1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.1MB
MD5

aee6801792d67607f228be8cec8291f9
SHA1

bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512

09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
SSDEEP

98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9DF8B971-415D-11EF-83B8-FEF21B3B37D6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{322D26D3-3D4E-11EF-83B8-FEF21B3B37D6}.dat = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff4d00000059000000d3040000be020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000104ede4c6ad5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{99FD978C-D287-4F50-827F-B2C658EDA8E7} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000d010e34c6ad5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 01000000000000005096ec4c6ad5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{920E6DB1-9907-4370-B3A0-BAFC03D81399} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 01000000000000005096ec4c6ad5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{16F3DD56-1AF5-4347-846D-7C10C4192619} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 01000000000000005096ec4c6ad5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 01000000000000005096ec4c6ad5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{08244EE6-92F0-47F2-9FC9-929BAA2E7235} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000b0f7ee4c6ad5da01	AnyDesk.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2276	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1684	AnyDesk.exe
1684	AnyDesk.exe
2868	chrome.exe
2868	chrome.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1684	AnyDesk.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
2276	AnyDesk.exe
2276	AnyDesk.exe
2276	AnyDesk.exe
2276	AnyDesk.exe
2276	AnyDesk.exe
2276	AnyDesk.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2316	iexplore.exe
2316	iexplore.exe
1672	AnyDesk.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
2276	AnyDesk.exe
2276	AnyDesk.exe
2276	AnyDesk.exe
2276	AnyDesk.exe
2276	AnyDesk.exe
2276	AnyDesk.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1672	AnyDesk.exe
1672	AnyDesk.exe
2316	iexplore.exe
2316	iexplore.exe
692	IEXPLORE.EXE
692	IEXPLORE.EXE
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 1684	1500	AnyDesk.exe	30
PID 1500 wrote to memory of 1684	1500	AnyDesk.exe	30
PID 1500 wrote to memory of 1684	1500	AnyDesk.exe	30
PID 1500 wrote to memory of 1684	1500	AnyDesk.exe	30
PID 1500 wrote to memory of 2276	1500	AnyDesk.exe	31
PID 1500 wrote to memory of 2276	1500	AnyDesk.exe	31
PID 1500 wrote to memory of 2276	1500	AnyDesk.exe	31
PID 1500 wrote to memory of 2276	1500	AnyDesk.exe	31
PID 2868 wrote to memory of 2432	2868	chrome.exe	36
PID 2868 wrote to memory of 2432	2868	chrome.exe	36
PID 2868 wrote to memory of 2432	2868	chrome.exe	36
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 1996	2868	chrome.exe	37
PID 2868 wrote to memory of 596	2868	chrome.exe	38
PID 2868 wrote to memory of 596	2868	chrome.exe	38
PID 2868 wrote to memory of 596	2868	chrome.exe	38
PID 2868 wrote to memory of 2896	2868	chrome.exe	39
PID 2868 wrote to memory of 2896	2868	chrome.exe	39
PID 2868 wrote to memory of 2896	2868	chrome.exe	39
PID 2868 wrote to memory of 2896	2868	chrome.exe	39
PID 2868 wrote to memory of 2896	2868	chrome.exe	39
PID 2868 wrote to memory of 2896	2868	chrome.exe	39
PID 2868 wrote to memory of 2896	2868	chrome.exe	39
PID 2868 wrote to memory of 2896	2868	chrome.exe	39
PID 2868 wrote to memory of 2896	2868	chrome.exe	39
PID 2868 wrote to memory of 2896	2868	chrome.exe	39
PID 2868 wrote to memory of 2896	2868	chrome.exe	39

