hxxps://www[.]playprotanki[.]com/

Analysis

max time kernel
67s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.playprotanki.com/

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 4 IoCs

Processes:

protanki-installer.exeprotanki-installer.tmpProTanki.exeProTanki.exe

pid process

4668 protanki-installer.exe
4724 protanki-installer.tmp
5288 ProTanki.exe
2628 ProTanki.exe
Loads dropped DLL 2 IoCs

Processes:

ProTanki.exeProTanki.exe

pid process

5288 ProTanki.exe
2628 ProTanki.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

12 ipinfo.io
14 ipinfo.io

pid	process
4668	protanki-installer.exe
4724	protanki-installer.tmp
5288	ProTanki.exe
2628	ProTanki.exe

pid	process
5288	ProTanki.exe
2628	ProTanki.exe

flow	ioc
12	ipinfo.io
14	ipinfo.io

Drops file in Program Files directory 33 IoCs

Processes:

protanki-installer.tmp

description	ioc	process
File opened for modification	C:\Program Files (x86)\ProTanki Online\unins000.dat	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\META-INF\AIR\is-38917.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\META-INF\AIR\is-4S5JQ.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\icons\is-BIVDS.tmp	protanki-installer.tmp
File opened for modification	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\unins000.dat	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\is-F974I.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\Licenses\cairo\is-RGE5H.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\icons\is-G5VO4.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\icons\is-2C7UG.tmp	protanki-installer.tmp
File opened for modification	C:\Program Files (x86)\ProTanki Online\ProTanki.exe	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\is-GLRQN.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\Licenses\cairo\is-LBV3I.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\WebKit\is-6J4NU.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\WebKit\is-OCK6K.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\is-3CLH3.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\Licenses\cairo\is-AKBUI.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\is-FNJN4.tmp	protanki-installer.tmp
File opened for modification	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\is-0DKJC.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\is-LUUK1.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\META-INF\is-JAPUO.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\is-BSLJQ.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\is-USPAA.tmp	protanki-installer.tmp
File opened for modification	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\WebKit.dll	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\Licenses\pcre2\is-74P1V.tmp	protanki-installer.tmp
File opened for modification	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\NPSWF64.dll	protanki-installer.tmp
File opened for modification	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Adobe AIR.dll	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\is-MJRCT.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Resources\Licenses\pixman\is-3ST38.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\icons\is-BENK9.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\is-L2D02.tmp	protanki-installer.tmp
File created	C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\is-I4T70.tmp	protanki-installer.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ProTanki.exeProTanki.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ProTanki.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ProTanki.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	ProTanki.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ProTanki.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608878972206396"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exeprotanki-installer.tmp

pid process

4956 chrome.exe
4956 chrome.exe
4724 protanki-installer.tmp
4724 protanki-installer.tmp
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4956 chrome.exe
4956 chrome.exe
4956 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

chrome.exeprotanki-installer.tmp

pid	process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4724	protanki-installer.tmp
4956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

ProTanki.exeProTanki.exe

pid process

5288 ProTanki.exe
2628 ProTanki.exe

pid	process
5288	ProTanki.exe
2628	ProTanki.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4956 wrote to memory of 5444	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5444	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1248	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 1248	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 5884	4956	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.playprotanki.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf32eab58,0x7ffbf32eab68,0x7ffbf32eab78
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:2
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1928 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4144 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5096 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4668 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:8
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4848 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5380 --field-trial-handle=1876,i,1803421564704171015,5086587812908681614,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Users\Admin\Downloads\protanki-installer.exe
  "C:\Users\Admin\Downloads\protanki-installer.exe"
  2⤵
  - Executes dropped EXE
  PID:4668
- - C:\Users\Admin\AppData\Local\Temp\is-8B0VV.tmp\protanki-installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-8B0VV.tmp\protanki-installer.tmp" /SL5="$D019A,9782872,883712,C:\Users\Admin\Downloads\protanki-installer.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    PID:4724
  - - C:\Program Files (x86)\ProTanki Online\ProTanki.exe
      "C:\Program Files (x86)\ProTanki Online\ProTanki"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious use of SetWindowsHookEx
      PID:5288

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x418
1⤵
PID:5144

C:\Program Files (x86)\ProTanki Online\ProTanki.exe
"C:\Program Files (x86)\ProTanki Online\ProTanki.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\ProTanki Online\Adobe AIR\Versions\1.0\Adobe AIR.dll

Filesize
19.7MB

MD5
4510283a6430f83212d65ceead6e0489

SHA1
86089531f6201725a0485f811b85884181433d64

SHA256
e5efca0b15127161f055826b89dbd115940f0748f025464cb94eaf0766b3a90e

SHA512
4992d159dc5c396ca1801d5bb670ff24e95fe9597d76425c42fd0509cdd8b7abe396942d4f7f5387e251a20614e7c15bd44c1ae82710cbcc86ad6d8649020bef

