hxxps://download[.]anydesk[.]com/AnyDesk[.]exe

Resubmissions

09/06/2024, 12:29

240609-pn445sbb92 8

09/06/2024, 11:10

240609-m972taae48 8

12/02/2024, 13:20

240212-qldd3sgb59 8

Analysis

max time kernel
373s
max time network
373s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.anydesk.com/AnyDesk.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Executes dropped EXE 3 IoCs

pid	Process
2612	AnyDesk.exe
4508	AnyDesk.exe
2944	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
2944	AnyDesk.exe
4508	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624052204452862"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2944	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
4508	AnyDesk.exe
4508	AnyDesk.exe
2312	chrome.exe
2312	chrome.exe
2612	AnyDesk.exe
2612	AnyDesk.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
2944	AnyDesk.exe
2944	AnyDesk.exe
2944	AnyDesk.exe
2944	AnyDesk.exe
2944	AnyDesk.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
2944	AnyDesk.exe
2944	AnyDesk.exe
2944	AnyDesk.exe
2944	AnyDesk.exe
2944	AnyDesk.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2612	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 1364	1780	chrome.exe	91
PID 1780 wrote to memory of 1364	1780	chrome.exe	91
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 112	1780	chrome.exe	93
PID 1780 wrote to memory of 3800	1780	chrome.exe	94
PID 1780 wrote to memory of 3800	1780	chrome.exe	94
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95
PID 1780 wrote to memory of 3944	1780	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.anydesk.com/AnyDesk.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8b759758,0x7ffe8b759768,0x7ffe8b759778
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:2
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3328 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5132 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:8
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1652 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=920 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Users\Admin\Downloads\AnyDesk.exe
  "C:\Users\Admin\Downloads\AnyDesk.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2612
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:4508
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 --field-trial-handle=1888,i,5180562384057191774,1494255867503611754,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4032 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:4400

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x444 0x50c
1⤵
PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
561B

MD5
b03a56542574cf83b12ddf45ec6ffc22

SHA1
0b1bc05ca9ea193c9a213569b622865d230c5be6

SHA256
2841e6ec62554d7e262a6a68af5d666ce15ecddde8dac77a2fea85a664714c9a

SHA512
3fa091aa5f6155cff9654921a324ec106db1d52fa2dd047d0ea1f34f6d70520aa2a2bbcaebccdda7f842f4412fa20cbe5f39dcc61e7b17661c1f3e97e4ab5681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1d91ba41e4d2b466954f85c4577068b8

SHA1
a53d6c91cbbf6baafd99399566b8fd0338990841

SHA256
1b19b96df99139dbe4bc825f3e7ac3697a490876aee74923cc7b9d9ebfbcd104

SHA512
86a7ba3d46b3426cb0292538a5ace9df61a91ec2df8667ef89808bb9db11630c3ba511a1d11ef145657ca420663b6aaa9de3059a1ac5a72ab81e5b7a0ecf0d02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0e745fa2f126fbed209c2cba4f552044

SHA1
f8738927f75a6e262d1a4f74b2ec09a0e0c62221

SHA256
4843002a02ff490e0748cbfd903245130a64e82bbb9e62a186e11d9cbf05c59b

SHA512
84edaa56d8d40fedd0f3bdae4a419a54e56a2de8d268b20b58ff241fd4054aeefd785735a162beec4f2693551a7d4667989277d195da4f698bad81046bf6fd93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
aac929948db7193a6777007aa4e73680

SHA1
a80da1f015701bae28a31683885fcce216e79dc5

SHA256
47ac9b99ce4bbba0a98c7b291873b2b1d4fd8196c111fdc7b37c3b6c803ce4d1

SHA512
f08a516311085eafe991cdc2a05e09e9b1a61c41e2ec140d1b900df1fbbbdb065bc60f3504fde57da40f7514f3f204fece264c1b37e9255bd2471568f6ab2b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b81525f64cd7e8c2489120888fef7697