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Modifies data under HKEY_USERS
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:1672
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6af9758,0x7fef6af9768,0x7fef6af9778
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1220,i,1408685775615964847,16100507067107794344,131072 /prefetch:2
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1220,i,1408685775615964847,16100507067107794344,131072 /prefetch:8
  2⤵
  PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1220,i,1408685775615964847,16100507067107794344,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1220,i,1408685775615964847,16100507067107794344,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2184 --field-trial-handle=1220,i,1408685775615964847,16100507067107794344,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1272 --field-trial-handle=1220,i,1408685775615964847,16100507067107794344,131072 /prefetch:2
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3320 --field-trial-handle=1220,i,1408685775615964847,16100507067107794344,131072 /prefetch:1
  2⤵
  PID:924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3008

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2316
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2316 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:692
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2316 CREDAT:275463 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1332

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea62179988f3d59db949c995eb1e6766

SHA1
8a6afdc2ce4b676f47d94f461c8bac7d0044186d

SHA256
80296bbc90c9e902ce7d7276f5d8def17b22513704e19a256f9e550ec1b081ba

SHA512
aad2303dfa60fa08c14081eb40c7b82025afbd6faed822a14a8c8327c8ddb34f05587e1a63a7a911e6a9c11179a5b59e89dc3a3a9ce7731c41a067183bc826de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88ec9df7d0057caf23e0971316ea1f16

SHA1
1d79332a3c362cb2bcaaa494faf9c70c4dbd0dc2

SHA256
da9c097267b5a8818250d07c6434b974abd7a5e365c9d86526851c22fc6e3954

SHA512
4b1683feeda5ecac0ee365d1af051183538ae686582d5264e06f24eca1aed8eec82fc63806f718e8db9052acaadbdcd57ac6db19ef991c3ac0697b9c2f8b907c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
793b73c06fca04db1779779a3205bbd2

SHA1
6c675e28a1388c9f5755a4740aa14efe2e21187a

SHA256
7d4ecfbd17fced571393ffd07da04f2590a41597d4e4460d7c8323359e8586db

SHA512
502297acbc0fa066b078090e989295773d696c0cd077d758e9c3509e0cf1149165046ed7e5344a1cad3182a6904baefd81a944cc1cae38b8546b86f4b43d5096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35e1d18dc3f5b143ecd6d716dd2cfa2d

SHA1
9f0e1e8c7307e4eab41e7c4d94dee6cfb5c713d6

SHA256
e3e73e617331653aee705841bec220bd434941a5cef44707eaa03f4395d4d73a

SHA512
ca596aaadddfd8ba24eecaa7c2d10159fdcb56cba4be5b84c86e383c021a22cfd71ead88ebed6c5fa7153bdf58f3bf7b0a40321406ab45c0e1dcc0d2316639fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6abcab0322d7ee093f1d31e2538302d

SHA1
87aef522eef1cc8fecc7d5595d432377ed805529

SHA256
4bc3529c136069ff444b3de9e3a462ec4638cc13866179fcd67d8590c2746d0c

SHA512
d189ea238211017458acfe5584715e36c02386848b55586fd0337db7c54a5ff292f4fa0b6633fe441676929a1b292cc11659c97b8dcb8779370f0986d12bda96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2ecc60aec6982b90d95810da16ce3a4

SHA1
d1762a8f38b9296c6bd603fce950ce5d55981374

SHA256
4578beb7b794dda7624dfb323cdec08c1b298a98ec28d896d6d9115061c1c7e4

SHA512
91a861758cec750ef59cbf31b334e249946fe4dccebe11f72a9e3ee92a254c7d6eebbcd9159aa67a8f32488d2e940b782865492bd23b81bdfa36d9a9661d4dbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53614459446b7262e0c4de303d83ec7e

SHA1
4d8e744bc9c8b13801ce9bc8ba8c35c6177e2f42

SHA256
7795d982a6ac05ccb6ce741b69dbd851a54020ea7205a545366dfd82cc551631

SHA512
bef5488697fa517823f97215c27b96ff7832bf7b1015494f7eeaa3b6a885d1466b854cdc6d91374e04f5ab272eca0fc7a54b12ae28f42482204e0bb529cbcaf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4cfcfe28502d7100c9f376989cb40b1

