
19b59fb0c4bcd6b61b80be607ff23daad3d22f2d33b09a1348dc5137edb1ef08

SHA512
07095bf2d853bf407c0072cf1488ceb0f2634a6747e125e6c595d02e8f8e6566411006eeb1261e6bb65822119cd692963e7e8e33f4c0835435465dd00c24195e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
3f0c151fe83a4306b499e1359075e809

SHA1
af5df0279975d9fb7830ace2e4bfe700bdea3484

SHA256
90619a0f3e438ef9b91657f14105536de72df77fc84a3c863cdd7698d633ed39

SHA512
a0f5d3ea37c1ffd296201f67a0e0a9396868ff991c30beac78d030239ce3e8ab11537d2bfd25f83a15de7a347c3fa65c945c2063548ce26e7c595ddf771153bb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
26bc146c6b3e81c0d5472ec3076b20c3

SHA1
c3eafddf901634cda932b5811275ab6ac17c62fc

SHA256
5ee328f6309bb5704117d86fcb5083db4fe9fc1ef704a670c5815d669ac14aba

SHA512
8ddd04dc19754fbbbb880f65186e261ec167a05cab3d09e0dfa8eb6ae5bf7371704caa1f23896062945b2764305f01355a0d678e2bc880ef6c322c346b452e83

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
f7f851163a2d4f2e7ea07157fb89528c

SHA1
a5b2d956af647a8f8b6c02e5a7d358b7d9c67e70

SHA256
2c0e25e66f5322b5a75ef39af19757234d4046c33a26ee57726d8be282cbb411

SHA512
68861df890bf21cd729ec3960f308841bee9fcb367bd49e327de4a8e1728224c7a806b02efbc4c619a83e837faa9d3be8ebbd5b815855e249bc3cf38c0992dc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
28db28791cadc53c21d542242dbb51b7

SHA1
ff2f022bb0a99eaee86ce8cde2ddddaa00b2b58c

SHA256
1f84760f2975ac495b76fc496b935e042b20c8ae58227bd8ab23879d25920196

SHA512
5bf6019cb9e3b8d424f0e505b668e91293cecb7ca2cdb5d78cc9e3cdd696b3423b5fb447d43c16145941dc9f5cbe9cbda068329b6ca4eb9945c029bb28e7e13e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\pending_pings\29341f0a-5d29-4550-981c-09b09c724b44

Filesize
13KB

MD5
2bf9a469d75eb9f6de386666a5490cfa

SHA1
58f8d909a773301b09071dd798b33e0de50cce70

SHA256
4153ee73118ed3fae2824bd8ac9ff126806259e68881f282bb42276573df782b

SHA512
7c2545cb3d1875281f8d98f70e1e5ca82f37eac4bcb9f69be6ff70217dae14b7d066f01ebaa56b16bd83d07d2a53071baef2f8377ee254942fd8a78cb8ee3d05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\datareporting\glean\pending_pings\f954d1d2-b176-4f84-a981-b058c31ae78d

Filesize
745B

MD5
6c4d70214c6e06ac3532add96c952fa7

SHA1
1d75157ec571814ab4a4a78aa2619a4d25747982

SHA256
19701b6ceb41c11f80bb6ef1cdb70147a51e28c633631818b339931ffa7cf2e0

SHA512
d4125f67f1486c1c018fe0b6971bf273b47c8c1db38f487fb782ad4475c1c305acf9af9d3e0bf816bf2ffd46d4738df64252f190f4eb4a439ccf4119bc65206c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\prefs-1.js

Filesize
6KB

MD5
959b5c86b6180c152b7fcec645f51557

SHA1
f38dfc1f96eeefa7d1349044302266f4f9ff79ac

SHA256
294c0b380d6d1a9213eb572f07fa10d35bd0a3bb88e6aa07dab18c3570e43baa

SHA512
f111fcc1be294629862df846922e5d05d40805d05abdc526c4a45b934851a0bf46299c2a1f7aea740d5cbe23dff94f1a0998f2858a53f4203169d637725e078a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b012ccc467bc5d797a6a4e177d3dfceb

SHA1
f7ec67c8df2bee932daf360c48000878c01517ca

SHA256
3758d965bf535a0adb0cbc6dedff7874d17bb1bcbaeb48e5326af18d2c212c3e

SHA512
1173b4e17d263f9a33065d2c1c9394483b4f26c92dd7722ed206c9662337be5a9b4c9bc6f6c3c5cb2cb0232fe970cdf1583730b84aaf13e0bc9dbbec08298fd1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5c2d684c4b74fd1b82c44df6fbc536d0

SHA1
db1e5825389a167682ccac41fb6fee0f6c12db9a

SHA256
312194a1e64866865e4791e9d788dfcf450d6eaff673c3de707e6d504b9dde64

SHA512
9e4fe53dd47938f27e7268b5f122990a9460a9f194174e1bcc403c8d363623665a9e9bc6b135828e86861114e1de191acc731ef2bd3413fc1455245e1329d55d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
9387238e5ad3b60c8b63b332760dc6f1

SHA1
9026078e69862e3a0170961360079929a7e698f8

SHA256
2482a7c97dfb422eb8be062c4b9aa780f2dd319da7ea7d98fc2ff268b2260a97

SHA512
a161b0239f4bf76a4d2f17be86b9076d22cbdb4f576833fdc6724911f4d3be7acbdb2449d799b55a709216ba2310d72bda18c8ccc5a76b235a0d794201f027da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\14t8eq6w.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
630b41baaa5838f9b8a1051c00f764e3

SHA1
ce7c0a86f81fc80a178f0617118f89e039361d77

SHA256
059066243997f609a24dffc174a1405ac1f291a108cddea4cc8e3a53e22ef656

SHA512
4bf089fb1e1975b0ab63a46fcdfa0fc755469283fe5de21305bcb244e186d00f93563be7b78cc1cca03d97adcf8b0815906d641a574cb1e82933b3ce683f6b2a

Download Submit
memory/1992-144-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/1992-205-0x0000000004B20000-0x0000000004B21000-memory.dmp

Filesize
4KB

Download
memory/1992-0-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/1992-127-0x00000000051A0000-0x00000000051A1000-memory.dmp

Filesize
4KB

Download
memory/1992-126-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/1992-2-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/1992-295-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/1992-396-0x0000000004B30000-0x0000000004B31000-memory.dmp

Filesize
4KB

Download
memory/1992-413-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/1992-19-0x0000000001170000-0x0000000001171000-memory.dmp

Filesize
4KB

Download
memory/1992-4-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1992-30-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/1992-18-0x0000000001150000-0x0000000001151000-memory.dmp

Filesize
4KB

Download
memory/2620-143-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2620-315-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2620-17-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2620-28-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2620-40-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2620-52-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2620-61-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2664-56-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2664-427-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2664-60-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2664-70-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2664-51-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2664-141-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2664-35-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2664-296-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2664-21-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download
memory/2664-314-0x0000000001230000-0x0000000002967000-memory.dmp

Filesize
23.2MB

Download