SHA1
a3aedd017d75afb94dae57b76486ea168261508e

SHA256
1ddb09bc54ef26644f73b850299b3b7bee27ee6de5fc3145834f9a9d87f9b716

SHA512
b89bd8a2c587140bca9fc9270515990e4f0376585626c0597b83023c477d129277cc3eeaeb0fc573a754af7c346e1fb3c20c5575f871f1f7537eac9c6a586e8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
565a1794a0c70f8c427b6637c0d4a3b2

SHA1
fff97f7639066638ac6945fa4735242c726d2ebc

SHA256
383049ff39921fea1482af97fe9cb8bfb27f90b3e74f3c2a0109f4543c2dba7f

SHA512
6d999d20cedbedec4e83bfb863db7d2f5fddc547206d86a138bb2a7c076bb477bd9b9f492bd194daa01b19318a5d4553e273acf9a9a28f50198edeef03237b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
760d9f07ebe5c0d1c3096118915ec231

SHA1
2bb4d28ecd52531f76b456316ddafae00a3b899f

SHA256
7aa77f398fbdca5794829d68c3ea201e768c49a07c4fb036c6316d28679ede5d

SHA512
a8ad83933273a8d34c16d6eda59181b250b7079fb9cc886afc1aabea2f7c05144ab414cb26987bb298b6f4eeb309ac23188eb4ec0b907fdb10a4b7a4a0e507a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58bc75.TMP

Filesize
102KB

MD5
62fe293484057207d6b0fb22345f307a

SHA1
030a79a30a4a965a8d95fc6a17bf6575924f9287

SHA256
e9cd3870511afd1035ad792bb89c1fa12a74a4901e35ccff0e455241275d4986

SHA512
04ebcbb5ff6ae78e35bbfec808b7ada5df50b743ca3266eb9c890f6e0e7b7ab2443a3273e30c54dfb237e15e228873588c4321952c9e7a9684fc5f1e20dd971e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
59533b98c0f97b7a3bb1f5feb96dab68

SHA1
107fd3286d8bae2de9a2c42d074808e3b2927313

SHA256
588a89de93ceb0370f2e1e4f17184093b718cf1466dc8ff0e3407cc8744b7c85

SHA512
2f3d6fdd6181a9d59cc44870664781fd84314eb2191811eac938e509224cb1d175652a29717778c1e403e5982840fa3779aaf547cec30f5c293d8d97be6c8fc5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
c711143e56a2cc21cc3d5100a02039db

SHA1
787666e24b573e4e33da51c4e7e9d5478e21f9df

SHA256
a2dff79ab7021bd899c4ebb516aae53445c58defd75ce6e49c149e84ffcb76fd

SHA512
03fef5787ea759de3c05ebf1fd0c3043dce2c660c2b7f8e2470fc5130dd38cce8ae40c56023fde31c3a31c08d251b6fc63b72319a48932cecc45dcd662e04d74

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
925bbd03679d849dca2df16d50dd20be

SHA1
e28d4f04efe1dc54c56ad164a6d318d1be64d605

SHA256
359f17e523d534345151a06942fcf1ebff6f328de375dc7163eb1897a9b5b967

SHA512
9198278e66e6e69b43543c93b3f93e5cc8ebacdc21915f1e02739fed792e3e66e1e4757f296cd2b98b02fb7cfcb0343d9aeb206ae0d452e2dbf4f332e23249dc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
15b2665add2326cc28b3abbba2752639

SHA1
ae4040a1b91cf3da313f0550050d2efa25b7eb26

SHA256
3fb92a3d1186d72cd6e823db10ff927c2e45624f889dcaef719ab8885c3213bb

SHA512
fb6ebb7a364361fc2528f6c6e0a0018ee08cb14c558731710d258108c4a82d86a21a1a3c1de6afcd858901e71beef45b0e8129acf15bf96912dd257e4310dddb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
91e09a6df77a9addacd69c891237f44b