SHA1
83b284811c7a1ff17014b7be85af5025c72d298b

SHA256
d4bbe8dd7812886539e9f479310bf164285145134dc928fcbeca711fc9576f0b

SHA512
9e9afac93fd2c43fac9f231ef2c54b4f51ff5353eb9b30d99f6d6f6a50c1d37423f781c376b4da3b7f039892fe55179e66f36a98a4ea572b37ad50d35b59cc2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d768adbffcf004253237ebda2463bbcd

SHA1
a267da51cce5986a8007281f01b33f984f248771

SHA256
c7cd6d58c3fce93b41770156e4a4404669bfa580d0ca60baf3ba00eff87e5144

SHA512
b3b2de2cb03effe2ccfdc403f0f65cb65eda50eab2c35075a122b06e1e2d8752202d07ba100f5cdc0c49d998261ab615e948c62bc7772904973300570d9e8abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\89693e3a-ebbe-4ae6-9a00-4c7c1f08f3e5.tmp

Filesize
307KB

MD5
664337f58247c15d5492c0a01ed4bf34

SHA1
8c49e749f92711dce5c99aa3a6a3ceb5dae01f46

SHA256
62b8591be34df721c755a2db041cc00b7a327ec364f19fc600413a0d80792993

SHA512
6ff22bba2ceafbc958dcc9d7ac1588aeb3af90250e50325dc33b71df96bc77969240b9de6b8f1abbb292a11fc2b945321f49ec4a9723a316f76916123b38304f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9965.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar99C6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF6757859BB77EAEB2.TMP

Filesize
16KB

MD5
c76f27ad34227de154672ab5c40f08df

SHA1
dab3f333a4d14ad51585c4959f804ef09197d643

SHA256
6800cf4dbc811814ab7a9053f7363e483055e9f2662cbd0d10d363b145fff23c

SHA512
e602b6c15c1a0be418e05ddbe8fe370e7bb7911482c8c779143248a9def7c6aa0bd6e3b0120e69c12f9a84d871bc102de8c0f40ec01960f8569785ff1007cba0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
67d257f7aa0bf6567a9966bc4c89f279

SHA1
3f4603e4754d9a46ba9264a668a0056ce91a2a2a

SHA256
4d6bbbba431e9fd39bbbc85382513ce91a991a685bccf766a84bdeb2bfe41e72

SHA512
acb6f6917ac30ccbecdb29506487a30a1448f69f84ca80aad67b8c91307ea10f158459152ea4c3e4a815aa05d909131b2a1daeb11f749a1d3143ef76a708fd64

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
c1d118a5ba90b7bb0b684e19153d40c8

SHA1
7e8f01ad60e8c9efe74b664fdc9a4f8695c3bca5

SHA256
51ebf3ad7548e1d0f35f3d43550436f6d20b374cae2bd3502a717e2650c67e80

SHA512
f66b140ab5eea7464b3d40b3239716f3637ba0bd80cc52eab16650fbefd117c023a590f3e3b3f817818aa9a497297d7026b8e19e6be4c3953d9bbf5d8d6a5a2f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
37KB

MD5
f870c505cc2322646b68c2f94343e369

SHA1
2c2c4d11772c4a680a379f0412d1bd5a1577827f

SHA256
4e85a8d48673df4235a177c5813d2c85daa79cb3dc0bf4292e4e1dcda5c880b7

SHA512
4c19fa210ca354dd3443faea8b35cbb16d027cf8f809548c02091a0d4d0d2d64c2077c70e4ee335956e4aa72c5909a628386008ca1838f035c81a0d7d362422a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
00eafad3569499d2c172beae086f4bef

SHA1
e6e862caa7a6dc941c6dec6cecc0505d2cae550d

SHA256
226f3b301fc6c56e0fb30aa20a7d7d1c46c6842a8b55f2eb8e4b9295fe791466

SHA512
e751e94b93304cbac80b5e66bb62ff893f1d5e6940e981726e46b73b4bf424e097008b88294c7df8d2908fa3de55048002d925db61b73bd98d1f39f0d0b00736

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
78eea111728cf77354a9bdd264b85a29