Download Submit
C:\Program Files (x86)\ProTanki Online\META-INF\AIR\application.xml

Filesize
865B

MD5
edc40e204ae3859e13c7367de003b659

SHA1
2cc8571ee70bcabad69a6ed66cb963b04fcc465e

SHA256
6adaec4e4079a2f0235e45a00f8ec95d9f27b77b0fe72efbded1c37412da34bd

SHA512
dd904b4d8deb163192440c50bc0d846781d57bdbf4319c3b3f9b3bd01808f197761deea062dcbacf5933c0e17f35e245860fa7fc816bedf8dabb606544779aa2

Download Submit
C:\Program Files (x86)\ProTanki Online\ProTanki.exe

Filesize
162KB

MD5
b94d20104f033fa1b7f9560648daf3c5

SHA1
06144412fa3e635fa7222156379610753345cafb

SHA256
a66311bbcadd2d8db71460e7f1b6554467e0d71b6d4f31c2a33988d10fd82f05

SHA512
ec6b242b7f15d52a4d3979c7b30576e14ca6aad38443a16f61f7c8d19a5033d205561f1f123736c1a4b958a5511e82a2a3e0dce47172325f7b193d9d5514b459

Download Submit
C:\Program Files (x86)\ProTanki Online\StandaloneLoader.swf

Filesize
54KB

MD5
0a7693d2e955fa1170ec2b8b460bcdd2

SHA1
e00b0adb1f23e8bdb454abcc9fc9bbf466a98390

SHA256
2858995d0e86eec968438c65cf21382ff203e133e830a0718424f74dc9477c3d

SHA512
2c3fc2ef385b795b6973b11354b41d0c5645abd4321da2f0e63090ddb492704851a8b599c50363a2eb954c1214467c74466e2d66ecf3fc38689179dae7449f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
25e44aecc22b5976f8061bdff0950e42

SHA1
43a2520026cab1b0af93c847cb21715fd99a49f8

SHA256
da8656731af62c6ab128010b53dab9cdeb502e7b89c7ae29a861ad7d07c77108

SHA512
bcce4be902350a59d1a90af682ad4f980ab3f92613bc35cf93153a1b576e45d8a633850b784b1cd4d39a42d1f6438ead3328ec64e222cfd737ceee551c610227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
067ee1300c239e4acf940d40168b4665

SHA1
eca6acb0896f6cf18668144db30274a28e31f6cc

SHA256
64ef02919806d168789245ec93d51784de126391847a1cb1ee3aad6471f099b8

SHA512
3fc3b13d08861ec659cac9a3d2318ff10a7e6f90b60f084e87ac7d8a699560f769ff65004554c93208e53cc1ae5e449f25db28371c36aa96fb7107978ad16628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
092b136cfa68d39ad68035014e27397d

SHA1
8f05fac7a81bc1254b48f79032f5f9f8592399b0

SHA256
94be8dc95911c759c88d91ad090d647e477013dc20b0c04820aca817ae84b545

SHA512
08024a769c239f90aaf634dc84d427183a3082ddef7f450b91260ef5469f5d0721651403c9badc219ad109afbd46a2f412fcbcf69c791163c3744dbdfe428af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d8cfdf0f63e7de5d90268ac62e4c8318

SHA1
1ae9fb6403e5ac14d7678a9fff81bfb2d0788d3d

SHA256
fff48762dfb41201edcef71abe7b31429b17e86711fa90dd02d544a0902e592f

SHA512
0aee584679acc3745db271923c0e2df3ae714b3ef51c5bb7b403c400f66cbb721d1bb601af0d8b747f723b99e6b05566cf86b9d65e56fc2bd3bf77e3446a9445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
85393b13744df7dc8f2dfc7456725012

SHA1
53bd9ff464b1f678142f9b0470c92c3b8c2d1a5e

SHA256
419c76a5fc8ce16275807bac8f622e135d6e86cc6b7bf20e94c7d2d0adcc6ce4

SHA512
30e6fd486c243051b7f00849e9fd15ae9f2598d3fc38a741a8fc23dc0a0d5a57a5cfb7584bf29c557bbdf1de6de40d4f0276ec8eb43d41e32143e67ee9fd485e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa8cd0d8073093642f5f56bb3cf34e6a

SHA1
50ded655e121e8292145ef7a665211ba3c67e570

SHA256
e4ed0348ded0ab30faf24ca4178c34435fce3d419d053651de6d0fa62ec4cebc

SHA512
b0f6c4c16195d266bb04c808757973811f3eb0fee107590a2db794c493ee7a6495eef3f7661d6c14c42b39bf94ed6cabb7662598895bed929c5168e9b9d3c2f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
942a21f2dcfa7a65683078441133b201