SHA1
363c82ce634bd6851c6f01af193aed67c0089eff

SHA256
c024335a587913e21b2d3da4d55031d3f22f4f589f0711db700fecf4dbe1733d

SHA512
70837914405863fa0ca0422300418b227aae78595e4f37f786f3e13faa5a9e5c9a3dfae8ee8a5ec2df9e3212468af5e69f413008deb0a3eaef34bc1afb473d5f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
4b24840ce21dc52092ae1185e2f93b47

SHA1
2d8aa21dddefbeecbd2cca3748981680a13f9984

SHA256
a7a03778f8cabd8b70e29b84b3c94c283988c6e942f794aa6ed0b21f863a1761

SHA512
36c30c8663cd33e779a353eeff746f84f48d8f611eb31b2d1210e00177c4bc4ff2d10f59413d73d32b5afbf15490bf9e010c105ec59a866453e73043e41c0646

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
701B

MD5
679b752fe26db9ed1249fdcbcc350886

SHA1
c4f038a15b6efde1fac2ab270c9a532a2cbdde6d

SHA256
28bec68bbde6ed8de2c0d33f7540b731c85f5706aed2c4ecc309f6b9c497a57a

SHA512
2fadf7cb0582cd07eb14646fc9a0ff4938b98a02c08b7a1dc34dce750c6b0558cfb997c200efafa45aabe2232d7be380d781f8694d6d16a10bd2cf74eae1bdd8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
758B

MD5
fca9617fd1487e6fb69f242f01041369

SHA1
5d66d4d912e129fe7ecfe0518225e43a6c3983f3

SHA256
4828bcedd78cffd95719819a18e9842fbcf098eb942ff0a294f2777550ccc24e

SHA512
5beeffe2744d3c79c0a7f9518b85d89fa0b437c6cbbbc6dac4d8c56c641f124558dab6bba644f915ec1a66235b10afe741fb7bfed1257ce21744e7355e0710b2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1c74e428f151b8ce40f8bdc6ebc06fc9

SHA1
a518817109958d81893aa4d35c7beb70bb2b6908

SHA256
2ed08698c2b2646ceb76fc813ee946b6d34971253d34345d09ecedae4964c7b3

SHA512
2ab4601727635a85581caabea3211ad5ce3d9a76849cc475e44d36751e1b8e96129aa65a8b3f2e220175735e4f7b362747f0248e452527f07c6dd7ed6c438975

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
c7655f73bd586cef25bbb7df49d9936e

SHA1
54a7933f95f7969d929b68e5452af65ad1244cdc

SHA256
eb52ce08d65b34d096eceffd7194f4ab3536f0e4cca621d7a01f053f3a01b985

SHA512
a9d85d9ce86591147c160562d5158218ef01d037e2358c055e3114427fb78777d5f31f728a18bc8e925ea458f03a08a6786b782647908b68f219cb7827cce8ba

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4e23bb8a8e70ce87fb01adf40a69f712

SHA1
36e8c90eea0f17e9ef1a4d73520ba08532848def

SHA256
b6802bd95da40436a32c7af4ed3445996b76b8bf723bb81b0cf35c35ce6a0762

SHA512
16644d566d74b4dded6448304c6c758fd8cee01ace342bd7647ba1c388df255839217547f36794a559b54e572c2c043ce67ed823cf7e28935df24580af079b99

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
f0adf6618b9e334825b3e8cdf0800390

SHA1
a7709e0995d12ea800233ca916ff577f444758c3

SHA256
5c88f87cf30e5375147c065ca7f5811ee08b7de862f22b8479c1f75f49499c8d

SHA512
af0d697d994efd94fded7411ff00ff902ed9e026c17ada6daeeb17c466f1c73cf835fe19173b538d3347b150d3eac8539ed9462b685114d1a44320d00daa9881

