55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
147s
max time network
142s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{99FD978C-D287-4F50-827F-B2C658EDA8E7} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000a016ee9ef477da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 01000000000000000078f09ef477da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{920E6DB1-9907-4370-B3A0-BAFC03D81399} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 01000000000000000078f09ef477da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{16F3DD56-1AF5-4347-846D-7C10C4192619} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 01000000000000000078f09ef477da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 01000000000000000078f09ef477da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{08244EE6-92F0-47F2-9FC9-929BAA2E7235} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 01000000000000000078f09ef477da01	AnyDesk.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000a016ee9ef477da01	AnyDesk.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2128	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2120	AnyDesk.exe
2120	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2120	AnyDesk.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2128	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe
2820	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
2128	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe
2128	AnyDesk.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2176	AnyDesk.exe
2176	AnyDesk.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2120	2820	AnyDesk.exe	28
PID 2820 wrote to memory of 2120	2820	AnyDesk.exe	28
PID 2820 wrote to memory of 2120	2820	AnyDesk.exe	28
PID 2820 wrote to memory of 2120	2820	AnyDesk.exe	28
PID 2820 wrote to memory of 2128	2820	AnyDesk.exe	29
PID 2820 wrote to memory of 2128	2820	AnyDesk.exe	29
PID 2820 wrote to memory of 2128	2820	AnyDesk.exe	29
PID 2820 wrote to memory of 2128	2820	AnyDesk.exe	29

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Modifies data under HKEY_USERS
    - Suspicious use of SetWindowsHookEx
    PID:2176
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
9d50ac4aa4411c45ed5d5b606d28ff0a

SHA1
eec8c5bb3ed797bc8347fb793fe9e9ef5ba4ded0

SHA256
af14ff0684e6ecd49945ae59593be04723e42d73f3351dadfd4978b5527a6d72

SHA512
1f740c4c2233fe0ca2c1274a82a073492744f1e0c3584290b86a65d9033bcfa98f2c776ec475b3c8009ec196f95af3e8b8c65b264e5c2aca7cbcd26ee6a7f613

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
d92f3fb879cc968ba051e2a8f9cfd92a

SHA1
f18dee616f45d3c1f59ece7790de6070179d2278

SHA256
10e2ca6fe4668d50038f44052a2ee09b577617427e9bbc081aa47e80f4b3117c

SHA512
6141eec3ca9cb14ae7c114fc4e2819992906fd3546653a5694c6002a7e6a91cf1c900f50db986fff4b90e86f78a0172be591d794e367f1c836e791a912d28c72

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
41KB

MD5
9fb6539d92a8c261f11a52cc933a89f5

SHA1
171dbb32f169a2a9865ce8774e8d0f8d1f0eb466

SHA256
899fa929be94b59d437be48c8f541977d81b351f26be3a27121e753e16ae4510

SHA512
0cefe35bba8fa17a5be7b4633e1b4482a399ef385f1e020971e7e513d29a918adf1bec23e692fcee19a14c6a317ae8562b674f1bd57959864bbbaea282f0f810

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
3f62fe770fb514aabb63858ff0729756

SHA1
c5372d05ee1ce4d0a3ae9787090e6f6c59c1212a

SHA256
063a716f0035938ee9795463bdf834fa114e88fe91f34bd2b363b4fb12778ee0

SHA512
7ffb05fa7e4a980406faf91d0ef0b3e17129b0c89340094479586cfabdc75fc071716fad3db29f8e528d701f3f79082e3ba2c92c9f05bf582b0e1d88f198cfe8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
fbaf791c715439e2aa416af9799d9440

SHA1
78ae25d6e3fc75516d3b57d24beb7a3096572549

SHA256
25a464e525b2bd758b28eccaaf221bac9df4d66ee5cf18a99a48ee1874431671

SHA512
5b9e9ff4f33a307b6c3821c8a786ef69503c8ec8cf3e6800019cb6154a43c60b5d56f86d36af1662f4692ff7af99709c2c7fcea4bf84144286715ec425561ada