SHA1
9db1e028a64a824e4bc7970dc344ae836ae964d2

SHA256
911b9060fd676767887d8fc0aae5f32ea9462e181d8b01060cbd39af49576ced

SHA512
1089ca42d74a9389a2421696bbc59b0a57d233d184724c9965ff1871a98f97acc57f4dfa431472ae99d7907a8c84d7aaeaf07a50b0ac94e4f704b1c8b15dca98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
48a65e624105840b089a5f741097cc16

SHA1
70bb6384a01253ef0dcf60f0dfee85967c338d26

SHA256
0c68cc1b96bc4ac4e55918a3c55581cdbe939b087eb44d17e0fb2ae4630bd712

SHA512
8d6f918e239dd6b2bb9798d7603c4d8944f9ee8e1416aa12319372f5ddbb2da3a4fef77274f448c719fce0978c7b30bb2f80a85c888df7dccb5f2f9f95fce573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d08c291ba3dc2c1449f47184a7ff46e5

SHA1
2c34c51796c36eaed1921850cce6a94c9f28e1e3

SHA256
b5ceddf5c3b604ee941f43033f1e269d673257144d57e4269c6e35ef9e7d6497

SHA512
42c3e9cd380c4cb1b1132ad8b6fdfe02fabf022c4e6c91f130a569a4035439e0c7878ef924f78db02dae82419835322a7a9d2325ed30640cc567348468e57f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
838960260e4c13ca3a5bee5803372f6a

SHA1
208f1f2872d85844010328238fa21cb64202e62c

SHA256
4918ff52d22ded254ade389fb9b614377b2095b662884a8eef4f639953334041

SHA512
23bef1f3c58bc3a3cacda507cd81bee89b47e3346abb511f120b197ec72388f8fd939f0f4562fe418a60ca53bddaffbf3b92f533667c58c992fc0a2f63f73ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
68cff0ce19d9c6ecec83226d8de72c16

SHA1
e1c69a12d4dab61c77f82a2505881853b5b03d66

SHA256
5dfc3c3fd7536c7ddae44b251795f4262f9e0663a08e92f357aac5bf6b1cbfb7

SHA512
2d7700378bcf354805f2aedaa92603463e1c6871f9e718120cd38898f937dd50736737230b7747aa96e972b4ffe75247fe5b25a88094c61abc62838029dafa97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
3df9ea99b8bb178e6e2ad3ea0ca5419c

SHA1
2f6fba10834572815674f41cd9e983acb7d12ddc

SHA256
be4b66e81ffa240bb3e1d6c33b9e8f7607052adc08851317d64995a126ec39e6

SHA512
23d40af761d74ec9c94469caccda945fe3c7c8d343555e4e5767ba13112b1d2a378e0cdf18c4c5b78ee4f7e1b9131b2f419652cdcbaa231242ef8f50fded9c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8B0VV.tmp\protanki-installer.tmp

Filesize
3.1MB

MD5
feb289287fe90220dcbdb3ff8a5965f9

SHA1
56711df6eee0a99c2114be7ee62c67ced133ad9c

SHA256
0180039f29fe1b2982d318d3e6e381ac9ef76bb0cf61eabb2e7f8a921377c40c

SHA512
2a6321e76997dfbf3cf1afa9b725330b3c925aa5c91b123e3f44fdb163a8167c25a0b6ffd3289d1c3efd7f614e86e7ee84b6c8b5f50552aa1c574faba16038fe

Download Submit
C:\Users\Admin\Downloads\protanki-installer.exe

Filesize
10.1MB

MD5
a7e33432f3835d8c612abb8ddb6b2132

SHA1
d6fdfd2d31dda3afea83720099a0dcaa7799d349

SHA256
cb1f151404549c304e895282593e4d6ceea18f394eb062976a6275d28a4ac80a

SHA512
bbdb47c23f4c14c552132c5d0d75015f9e9fb62ba924d15742225d4193f1fad4ce01ff012bff6a0b0153f630d332bbff5d1f9e9ea78f99e55a81b6cda1de2479

Download Submit
\??\pipe\crashpad_4956_LCDKYWTVSODFIZKI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4668-149-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/4668-150-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4668-494-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/4724-155-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/4724-493-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/5288-714-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-685-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-772-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-762-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-759-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-751-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-750-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-748-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-747-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-746-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-744-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-730-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-729-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-727-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-720-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-717-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-684-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-713-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-711-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-710-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-706-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-705-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-704-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-702-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-699-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-695-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-692-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-687-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-686-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-688-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-680-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-676-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-749-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-743-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-728-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-722-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-670-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-719-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-718-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-716-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-712-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-709-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-669-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-703-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-700-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-693-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-689-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-782-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-785-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-779-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-776-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-778-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-668-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-678-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-674-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-794-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-795-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-803-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-792-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download
memory/5288-804-0x0000000004070000-0x0000000004270000-memory.dmp

Filesize
2.0MB

Download