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
778cf602852c3623eb752a0a86ddd89d

SHA1
3c04dfc28dd70e971b837c109cd238ee788cab34

SHA256
3faceea68eb87c367a6b55f08c446a5bb0c0553d7cf82a0cced97e258da4095c

SHA512
15b40fe4acd4caa23b8ee40644a221ca218afc828e64430fbb928e192dd273fc11a2a80633e28cec0029d40b53144aa930f9316e4eefc60d419d974d641f394c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
744e8d577b46c25bec4dd455dc248577

SHA1
c37e961a4b048302aa0147255e6cc9cc3292d333

SHA256
59ee37ef3238bac6ee52bcc12794f5cf452e9c023dea2cc0c5ef20e842c0cf11

SHA512
6256680b29d5b625741d255955a7197c055a3dc080eabb48ddc45264a406d9715a7dd0158d2b0cbfc00f27945219a034e74985ca773d929ad97649dcfe460896

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4867d3e5962228a04753b2119c271fd2

SHA1
ac5b78b8a9fd581a0f1652c756e5627d3deec10a

SHA256
13942d4ac4752ba96832980d83ca2f29bb418aebf35e4a99937b144d0b7974f2

SHA512
b775d2001df13988d906e47dd10690537f90b27e8b26944e8a5bc7d14d09af65edd4fcc5372a9714478412997f235a97837e13a962008593b9579af8fbfe10ab

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
0cde97ca0e677a2c03bd856aae31f7a9

SHA1
4f12f9e74778f7cac82b6fceb03dca041ee65749

SHA256
b5fd81075c2b3e5972526a94d826b0736b97e2f97cc1eb72b6ab842fca64727f

SHA512
4d56126032982189541fa9add91e4d58f2a360575a2005932cfc8004abae483ecb19a26bc73992a15355383d7dc34672680d1f44e6cb90e13750e4aaa3694024

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
b56ccde5f03ec4928a1f3c5a4ff10a9e

SHA1
2464153ed2e28eca6b8dcbb47a770837e3dbaa8a

SHA256
797003265eaccc1c9471f0aed393b7fdc26ecc55abd8c1477dcbc3a0e5c6a4a0

SHA512
67eae7d925f368a8f951123eb5a4eafa7eff3c22973286a7de6e4bcddc770a9c1d7e401ff7330d57aa67a20d6c3265e7bfee488713b25d05fac7ade5865ab777

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
bdcce02102b0bcb7816d3374fbea6126

SHA1
7583dcbac3a58fc5c26c7a071a0a22a184ccb8ab

SHA256
9d6b45173e2b7f47067706a08acf18dd20f9bd07df388e45f523121b6df56f26

SHA512
3385ef30926a223545114e5390fe0561b817b6029bb1892f56e1cdc0dd24d84b75aef3e470b5392824a81967befb1f016460d91dd31e75a42a4861260113e259

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
46647ba4ef194bf930f161b04171580c

SHA1
6fa0a5397443281a0786e320787c4e7104f583d6

SHA256
f2fcca8bee0f6c8c7bd77a4206859b0935ab7dec12e0b756a0b9a6ee02618708

SHA512
500e0236eae96e32bebb0b51280fef2c40937d8dcda4e99f7fb9a544bb4e94d76e85dc90f99905a1d95ebaa5bac94c3a61a997fd9bf0871a4f5f69ee1cca10dc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
234debe673496bd74218f5b0b2a35837

SHA1
82247932114b0e57feaefb47d6fcaebe8ff65ba8

SHA256
a02a2c3cdc2edb04a011aa338ec2ba452c2459a2c9202be2c2694cb9c26f4669

SHA512
8975686195e81149e5ae43ed0c2f19bbf9e27e1a688b88e75048c4220a03328421c17f80b29bb9b64e7352b0dd6d759920a39e0d03127c1aaa4ab039ada5f54d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
2aac976fa084052115f4d6ed53c30a6d