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
e117cb9dba745288cbdd9db1ae2253b4

SHA1
3d4c11ba473dc3f530e5f8f379ef959225feee0d

SHA256
4c5f8022e32e4be2797c36ebcb3742daea44f3d414ae1266c75b97fd132e68e4

SHA512
2078ad0979893e419805f7c39df15039225f552d56eed9251291a296dc419fe780e64f45cd98657613ae5520a91f0c940be6993030f9d8a3e812a541c437a55c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
c5c4b721b742177dc861a6928c530d06

SHA1
1979e3fe27db3092e8515cd4c83709ca741247d2

SHA256
f357e002b65416c70bda36cc57c774e44dc28527b00d567e8cb225fc50125af6

SHA512
6d43b79efb3773c5de8a57ce1e5ea0937cc84b8548d4700cacba847781fcd50c0dcff8d6d510c8696b064c4405eb915fb2e3f0d6726e6df24da85c8fc2e27534

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
d1e5ed7d2b3f513e04fa349b3bd5d963

SHA1
f4af813fffd601ccfdb2b4c3a4f7649b3144a1b0

SHA256
f7d36c8442b8d5c04c3a8437a4dc2012fd1e9d9b357ead272d9912eed57c9038

SHA512
f60eefc7c2016130cbbdc170886831d2eb821e94bcc8b7df51f3c7b197a9bd1701fdecd7bafe09feebaf1f8f660e5012e540b21bcc60f5c4584d63a4f086cedc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
68534871cc7a93398796859f2fd7d076

SHA1
5fea1aa2dbd8fb7bc94bea22ed976e85f45c7e43

SHA256
c452265cff088111aa80200312c5ae5e2a135e0dc08bfb2f04fd80f0d357f6a8

SHA512
e13b08807a4a470839ad87d8b29991e13750a22ea7feb876eec8ecb836419c430734146303fff9a213f99b960d6f399407b8c1906323844e8bc435ff95e12dbd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9bfc9cc72d3f2b9f2be8f8cbc1239a05

SHA1
a1adde7e91cb330d01c5cb4add75b02bc8a841b1

SHA256
0dbad1ef26dae8e47cd2c8aaededb36f0520254859a3db80dbd9a077b1007c33

SHA512
105487c7cb8af51b59baa320d4c4b75aff3429fe97e3d06a054c2fdafc49cf6e8d0aa1364c7dd46ca33723c6e68a0be9671c3e18d2c82e1b25f1381015ef783f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
05149ec8643793dc0fd2eb730e96c7cd

SHA1
1e595fab3b32870f5d851d9d13278ae43500606b

SHA256
9b374b9b5e2167399dd2664fb01e28f9f30c31443bf6dfd989a081e33ea98340

SHA512
5037db7ddab49eca8ca65e95e55a9948cb912f60b639cfeba1eb45fc597cafc20a6869ec43c36c4bc9fa34f8439806d0bb78c3140c5dd0bd420101cb144cdc4c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
ca3e7d6b81c92b7897e27c97c152e0fc

SHA1
8dc97f592d6992656bfcf5fd4c2743af2c3f5a6f

SHA256
e49d0c2313b17e75e5e0c57ecefb399b0414a02fdc5f1592bcd60c228019f1d8

SHA512
831106c0b6b59cb510077168e67009d555f96c57780579d794c51e296eba26aa7fc7a1449799270a4882b4d390bb678d42598e48fc58c8b02e8e0aaf493816d3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
684f7f1335bbd9ed329ec5e8ad392886

SHA1
11e7029df86305d2f7a487f6927e2958bddcac52

SHA256
8ae66de833f05a1d6a7daeabcb415b1c55704ad66321cb63db9a4f2de706fd1c

SHA512
ca8417b876956d4f2ffa9b50a3ab4654ed9add0498234a56815bd01b4558fdf169ce284deead2dbc349051aa8b24e5ded4e771156e7b4843c4a02f1847a897bd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
9e02e033261bade7ea1acf5d8d84ddd9

