analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Anno 1800.exe

Full analysis: https://app.any.run/tasks/b3238b78-d84d-486c-9a73-d30b1b53e816
Verdict: Malicious activity
Analysis date: June 16, 2019, 20:34:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

41BB95EB9CA47F71C495CF082B73DCF3

SHA1:

CB5F18572B700EDD03B8C0B4E6BF9B06EF0C53C4

SHA256:

D93A7CC722A474C658DA2109EEE74EC787DDEF6DEAD0E96EA9D609023F7E9256

SSDEEP:

49152:jGfegs16OYyAdU+mscehwZyl+F8jQnAOobfaotN6CPgEqz3OWL+it:ONs16O77sceheyl+K0nAxfacIEqqWiG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Steam.exe (PID: 1040)
      • steamwebhelper.exe (PID: 2968)
      • steamwebhelper.exe (PID: 4020)
      • steamwebhelper.exe (PID: 2464)
      • steamwebhelper.exe (PID: 3828)
      • Steam.exe (PID: 3056)
      • Steam.exe (PID: 3920)
      • steamwebhelper.exe (PID: 772)
      • SteamService.exe (PID: 304)
      • steamwebhelper.exe (PID: 3292)
      • SteamService.exe (PID: 3100)
      • steamwebhelper.exe (PID: 2732)
      • steamerrorreporter.exe (PID: 3252)

    • Loads dropped or rewritten executable

      • steamwebhelper.exe (PID: 3828)
      • Steam.exe (PID: 3056)
      • steamwebhelper.exe (PID: 2968)
      • steamwebhelper.exe (PID: 2464)
      • steamwebhelper.exe (PID: 4020)
      • Steam.exe (PID: 3920)
      • steamwebhelper.exe (PID: 772)
      • steamwebhelper.exe (PID: 2732)
      • steamwebhelper.exe (PID: 3292)
      • steamerrorreporter.exe (PID: 3252)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Anno 1800.exe (PID: 3364)
      • SteamService.exe (PID: 304)
      • Steam.exe (PID: 1040)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 3444)
      • cmd.exe (PID: 3568)

    • Starts CMD.EXE for commands execution

      • Anno 1800.exe (PID: 3364)

    • Uses REG.EXE to modify Windows registry

      • cmd.exe (PID: 3444)
      • cmd.exe (PID: 3568)

    • Application launched itself

      • steamwebhelper.exe (PID: 4020)
      • steamwebhelper.exe (PID: 772)

    • Modifies the open verb of a shell class

      • SteamService.exe (PID: 304)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • Steam.exe (PID: 1040)

    • Manual execution by user

      • cmd.exe (PID: 3568)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion: -
OSVersion: 5.1
EntryPoint: 0x1234b
UninitializedDataSize: -
InitializedDataSize: 169472
CodeSize: 144896
LinkerVersion: 14
PEType: PE32
TimeStamp: 2018:09:30 20:01:51+02:00
MachineType: Intel 386 or later, and compatibles

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 30-Sep-2018 18:01:51
Detected languages:
  • Process Default Language
Debug artifacts:
  • D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000118

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 6
Time date stamp: 30-Sep-2018 18:01:51
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x00023453
0x00023600
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.66306
.rdata
0x00025000
0x00009060
0x00009200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
5.10662
.data
0x0002F000
0x000319C0
0x00000C00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.70928
.gfids
0x00061000
0x000000F4
0x00000200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
2.1444
.rsrc
0x00062000
0x0001D000
0x0001D000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
7.03555
.reloc
0x0007F000
0x00002510
0x00002600
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
6.68826

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.25329
1875
Latin 1 / Western European
UNKNOWN
RT_MANIFEST
2
5.23919
4264
Latin 1 / Western European
Process Default Language
RT_ICON
3
5.61926
1128
Latin 1 / Western European
Process Default Language
RT_ICON
7
3.66634
508
Latin 1 / Western European
UNKNOWN
RT_STRING
8
3.71728
582
Latin 1 / Western European
UNKNOWN
RT_STRING
9
3.74776
476
Latin 1 / Western European
UNKNOWN
RT_STRING
10
3.55807
220
Latin 1 / Western European
UNKNOWN
RT_STRING
11
3.90128
1128
Latin 1 / Western European
UNKNOWN
RT_STRING
12
3.68258
356
Latin 1 / Western European
UNKNOWN
RT_STRING
13
3.54875
228
Latin 1 / Western European
UNKNOWN
RT_STRING