SHA1
5ea7eeb8a837f252296118b91d71ebef388840aa

SHA256
92ca91caf82ce13d9fe7f1f2bbf9704da4355538eb68cc45bd53ef54818bd24f

SHA512
0bb2231f8d15bb94ca25b41c0457115cf75c86b77d13a06d1dd5bd5c9d64a7d8b3babfb28917c5edcc38b54eec94c7253a191e7062308edb7b5fb67acfb09b61

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d114e300c8c2630d129cd67c9325a4fc

SHA1
318b0fd5debc0b7c72dcf2a8fc434bef227d5e1f

SHA256
dc3b56d2862d6733f62350e1e7c8bb871b5109c526b23d8d87220982d13e35ec

SHA512
32b9639bb5b30fc0d0a1a0383d02826f0095738031f6d47b888cb9cdeaab4c5d505fe42d36902f843338c41f094a473b289df840e97c8b3967665728fd198078

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
4KB

MD5
d130db8dd970170d8836e1f03ad571dc

SHA1
22e8b6dc63bec34498ccecee052353200e415046

SHA256
02ec51283bc744b87daf607567a6ba9e54153c247af0022c29e93f304bf564b9

SHA512
e9e40c59245cc7206c253f9b20f672022e17a2f0b2384247e724b9b9839a1735fa176363571e49f4b8c30667702768316c2c5a0474cb5841f7a47e4439b4b727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
4KB

MD5
1e4d3902a2184e03af86a99a2ce96d49

SHA1
6e9cbd1e8d811bbf547b4b10c64832a258cd0d34

SHA256
f6c27b101767c7fa35632383a57df0ec59109bb3da41a450a92710a003dffc5c

SHA512
d44a6beabb6a8f00b0e4af13e50b2d760bde52a12fa6dd0fd6967c5f4812ed0ae070df99d133698d1bc2543d8838f5a73721ea737951556432db10d63a2912d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
74de365db56d2c93562c82052e1cc31c

SHA1
def5fe1fc5eb74a176b9048365eae6b2324550d8

SHA256
3d8368b2f88eaeb7a45c8069fb241b95ece9d0e3e7895ea02a9758713455c21c

SHA512
1da4d5158a31332c41a982678bfc295f5c3869eaabec392d8986dbc493ea6e9a03a9eacae2e902e7d0ebdc6cc43006ca648fe3576f34d85a0984006da037921c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
2846308aca6c9d3b5d9ce398500068cb

SHA1
ae4c852ff92e5990fa2f50f7b5ddab86a5df6f62

SHA256
4fd28450b2c728c15d3f051cc9b0daf931c23cb939df8d0bc245f76edfc0b67e

SHA512
2e9ae4f1e212cda2c6a29e35df2e663f034e353eb46931813b780e1710c513ee9b42a6a5ee6f5d2d7c886dce888b9ee2d435ff90fa63d8af08120cd336f055eb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 137010.crdownload

Filesize
5.1MB

MD5
aee6801792d67607f228be8cec8291f9

SHA1
bf6ba727ff14ca2fddf619f292d56db9d9088066

SHA256
1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

SHA512
09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f

Download Submit
C:\Users\Admin\Downloads\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
memory/2612-70-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/2612-326-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/2612-69-0x0000000000784000-0x00000000019BA000-memory.dmp

Filesize
18.2MB

Download
memory/2612-502-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/2612-501-0x0000000000784000-0x00000000019BA000-memory.dmp

Filesize
18.2MB

Download
memory/2612-314-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/2612-337-0x0000000000784000-0x00000000019BA000-memory.dmp

Filesize
18.2MB

Download
memory/2612-73-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/2612-419-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/2612-391-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/2944-101-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/2944-418-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/2944-316-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/4508-92-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/4508-417-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download
memory/4508-315-0x0000000000780000-0x0000000001EC9000-memory.dmp

Filesize
23.3MB

Download