fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca

Analysis

max time kernel
87s
max time network
219s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
04-01-2025 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.3MB
MD5

0a269c555e15783351e02629502bf141
SHA1

8fefa361e9b5bce4af0090093f51bcd02892b25d
SHA256

fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca
SHA512

b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a
SSDEEP

98304:Uc9HTcGO0ImBimas54Ub5ixTStxZi/l9K0+zLVasSe4JnzMpm+Gq:UcpYGO0IOqs57bUwxG9CVaskJIYE

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
36	discord.com
34	discord.com
35	discord.com

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
2860	AnyDesk.exe
3004	AnyDesk.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1844	chrome.exe
1844	chrome.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe
Token: SeShutdownPrivilege	1844	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
2860	AnyDesk.exe
2860	AnyDesk.exe

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
2860	AnyDesk.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
1844	chrome.exe
2860	AnyDesk.exe
2860	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 3004	2628	AnyDesk.exe	30
PID 2628 wrote to memory of 3004	2628	AnyDesk.exe	30
PID 2628 wrote to memory of 3004	2628	AnyDesk.exe	30
PID 2628 wrote to memory of 3004	2628	AnyDesk.exe	30
PID 2628 wrote to memory of 2860	2628	AnyDesk.exe	31
PID 2628 wrote to memory of 2860	2628	AnyDesk.exe	31
PID 2628 wrote to memory of 2860	2628	AnyDesk.exe	31
PID 2628 wrote to memory of 2860	2628	AnyDesk.exe	31
PID 1844 wrote to memory of 1908	1844	chrome.exe	35
PID 1844 wrote to memory of 1908	1844	chrome.exe	35
PID 1844 wrote to memory of 1908	1844	chrome.exe	35
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 536	1844	chrome.exe	36
PID 1844 wrote to memory of 3012	1844	chrome.exe	37
PID 1844 wrote to memory of 3012	1844	chrome.exe	37
PID 1844 wrote to memory of 3012	1844	chrome.exe	37
PID 1844 wrote to memory of 2168	1844	chrome.exe	38
PID 1844 wrote to memory of 2168	1844	chrome.exe	38
PID 1844 wrote to memory of 2168	1844	chrome.exe	38
PID 1844 wrote to memory of 2168	1844	chrome.exe	38
PID 1844 wrote to memory of 2168	1844	chrome.exe	38
PID 1844 wrote to memory of 2168	1844	chrome.exe	38
PID 1844 wrote to memory of 2168	1844	chrome.exe	38
PID 1844 wrote to memory of 2168	1844	chrome.exe	38
PID 1844 wrote to memory of 2168	1844	chrome.exe	38
PID 1844 wrote to memory of 2168	1844	chrome.exe	38
PID 1844 wrote to memory of 2168	1844	chrome.exe	38

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3004
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Checks computer location settings
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6a49758,0x7fef6a49768,0x7fef6a49778
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:2
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1444 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1280 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1800 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:2
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1112 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3668 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2540 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2344 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2984 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3856 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2640 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3776 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:8
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=656 --field-trial-handle=1316,i,17330354275847392508,5795951065266438826,131072 /prefetch:8
  2⤵
  PID:1884

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x570
1⤵
PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08f3fe42359ffeaeb1a8913b717a9904

SHA1
7f944489638990abcef1feb8f8ac80e083747ec6

SHA256
b584cffabb89f39a34ac932ee1d29618ea306172ab3e693e7e25bf3e49503951

SHA512
9802154b5b1da1f5e5848cc74000f9f45e490158909fe847cdff9e288492e8c5a797fe350753ff3255dd4042e79cf022bdf043af14489d8d6de47ad5737cac4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
61738200170352d5564766018b9bfc8f

SHA1
d82a433bda16b06a6109e6deb0e94bbd0e3b532c

SHA256
f0d5d701fc25f84bd6eb2ac83f80c8ece9589f7a990addc05e157217da96b415

SHA512
9acace2813dd6a5478483df810cb35a33b4e2389c8dfc1d9d81bcf734b865c15b347e32eb6624e73b497f749d7aef157c5603a12a0e6d4368b38e26697b1097d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
252a0d0411cf5509465894050c0b71b6

SHA1
1d7f287d319b3367a5449796aaef5e86a43fb9f3

SHA256
6cd25fae742a223b41d94bdc777bcb332e97d49c5ab3a91faad2ff3e2e0257a8

SHA512
5e7aedce8c3ddd85e3320e352ef54189ae7061eb2f3ce5d9545df321952d29184b57f5a124d77d73c9a3a68276af098708128567c75176f5ef62551cd7ae5a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f217e099227ea442dcf49f6dc5390152