SHA1
5d68c1a291ea957627b364531d3bbe1a40758deb

SHA256
173631566096f7b63679f6fe9ccb341bb058212b4be26f22c2ae5afd577cceaf

SHA512
e639f662e642d7414e48ae83ef764971fddeec09c6a0733b7f39f5dbcc7ea6f99dab2bb7db4cd39415c4821805fea9799bfa7c1232e4e2d05cfad6180e83fd79

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
c29a84308e113bab8cb43ef737552cd7

SHA1
8f2975a0dbdc112468c436edf3c9546efb44eadb

SHA256
e844bc5a15d85e212ced65db31311204c709bdc0e4ced4b0e16225102426b1d3

SHA512
f0118918359ade9b2b1e94faa0dc9cc70eb191e49957a7afd79bc3ec83e599f46182c9bf96da84e9ff37fa618d27640eb9057cdc54d7bf891e616b8702f1c008

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
7098283d76706ea5c03e9023a082790b

SHA1
56516125d18e1ce5460f43f6b5e436947e348b8b

SHA256
06330195e014b89f269bfb73b5442801307171dc7259ee05ef33367a564d0e24

SHA512
90b613a812ac6cef7a5e90841e665d11b77cfe6514fa98c3b33379437f90564d174f8e63dba0fa5c00fa9d1c55090aa40965accb26f52fb5b7963f16f297fa35

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
baa82e8f91c02b8e88a9e36fe3457e37

SHA1
7220c69ee6e8f2e1ac1cc0bc44dfae11dc53f82f

SHA256
41984e9bd05cfe48028ad88e90b7f62dc505daec2712f0d12cb541f6a1ffb6d8

SHA512
4ae40c75354f35ea28e301584ba4508384a842f6d8e4e0a69a9cc2ad44b4628ac888c3d2e1b6436cbc9fc3f8096a7d2c84866eb4f2bf09716c36bc3d92fbab6e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
baf2932de48a48c15116616d02d19a76

SHA1
200b06266140c0e049eb0b9fcfa44bf22e24e1f9

SHA256
0129174ebee11d759c8deee14914eb65b747534b0ea27b2643c44f7777daf96f

SHA512
b9d5716fab0fd1430dbe56839e6b04854b4c2a26e8e2d9d643278dde491b781d1c54240ff637720cb0ea5187d769f9a1077cabfef009f26a076c434c689a751f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
b5c386e288154b31f621e7a922a974cb

SHA1
a485d71d7589d24505fdcaa22992e91bfe3e14b6

SHA256
d9cccc126a13577e1da2458a4bae53d395caa062c1b46ab4bc207dc1e7255110

SHA512
b71006fe96c141dad951a95067060df5f8c78fe9e2c189fd40c24fa69d3bc7770f297e5e8b4f2421c28b4abd452c16f3f3ce761e181e699effad7ecdfbe8f64c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
45b498b00dccd7dc8ba8f0f412555c53

SHA1
0eb9d6bf8f346895eec37ee0b05c22f90645f1e9

SHA256
ee4b494963decc67c0a10bc4198f02625eac256c27f8fb0171aaf4ef866a80ce

SHA512
3d811ec2cf0a0b1eaa26b59d2b70a7239c6b57a37dcad3cd34a85d5839e8c69fb4960cd64bf45ba2df8a35f6259c9aafbb777073e023f8865221424633e7eb37

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c00bbd2071434fc6860f48e4ae9354bd

SHA1
1669ea591168433285e828f3055a125589ebc9bc

SHA256
d1dfcbf9e18789320c4ed4a5323df8505792b6f55f0e2174db310b6b4f2cc0b7

SHA512
dc37fca3f86f7e2a8516a9caf4e310e39edcdf8cbd666c6a6e47e568113d415c7e98ead910b293bb2a3d4f8f6e193de0dde75202ce84ef853caeb08b714ee380

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ede1341bd0129f9496ab0d7a87ea9232