Imports

KERNEL32.dll
USER32.dll (delay-loaded)
gdiplus.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
60
Monitored processes
20
Malicious processes
8
Suspicious processes
5

Behavior graph

Click at the process to see the details
start drop and start anno 1800.exe cmd.exe no specs taskkill.exe no specs reg.exe no specs steam.exe steam.exe steamwebhelper.exe steamwebhelper.exe no specs steamwebhelper.exe no specs steamwebhelper.exe cmd.exe no specs taskkill.exe no specs reg.exe no specs steam.exe steamwebhelper.exe steamwebhelper.exe no specs steamwebhelper.exe no specs steamservice.exe no specs steamservice.exe steamerrorreporter.exe

Process information

PID
CMD
Path
Indicators
Parent process
3364"C:\Users\admin\AppData\Local\Temp\Anno 1800.exe" C:\Users\admin\AppData\Local\Temp\Anno 1800.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
3444cmd /c ""C:\Users\admin\AppData\Local\Temp\Denuvo\Steam.exe.bat" "C:\Windows\system32\cmd.exeAnno 1800.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2100taskkill /im Steam.exe /f C:\Windows\system32\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2580reg add HKEY_CURRENT_USER\Software\Valve\Steam /t reg_sz /v autologinuser /d doomednow /fC:\Windows\system32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1040Steam.exe C:\Users\admin\AppData\Local\Temp\Denuvo\Steam.exe
cmd.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
MEDIUM
Description:
Steam Client Bootstrapper
Exit code:
42
Version:
05.05.99.96
3056C:\Users\admin\AppData\Local\Temp\Denuvo\Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\Steam.exe
Steam.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
MEDIUM
Description:
Steam Client Bootstrapper
Exit code:
1
Version:
05.17.04.05
4020C:\Users\admin\AppData\Local\Temp\Denuvo\bin\cef\cef.win7\steamwebhelper.exe "-lang=en_US" "-cachedir=C:\Users\admin\AppData\Local\Steam\htmlcache" "-steampid=3056" "-buildid=1560549607" "-steamid=0" "-steamuniverse=Dev" "-clientui=C:\Users\admin\AppData\Local\Temp\Denuvo\clientui" --disable-out-of-process-pac --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents --enable-media-stream --enable-smooth-scrolling --num-raster-threads=4 --enable-direct-write --disablehighdpi --force-device-scale-factor=1 --device-scale-factor=1 "--log-file=C:\Users\admin\AppData\Local\Temp\Denuvo\logs\cef_log.txt"C:\Users\admin\AppData\Local\Temp\Denuvo\bin\cef\cef.win7\steamwebhelper.exe
Steam.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
MEDIUM
Description:
Steam Client WebHelper
Exit code:
0
Version:
05.17.04.05
2968C:\Users\admin\AppData\Local\Temp\Denuvo\bin\cef\cef.win7\steamwebhelper.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\Temp\Denuvo\dumps "--metrics-dir=C:\Users\admin\AppData\Local\CEF\User Data" --url=http://crash.steampowered.com/submit --annotation=platform=win32 --annotation=product=cefwebhelper --annotation=version=1560549607 --initial-client-data=0x154,0x158,0x15c,0x150,0x160,0x69828b40,0x69828b50,0x69828b5cC:\Users\admin\AppData\Local\Temp\Denuvo\bin\cef\cef.win7\steamwebhelper.exesteamwebhelper.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
MEDIUM
Description:
Steam Client WebHelper
Exit code:
0
Version:
05.17.04.05
3828"C:\Users\admin\AppData\Local\Temp\Denuvo\bin\cef\cef.win7\steamwebhelper.exe" --type=gpu-process --field-trial-handle=924,5013803375458585146,9145553075864151954,131072 --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --log-file="C:\Users\admin\AppData\Local\Temp\Denuvo\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --force-device-scale-factor=1 --disablehighdpi --buildid=1560549607 --steamid=0 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=17763836949860362137 --mojo-platform-channel-handle=996 --ignored=" --type=renderer " /prefetch:2C:\Users\admin\AppData\Local\Temp\Denuvo\bin\cef\cef.win7\steamwebhelper.exesteamwebhelper.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
LOW
Description:
Steam Client WebHelper
Exit code:
0
Version:
05.17.04.05
2464"C:\Users\admin\AppData\Local\Temp\Denuvo\bin\cef\cef.win7\steamwebhelper.exe" --type=gpu-process --field-trial-handle=924,5013803375458585146,9145553075864151954,131072 --disable-features=AsyncWheelEvents,TouchpadAndWheelScrollLatching --disable-gpu-sandbox --use-gl=disabled --log-file="C:\Users\admin\AppData\Local\Temp\Denuvo\logs\cef_log.txt" --product-version="Valve Steam Client" --lang=en-US --force-device-scale-factor=1 --disablehighdpi --buildid=1560549607 --steamid=0 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7777258933045713963 --mojo-platform-channel-handle=1424 /prefetch:2C:\Users\admin\AppData\Local\Temp\Denuvo\bin\cef\cef.win7\steamwebhelper.exe
steamwebhelper.exe
User:
admin
Company:
Valve Corporation
Integrity Level:
MEDIUM
Description:
Steam Client WebHelper
Exit code:
0
Version:
05.17.04.05
Total events
888
Read events
822
Write events
66
Delete events
0