SHA1
7baefa28c2fe9aaaaded8ef5007c0d8dc81dcbc6

SHA256
9af1610318ceb7a66c907a70d11179d4479e0f78d82b202fa36324ff758c77e3

SHA512
e070a4c06b6d4ba8b98f3e06c3e455ece4dd3c1eee0ba8aa79586ab0280cc544d3b805d08c9cbc05e0443f8cb67ae1d2372292bb664ced84b317903861564b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf4908089a463e7bfad096bed7b39e86

SHA1
99f3f758798ee41f6f9ea51f788c74b63c10b035

SHA256
66b8ba93dd32fc36902bdcbedf2fc90ae662c5665e4c4350e63076ae71e4fc73

SHA512
821ff7641565fc837e02010141be306fee0cdf5d0b8fb36ad1308c768f8018a2cb1751bef77fff935d268a506a74cfd3d8e3624f47bc70a2a3f41128edefd6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
59dba8e12815b2edcb202c97578f2a3e

SHA1
8da1429875b82ab3b5a43412ce4d074de58db82d

SHA256
8b02ced5c49592fc2d24b91a78056295ed7769c08fa68e95f3d6ab536cb358be

SHA512
70a538009c7abcfa6419bf5ad7c947d1af87d40d9103a9ca4ae364deed1717fc3242278350eef1c5947ad11aeeb6b74cf977a22d9a2323651f912c96bc96f0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a35be2af381c5e4aeb3377aa64863c64

SHA1
fd2df72660effeca11498f09811c7f5060c56771

SHA256
74d82122c6666889ea2fc9fba33423d0346de07ced6d40b4251b4b776582203a

SHA512
2c91a38b5322c64199358990072112982398ff03858115207e9dc314664e615570018b2fcc8c6e9f0ac66f0fd125a852cd157509f6e6fac8c5ad3b6bf7175fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a4e4e9b90aba0836b967ec88461e8a48

SHA1
7f67ee4bf3ef66674cb0c0cf8bc32a2436b6cff1

SHA256
0779b4a550ec9982d2d28246a788740ea412ad34a180265e7a02a92d4783933c

SHA512
a1f84d1bbedb7242e4096a88f9501300c39f313aaf7060e82c47893230d171181b550c73dc08d5dd0b9039d3639bf0c50cda81ca89dd6d862359fdc61922912f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7824a6e0d7c97c4a0d0a37031bfa78b1

SHA1
102beae76069100857912d7400b843cd9399e71a

SHA256
771cdb6ab2701de90b9f460a1bc9ade2b4f3fdab7717615f77337179b2f3db70

SHA512
f6f4c997f1d7ff9c2425d989a10becc677cfe92c1f04f93b7ba5da486765e74503c4655fe10e6f419818594e7652299c64e4d65f04d875e6a53cca220684e872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab22CE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar23CB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
43686755da3453f607c690483cffb225

SHA1
0679666fbb0174396570cdf1eabcb20b824245cb

SHA256
f26781c7f659b051188fe0651fd416c27814fb615b1d4335e4365e81138f6300

SHA512
8424dd711b8e11aa7bf395f2b8fba10d185ee6f6ea27e1f75edb690f1c2c79f9c1b479785f223674205ef7f7d574443b9d7ba8ac7e1e9f04749d12bd63a3a7f9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
20d3081878aaf2660966678b69d02cb3

SHA1
6b2c5ce767b3e1225711a861b0e5671f14b2d761

SHA256
6964976d65c716ddb0416133806b3f9131c54112c21472ab0f48950a667967b5

SHA512
663dc2dc8be85a8b6b33a268ec79b4a76d950dcd6b6de520c713fd7b9838bb50c66c2e988635b8fe7e0204b8d711d5788f5a065273ab62889ddf8c54c7b471c8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
4ecf29bd554e852c1976633c1139372e

SHA1
5177b859e4809449125e91bad05649f86f88bfa7

SHA256
04537278027af3a5a6330853bce7b2f6b99714209dc9004f5a24b5c4b3382ccf

SHA512
c8ccf86fb0d4f4079712c9177741429fcbb60109697678c9e19af02e5f8d82c3c0b90e9b633a76c0fc5ece7912a37ecdb4b25ef0e26f66a560cc025904acca65

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
e85881446450e2d80278673647b438d4

SHA1
7a00b139ef7c4754675cedbc79307921a4f5c2da

SHA256
60a9eb82cac2a048a6bcfb0236aa1ab1d57356da5da4aa136a658c5f79621c9e

SHA512
99b2dd67085d03c0e4b9d31e53196a345557402023a5a8be77ac5a56b4038cce5936b50d859e1dd59b4affeae4df8e0a9771724445463a62c57c131e3bcaf002

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
378d12d828b581a8adce7bba927dda1f