SHA1
66bd417e4155d540c10e07e559657524024484c8

SHA256
d5599887deb0ed33a58dc581d953644ada3a99b1343f0a17a222f32d3365c84e

SHA512
6b7fab1222fed81a8c0aaca4d827e4d616be55a41a8aaf153e1d43896560a8bec12268436a09028f41c9a1ef9a8cfacf509da112b219a2c493ecca3979bdb2b8

Download Submit
memory/2120-32-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2120-11-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2120-308-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2120-353-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2120-349-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2120-363-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2120-259-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2120-261-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2128-12-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2128-26-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2128-350-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2128-364-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2128-260-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2176-332-0x00000000047A0000-0x00000000047A1000-memory.dmp

Filesize
4KB

Download
memory/2176-336-0x0000000004EF0000-0x0000000004EF1000-memory.dmp

Filesize
4KB

Download
memory/2176-301-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2176-368-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2176-311-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2176-325-0x00000000045A0000-0x00000000045A1000-memory.dmp

Filesize
4KB

Download
memory/2176-324-0x0000000004550000-0x0000000004551000-memory.dmp

Filesize
4KB

Download
memory/2176-323-0x00000000044F0000-0x00000000044F1000-memory.dmp

Filesize
4KB

Download
memory/2176-322-0x00000000043E0000-0x00000000043E1000-memory.dmp

Filesize
4KB

Download
memory/2176-327-0x0000000004680000-0x0000000004681000-memory.dmp

Filesize
4KB

Download
memory/2176-339-0x0000000004FE0000-0x0000000004FE1000-memory.dmp

Filesize
4KB

Download
memory/2176-338-0x0000000004F90000-0x0000000004F91000-memory.dmp

Filesize
4KB

Download
memory/2176-341-0x0000000004660000-0x0000000004661000-memory.dmp

Filesize
4KB

Download
memory/2176-340-0x00000000045B0000-0x00000000045B1000-memory.dmp

Filesize
4KB

Download
memory/2176-337-0x0000000004F80000-0x0000000004F81000-memory.dmp

Filesize
4KB

Download
memory/2176-347-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2176-335-0x0000000004EE0000-0x0000000004EE1000-memory.dmp

Filesize
4KB

Download
memory/2176-334-0x0000000004ED0000-0x0000000004ED1000-memory.dmp

Filesize
4KB

Download
memory/2176-333-0x00000000047B0000-0x00000000047B1000-memory.dmp

Filesize
4KB

Download
memory/2176-302-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2176-331-0x0000000004750000-0x0000000004751000-memory.dmp

Filesize
4KB

Download
memory/2176-330-0x0000000004740000-0x0000000004741000-memory.dmp

Filesize
4KB

Download
memory/2176-329-0x00000000046A0000-0x00000000046A1000-memory.dmp

Filesize
4KB

Download
memory/2176-328-0x0000000004690000-0x0000000004691000-memory.dmp

Filesize
4KB

Download
memory/2176-326-0x0000000004670000-0x0000000004671000-memory.dmp

Filesize
4KB

Download
memory/2176-321-0x00000000043D0000-0x00000000043D1000-memory.dmp

Filesize
4KB

Download
memory/2176-320-0x00000000043B0000-0x00000000043B1000-memory.dmp

Filesize
4KB

Download
memory/2176-319-0x0000000003F40000-0x0000000003F41000-memory.dmp

Filesize
4KB

Download
memory/2176-351-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2176-345-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2176-346-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/2820-1-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2820-112-0x0000000004B00000-0x0000000004B01000-memory.dmp

Filesize
4KB

Download
memory/2820-95-0x00000000052F0000-0x00000000052F1000-memory.dmp

Filesize
4KB

Download
memory/2820-229-0x0000000004B10000-0x0000000004B11000-memory.dmp

Filesize
4KB

Download
memory/2820-21-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2820-22-0x0000000001100000-0x0000000001101000-memory.dmp

Filesize
4KB

Download
memory/2820-4-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2820-0-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download
memory/2820-258-0x00000000012E0000-0x0000000002A17000-memory.dmp

Filesize
23.2MB

Download