Modification events

(PID) Process:(3364) Anno 1800.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3364) Anno 1800.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:Key:HKEY_CURRENT_USER\Software\Valve\Steam
Operation:writeName:autologinuser
Value:
doomednow
(PID) Process:(1040) Steam.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam
Operation:writeName:SteamPID
Value:
1040
(PID) Process:(1040) Steam.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam
Operation:writeName:TempAppCmdLine
Value:
(PID) Process:(1040) Steam.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam
Operation:writeName:SteamPID
Value:
0
(PID) Process:(3056) Steam.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam
Operation:writeName:SteamPID
Value:
3056
(PID) Process:(3056) Steam.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam
Operation:writeName:TempAppCmdLine
Value:
(PID) Process:(3056) Steam.exeKey:HKEY_CURRENT_USER\Software\Valve\Steam\ActiveProcess
Operation:writeName:pid
Value:
3056
(PID) Process:(3056) Steam.exeKey:HKEY_CURRENT_USER\Software\Valve\Steam\ActiveProcess
Operation:writeName:SteamClientDll
Value:
C:\Users\admin\AppData\Local\Temp\Denuvo\steamclient.dll
Executable files
261
Suspicious files
56
Text files
5 658
Unknown types
223

Dropped files

PID
Process
Filename
Type
1040Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\package\tenfoot_fonts_all.zip.vz.7673e4cd32b6752bc621d8bc1a7118a9af19b64a_12077027
MD5:
SHA256:
1040Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\package\tenfoot_dicts_all.zip.33245b7d523f68418283e93b0572508fa127ee8f
MD5:
SHA256:
1040Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\package\tenfoot_misc_all.zip.1ca83d76835b4613170f5cead778b176b11f2b0c
MD5:
SHA256:
1040Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\package\tenfoot_ambientsounds_all.zip.89b80bcfdd11b2b99257ddbbdc374e2df54e2738
MD5:
SHA256:
1040Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\package\friendsui_all.zip.vz.5cedcf2fb51c708349e106851cd363848a8b29b8_15594965
MD5:
SHA256:
1040Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\package\tenfoot_images_all.zip.vz.e3fe5d6f7d21ec909bda07de60c9950c54d14402_31320945
MD5:
SHA256:
1040Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\package\bins_misc_win32.zip.vz.936662f971d27d61b06e738838e20d75d693afe6_11919640
MD5:
SHA256:
1040Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\package\bins_win32.zip.vz.cde63d53871a46aa1d71c14f7739f4f041c2ce12_17363262
MD5:
SHA256:
1040Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\package\resources_all.zip.vz.96169894093c2f53e32ea35b55d745a31d49c47a_55267206
MD5:
SHA256:
1040Steam.exeC:\Users\admin\AppData\Local\Temp\Denuvo\package\bins_cef_win32_win7.zip.vz.dc007b2fc4087842089401ceddd64da58026a70a_49858568
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
7
DNS requests
5
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1040
Steam.exe
GET
302
155.133.250.107:80
http://client-download.steampowered.com/client/steam_client_win32
PE
whitelisted
1040
Steam.exe
GET
200
2.16.186.112:80
http://media4.steampowered.com/client/tenfoot_sounds_all.zip.vz.ffef2b2fc386819a842ea79484b966a937c2ca7e_1209792
unknown
binary
1.15 Mb