SHA1
c27546ce5d9ccc2db4c05be0308614ccd52a1799

SHA256
b2da412cdff17fd644e3d8fbbeeab3606e4f2ef74596495704c4a6331b6b1814

SHA512
6601b9498aaf76e1f2ec7ec1fa83774a86a7ccaf13f7d03c16b44cf7fa10ebd82ff3a16713d4dc53a4d65f8db7611b05ca9236fd27c4cf5b4200defba2796870

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
832B

MD5
98eab8abad81365c4f83c2de33ab5af1

SHA1
4a36392c138eb3da6afd8c01770cb41be263e17a

SHA256
a5e69c95f68c4cfd21fdba5c2d1827b673e03f1b796284e4707e0d8a7bf9f575

SHA512
a150d82058e491d7511ffeaefc64dbc067ba366bf4e7c39d34cb8c2107a3d6e06de312ad8d15c3009d0a8dac11b9af292f52b53524e0da2c6c3f0a847a3b881f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
10c8462240bc4240fe4187686f528302

SHA1
f44188df311e9e6d970962a14d81c27a808aa307

SHA256
61cebc5fd8062714a8834df36f8f800c732e006dd2c290ccbbc6e6362197a57c

SHA512
7d9da9e2f7dc3f4b1d3e6d5ec4f68f8b76a9c6c7452bf6934806bf5e60dfdb26b03df61f16cc2e60e425b0ca62c73a917972e765480b84684bf9fd44c3b6b45d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f07ab56bf43305bfc7df134b25d785ab

SHA1
fa653e55f65cf4f95d0fbd210ef4412679dee5ce

SHA256
0629a2c0c612af103ba8199aa6e39910762a9d9db3aee7b2915a14c56cb1075d

SHA512
173159d30d07ba62dd43c99041b66355247f5f4899909e2c4e1ceb397cd3e3d3a3a75a4e4a35102a8ce6d8dbdc753d19a422e08f49b4ea04df1c8fe274131b3c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
8eed12262a29b4d9a7b54d30cdce2378

SHA1
0ed3dd235b8343b6039c150477f703469a5ba766

SHA256
addfd95ed7a7ce7192b43b108e273e64f584edd7da391c49ef82805ebfde92c1

SHA512
abee13ddd2ffd0349686416b46bf9826c60e15b0ee5cce619dad97d75171af397a27f0f1815b6784269f3321c17d0ec918c660c5ab7f2deb6ec687ffe918ae0a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
d8802f5b9de07920d8a7e036e818e487

SHA1
3acefd6da55e2a3d47101448b298ee60e43ef159

SHA256
3d1f3c07597fcdd5d5d1c1b0f1c6e6874f0bbc1e0f9ebcd920e830efcb40bc63

SHA512
aa83dfafedf7d7f2f9c0eb51b58a1901bc9605474d4f5176683a4266f69b9e56119b95595bb847ae3cbb3760679988058682a50aa0d47b7227b12e08b1f637c9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
303bed659dbbd3bf7aad2932234a947e

SHA1
ae6677f80f1cbc3635627f5cefe4c7e90e929ac3

SHA256
2a08c577ae1d8a7de8f2f30132b1db5f6e973381211377715052d36c78baf964

SHA512
dbde86bedb2415c30161601014bc97d4c2f556128a6492ea052784a1789e99fc426ee19db3d4946c5f40599e3009839e90a42d23c429c65a71460075c0515209

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
4cde05fb78c2d191113e7c09330213e6

SHA1
59524f3a622fdef1b4b40fe05d956e20fee737cf

SHA256
251ccb4272dad640ade4cbe90c56f2dc6a6437ee6ee5f26b13b021c1a9092b64

SHA512
3cc9d2043525f959b332ac4241228848957958e850c05fc95226a7107bc969691411d053a8f3ea4fbed7fe438dd4a2c6c1ddea4ec75af61edb3807c1e2d5c05b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
111475a60c4981b089679c425faed5a2

SHA1
5dd1b330b18d39401516b5fd1bbbfe79e8d7a51d

SHA256
246f8181fdd75dd8a8a39990993abae3ea403d6070145dbc6237a20042d79e7f

SHA512
66010c19b57fc868b4a5a33f99a6ce165ffe465b46b49f0d831515073b69f931cfc949e06287026ffe9ff5205cd44aab66f7ad33a30aab4f22e58fc307095960

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
b253318ed36da835af3c1a784d40b304

SHA1
ece2fe056b5a0f45b8c352443a081b0904f3a64a

SHA256
cdec3212f2b192f87294cd967dc299893c30758d97c676c6a669ce117d020559

SHA512
2d3ea86a3aef41ce6335c02c2e3b2748d449e4e2dd08faf1c5b04dcf8084c29aebda53293592c9a7b415b6fd3519f63d71713e06ddcb258aa4678addf9332794