SHA1
781f68773d4b78cf6f500c17deadd6e1ef394e05

SHA256
4e6ea20e5ef0bc1dd770cec3e32d43f21fc748534031674cba1bbf9e0e9e1509

SHA512
fc2d772c0be6c2fc466f3101828767611cb4d83e2a0950f52675ccf46b2c4167f653ad5c4507122ee8462aec18ad510597a9eb63ed2f0c16b6d889f3b33a2be0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
701B

MD5
500f41b79d5962667ed35a61a8ef7994

SHA1
bc9f338a01fd46b74201e6addf7c931b76aef5bf

SHA256
7cc272d8aa614e4410de716190d733ff72c0daa42e1ac2dfbfb79be6968fa13b

SHA512
bf93c9c5d4b41366dfa43286707a1de3c59d10a68588596da43237a944e536d7eaa1f2f2450e96d88be970fed97734b950528abe69232f3f4fb353b8f71cb057

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
758B

MD5
51a3c21d2d848192c24eafa057b9beb6

SHA1
303757868cbfd3272fd0c4c22f8fc6ccc5147d8b

SHA256
79124f1e425abd9612fe29046b4a53fbf2e4995128e14b8199528cda328a6725

SHA512
7e2bd1c45e81265bfc36641c3fab130b86701e49a8cc3a2168a38bc90fe27e31667e612eb52809ddb40ade8a579361c795056c7520ecdce641de7dc120737858

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
9db08788549234e0f64721eba6c41f44

SHA1
93066d5d17cbebd70c55559b1fb329335fc582da

SHA256
0a8befc8c7dd0ecb9a62e7aae40cb178e3c4093faf505cf2628cc0799efb5f91

SHA512
9a651abd4af941407e70d19db4b41b954bf8edfa835dfb18aacaa0f793e8366ecc91dda6ec6e861621873ba97b2e16ea49ba488104d23e975605c6ee7cdc0962

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
d6105cf54d8f9e764934f46ff83fcfec

SHA1
e95c7941e9401d417c540b6cf2cb64cc51c4c3a6

SHA256
a17d12b72803d79c1cba9759e6e1dec5272845074ec181b4c6d8320c34453801

SHA512
361f9c81970774e6ff90286f12ae8bfd912b4c4bc30315c8016ade03d5f6a7913a1b3a07ab9d349383e9893661be454e1c88a1aa6c5b650d55498b4e35799fe5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
e3d63255ab3fa683caed0f4d8e757360

SHA1
bd6f9806fa91093cdafda8e8a4d96c66af2413c7

SHA256
376c7fa65e76a7a07f4a738cabeceee15b1c0fdde8a55d0b6d365b60f0edccf4

SHA512
de01a243de9908805f8917179453cc5250c37cc4c1cd0e711db907aed27f88959bd9169a886769795b99ee76aaf1b16f3bd1443e953482f6b4e83e6a661b274e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
bfad9f83e70b27f5ca9ca1e392a196ac

SHA1
d13fd6cdf078f0f24a877ce6d66409722b64c010

SHA256
a5d0e5cc685fa6a9789a791144970cfe01974f86a70c99974cd1d040e70f3839

SHA512
b5abf4612ff938bf216cf62200bb5c09bdf91d0344d88a9bdcafac9c76cc5fb91fffdb9b57dc5383f5f0dd1390c5f6f93829242b910460915c1cf1541495c242

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
01aece27f639dc8c3e9c5c659dac49a8

SHA1
b4674f5dfdc5b3857e410aa80575225b63977911

SHA256
4b2d8faa938543cf167f281b0064f9798adc2693acb2f248225cd33d215f820b

SHA512
004ec21e8a372f207423742aa8665caf965b1fecdad05038dbf710c6946401d6551e8f73018d17fa187ad15a74907265253770ea7d786e57d8182f0f06b21024

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
a174efe17b49a6bf551873bfcb3f431a