whitelisted
1040
Steam.exe
GET
200
2.16.186.112:80
http://media4.steampowered.com/client/resources_hidpi_all.zip.vz.66e6d0c4758df08e7a52aeca5d75f7cf2d243268_56612
unknown
binary
55.2 Kb
whitelisted
1040
Steam.exe
GET
200
2.16.186.112:80
http://media4.steampowered.com/client/tenfoot_ambientsounds_all.zip.89b80bcfdd11b2b99257ddbbdc374e2df54e2738
unknown
ini
7.60 Mb
whitelisted
1040
Steam.exe
GET
200
2.16.186.112:80
http://media4.steampowered.com/client/tenfoot_images_all.zip.vz.e3fe5d6f7d21ec909bda07de60c9950c54d14402_31320945
unknown
binary
29.8 Mb
whitelisted
1040
Steam.exe
GET
200
2.16.186.112:80
http://media4.steampowered.com/client/strings_en_all.zip.vz.c1957c06098d05d749d6efe6f17140d9dac95d1d_89703
unknown
binary
87.6 Kb
whitelisted
1040
Steam.exe
GET
200
2.16.186.112:80
http://media4.steampowered.com/client/resources_misc_all.zip.vz.4a1fa88d21b005b67a41a9a0fc6044ae1fa46791_2225211
unknown
binary
2.12 Mb
whitelisted
1040
Steam.exe
GET
200
2.16.186.112:80
http://media4.steampowered.com/client/friendsui_all.zip.vz.5cedcf2fb51c708349e106851cd363848a8b29b8_15594965
unknown
binary
14.8 Mb
whitelisted
1040
Steam.exe
GET
200
2.16.186.112:80
http://media4.steampowered.com/client/resources_music_all.zip.vz.7a62e15083d4a65668f0d1fa58ad8c1b99fb5ace_3708050
unknown
binary
3.54 Mb
whitelisted
1040
Steam.exe
GET
200
2.16.186.112:80
http://media4.steampowered.com/client/bins_misc_win32.zip.vz.936662f971d27d61b06e738838e20d75d693afe6_11919640
unknown
binary
11.3 Mb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3252
steamerrorreporter.exe
208.64.203.173:80
crash.steampowered.com
Valve Corporation
US
unknown
1040
Steam.exe
155.133.250.107:80
client-download.steampowered.com
PE
suspicious
3920
Steam.exe
155.133.250.75:80
client-download.steampowered.com
PE
suspicious
1040
Steam.exe
2.16.186.112:80
media4.steampowered.com
Akamai International B.V.
whitelisted
3920
Steam.exe
2.16.186.43:80
media4.steampowered.com
Akamai International B.V.
whitelisted

DNS requests

Domain
IP
Reputation
client-download.steampowered.com
  • 155.133.250.107
  • 155.133.250.108
  • 155.133.250.76
  • 155.133.250.75
whitelisted
media4.steampowered.com
  • 2.16.186.112
  • 2.16.186.114
  • 2.16.186.56
  • 2.16.186.98
  • 2.16.186.48
  • 2.16.186.57
  • 2.16.186.107
  • 2.16.186.96
  • 2.16.186.83
  • 2.16.186.43
  • 2.16.186.49
  • 2.16.186.51
  • 2.16.186.59
  • 2.16.186.73
whitelisted
crash.steampowered.com
  • 208.64.203.173
  • 208.64.203.140
unknown

Threats

No threats detected
Process
Message
Steam.exe
Steam.exe
Steam.exe
C:\Users\admin\AppData\Local\Temp\Denuvo\steamerrorreporter.exe
Steam.exe
Steam.exe
C:\Users\admin\AppData\Local\Temp\Denuvo\steamerrorreporter.exe
Steam.exe
steamwebhelper.exe
[0616/213720.875:INFO:crash_reporting.cc(242)] Crash reporting enabled for process: browser
steamwebhelper.exe
[0616/213720.969:ERROR:widevine_loader.cc(383)] Widevine CDM registration failed; Manifest has no supported x-cdm-interface-versions in '8'
steamwebhelper.exe
[0616/213736.125:INFO:crash_reporting.cc(242)] Crash reporting enabled for process: gpu-process
Steam.exe
C:\Users\admin\AppData\Local\Temp\Denuvo\crashhandler.dll
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Anno 1800.exe