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
ea79215a49b1acc8952b1f8da783f8c1

SHA1
75153e472d3edd49ddf56ae1c9ac805af54d2c27

SHA256
e73c4b309f1e44265b8d765556eaf5e1433f732d5fb10269df46c5e655300e9f

SHA512
7e270ce619ea7eaf282841bbb58ded796dfd75d880e191963e7a9102effb511001fe7fd9d15c8d883d8a1548ab6c5e5547640a74c7acb829920160e74b220b2b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
0363bd307fe1a40a4d87ff7d476b0ec6

SHA1
28829db9147006893541c0c7618aa9f90b77daaa

SHA256
45cd25a7a81b47e307a61f55377b4cc3d1545d7f35d3159646158fd69e1eb49d

SHA512
ce3568e09cc1aa5e30be02c87e15148fe506466356636ed157d4d1e6d75e7990a7f1a00898094d3cba5fb462afd03dc711d9542d6bf82ec6d07fe664b075f6ad

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
b31a9132b38feb5848aec7c72fefcd73

SHA1
1df3d8c214a1c2797a5b08f802e66a79f5dcbc21

SHA256
654d9b3639449df0bcc3a53f75dff56bfec4d80105c9b9ec85c4590671b67424

SHA512
cc9a2521e3159628ce3033d797afab0e97209cc09fe617125d96ece4988b9f41b27bcae54a5f1e9c2da694b671db07a4ea1d6e5f716c7e91ad55f49755b142fd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8a65cff0f99e04bffc13601a1194dae1

SHA1
64d21f0a9fd842e5e4c4eadf140a848977211444

SHA256
2cd1cef7c9842b1538332ce5af39dd235cf7b072e77e879b87631a8567f5b96a

SHA512
16950ad28217a1c6a91a4a16dff0187f34a3f574dc0bcf4be0345ca035a2d7babfe54cba80efb81e34e3ef5e91989e48b108b1453aee107d86f35ab28b271d15

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
e2c181d754ea6102b6c52f81bff5b748

SHA1
dd7c4f86f76143dbc5a9f9c8f197d7dafbbff286

SHA256
7fe295006d26c5bdbdb3c5acd11ad2159a2b7e597354a1db96713cd8b4395f47

SHA512
8dd36af8c2c0e5795cf4fc046219c556058275df4454bd32090fc5762262b34cdf5bdb5e26e22d868084713a84292b8148337af13dcf4e2bc84f474f4270aea3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
933a1820ef11738fbe1afcba745f89f1

SHA1
f06c99bd7968eb4c7eaaed27535e3d4469fec985

SHA256
735c2ca841653381712876bc3a3c3b7b54f40328e8f5d07d23aa0ea56297099d

SHA512
522c4f9ea609f8937deef72beb13f1f8116869bb76a802e1674554212413539aeff8aad39518eb8428c052e7c04e9c08fbc359dd362bd3640d607537acff5f0f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
2319ace9e4af51a85e153fa6d2c99366

SHA1
f76f9773a8a5c49b359e435d97b5a7802cba8831

SHA256
2988f2f15f75dc76ba3fa781fbe2c99482557f85db9cac73738d4e351a78666d

SHA512
ec91da4b74799dd06743380fc78c36f11ec59c3b6e636e532f3603c3b560fea9ef41bcafe13baf6b33318149f2b395e43d92e887fba135c62c0d8328cd6a32ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms~RFf778363.TMP

Filesize
3KB

MD5
fbcd07595bfa10bcb06320186141d19f

SHA1
5a40aba8d2ccf6426c8c8e5e2a6e169cf8ef6077

SHA256
8b6e16f9c5979272a6abaca16e2ab46d8c84e36b6405892757c861a6adfba33e

SHA512
e29c8a752153bd25c873ed6696089dd2c1e1228ca60812674a4bebc21fd9f8c4dbe9ccb9d467fada2590ad9671810f2565fa396de4264241d256145aac5b8a1e

Download Submit
memory/2628-305-0x0000000000F64000-0x0000000002066000-memory.dmp

Filesize
17.0MB

Download
memory/2628-304-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/2628-259-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/2628-0-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/2628-255-0x0000000000F64000-0x0000000002066000-memory.dmp

Filesize
17.0MB

Download
memory/2628-4-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/2628-2-0x0000000000F64000-0x0000000002066000-memory.dmp

Filesize
17.0MB

Download
memory/2860-258-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/2860-373-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/2860-10-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/3004-368-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/3004-355-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/3004-261-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/3004-257-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download
memory/3004-12-0x0000000000F60000-0x00000000025A2000-memory.dmp

Filesize
22.3MB

Download