SHA1
31a4807e43cebbded0ee2628f7e2cd58307ed493

SHA256
f6b1498548c7c48cfeadc8ba2569e05083426100d56016a421c7190d8499f0f2

SHA512
4338b561e6277baa504c8944cf78e51a1704bcf7f6cf1093392da57ecdfe9881e4c9e89c19863e5d8109dc07e63b8106a278de5649f2bab12e18351b14ead93c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
fd719d624d3180f41eb261d6233b0940

SHA1
2b38fc78f670934441a68e4e7833e8250d1c7aee

SHA256
fe7c6022035169a46421a96a86022388e9280a9607e0deb8d2a7a35f862af5be

SHA512
fa341a66613a56f29a45908d6272bbcef7a177d1c547ffab0430079cc8de829dac7712f55ea3c5f34aa805aa770a1d7cd213a5bcf0f603965dfb2c632c994b12

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
0e99f8f84d6d680ac2265929e034941f

SHA1
eca5dc647f342b158fef7e0e2275577b44c850ad

SHA256
9a4662fbe716afb2353799a3ab2eac5ce37287fcee8475f4429befa053e1eb3e

SHA512
5798b5d5176bcc267ebe332d25b5dfe512ede84b0db4fb1e5dde6f83137e9aeaa75263db544d05ff8a8205779da5ff1da0fdedd58bdbf3d55069b5d2ee6e5fe5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
4e9c09e45cef8726fb27f88ebdc76f38

SHA1
f64e317a627df6418808cc76e7acbc9b403674b8

SHA256
e557f06f749cc7a2736907970abe4c3d6359a857b0d2aa46c72b2c792bce8fe9

SHA512
e27379abec5314b0d15cf01a0a9bea97e796778a637a1cb52a79229eb81c6d1dc65c4d19df84ae3045dc0b26ab47b39b50969834f6b4d8c38c2efd1e974def38

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
634d614563fd6cadf816afc5c39af01f

SHA1
195018c686548a6d3b472e260b2a6ef1e5e2d341

SHA256
4f1367b6fd19e4d0374a0d9d67ee7e2c0bc2955b11174f8ec3721f4e77da5390

SHA512
2eae56e877a3e6eb9d3056c3b71d15531249c225e607a86e999b3fd6f03838a2fbfafcd60ee1844d551c498553560d324243af75584931c007d7282ac4f428bc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
e556b46c98e38ce4198f6005f3e1a09c

SHA1
d2bf15224cc75631ad9775f6e8baf808cef45825

SHA256
3aa3d1dc96a028249bfbf2cdcdc39d314ed5379576e015327f33d30226ff267d

SHA512
43c6b1359e4ad7384748c1108d76c3d62baf66cc12b189cf3a4084e764331ec784194816489ccee55db9024b9cdcfa0052b9f05272338ad6d86ea660928f9bf2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
a7d385a3dc88e4355b9c6e316d4856c6

SHA1
be273d37487fb1563f0b6b0956dd1fcecda86301

SHA256
0400847b60b364ecc2a9c10f93e8134c17226464d322fc7b4f613b372fa3f95b

SHA512
0de389e02468ff61dd995f906df7848c5308c827e3f7825ae3decf82849fbf65001bbade65a1e97c7ed578668be18791da8369d9b3a0b57b95f2e4fe9a607b5a

Download Submit
memory/1500-9-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1500-242-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1500-2-0x0000000001234000-0x000000000246A000-memory.dmp

Filesize
18.2MB

Download
memory/1500-263-0x0000000001234000-0x000000000246A000-memory.dmp

Filesize
18.2MB

Download
memory/1500-0-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1672-282-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1672-915-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1672-278-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1672-907-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1672-334-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1672-885-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1672-877-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1672-258-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1684-276-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1684-874-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1684-24-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1684-261-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1684-243-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/1684-905-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/2276-10-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/2276-244-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/2276-871-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/2276-277-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/2276-910-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/2276-914-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download
memory/2276-421-0x0000000001230000-0x0000000002979000-memory.dmp

Filesize
23.3MB

Download