rms | 99fd9e75e6241eff30e01c5b59df9e901fb24d12bee89c069cc6158f78b3cc98

Analysis

max time kernel
270s
max time network
273s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winserv.exe
Size

10.2MB
MD5

3f4f5a6cb95047fea6102bd7d2226aa9
SHA1

fc09dd898b6e7ff546e4a7517a715928fbafc297
SHA256

99fd9e75e6241eff30e01c5b59df9e901fb24d12bee89c069cc6158f78b3cc98
SHA512

de5c8155f426a4e55953ae85410c7d9ad84f5643c30865fc036d1270310e28754772bd0f3093444a16ef0c1fa3db6c56301746fb5e7f03ce692bfdad0c4fb688
SSDEEP

196608:iz+UZcWP4jBrfWgEgIV8Rzy7Vj4FZvEo:i6UZcWWeVj4FZ

Score

10^/10

rms discovery rat trojan

Malware Config

Signatures

RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
trojan rat rms
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	winserv.exe

Executes dropped EXE 10 IoCs

pid	Process
5868	AnyDesk.exe
6088	AnyDesk.exe
6128	AnyDesk.exe
1296	AnyDesk.exe
1164	AnyDesk.exe
6044	AnyDesk.exe
5620	AnyDesk.exe
5256	Advanced_IP_Scanner_2.5.4594.1.exe
5332	Advanced_IP_Scanner_2.5.4594.1.tmp
540	advanced_ip_scanner.exe

Loads dropped DLL 18 IoCs

pid	Process
5332	Advanced_IP_Scanner_2.5.4594.1.tmp
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\compmgmt.msc	mmc.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe
File opened for modification	C:\Program Files (x86)\AnyDesk\AnyDesk.exe	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295772592188992"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell	AnyDesk.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874385"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\",0"	AnyDesk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 0c0001008421de39050000000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command	AnyDesk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "3"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk	AnyDesk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon	AnyDesk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "3"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "4"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command\ = "\"C:\\Program Files (x86)\\AnyDesk\\AnyDesk.exe\" --play \"%1\""	AnyDesk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open	AnyDesk.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command	AnyDesk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
5924	explorer.exe
540	advanced_ip_scanner.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3144	winserv.exe
3144	winserv.exe
3144	winserv.exe
3144	winserv.exe
3144	winserv.exe
3144	winserv.exe
2396	winserv.exe
2396	winserv.exe
2396	winserv.exe
2396	winserv.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
6088	AnyDesk.exe
6088	AnyDesk.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2176	mmc.exe
3936	taskmgr.exe
540	advanced_ip_scanner.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3144	winserv.exe
Token: SeTakeOwnershipPrivilege	2396	winserv.exe
Token: SeTcbPrivilege	2396	winserv.exe
Token: SeTcbPrivilege	2396	winserv.exe
Token: SeDebugPrivilege	3936	taskmgr.exe
Token: SeSystemProfilePrivilege	3936	taskmgr.exe
Token: SeCreateGlobalPrivilege	3936	taskmgr.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: 33	5856	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5856	AUDIODG.EXE
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe
Token: SeCreatePagefilePrivilege	2020	chrome.exe
Token: SeShutdownPrivilege	2020	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
2020	chrome.exe
3936	taskmgr.exe
3936	taskmgr.exe
3936	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3144	winserv.exe
3144	winserv.exe
3144	winserv.exe
3144	winserv.exe
2396	winserv.exe
2396	winserv.exe
2396	winserv.exe
2396	winserv.exe
2176	mmc.exe
2176	mmc.exe
5924	explorer.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe
540	advanced_ip_scanner.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 4184	2020	chrome.exe	107
PID 2020 wrote to memory of 4184	2020	chrome.exe	107
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 3368	2020	chrome.exe	108
PID 2020 wrote to memory of 4004	2020	chrome.exe	109
PID 2020 wrote to memory of 4004	2020	chrome.exe	109
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110
PID 2020 wrote to memory of 4544	2020	chrome.exe	110

C:\Users\Admin\AppData\Local\Temp\winserv.exe
"C:\Users\Admin\AppData\Local\Temp\winserv.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3144
- C:\Users\Admin\AppData\Local\Temp\winserv.exe
  C:\Users\Admin\AppData\Local\Temp\winserv.exe -second
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2396

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff4a589758,0x7fff4a589768,0x7fff4a589778
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:2
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3264 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4700 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5592 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3392 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4520 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3292 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6148 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6332 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6472 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6264 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6236 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5228
- C:\Users\Admin\Downloads\AnyDesk.exe
  "C:\Users\Admin\Downloads\AnyDesk.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  PID:5868
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:6088
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
    3⤵
    - Executes dropped EXE
    PID:6128
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --install "C:\Program Files (x86)\AnyDesk" --start-with-win --create-taskbar-icon --install-driver:mirror --update-main --svc-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf" --sys-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5952 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6644 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4992 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2740 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5568 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4456 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4668 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4684 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6688 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6836 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6852 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2628 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7020 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6216 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3832 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7116 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7204 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6080 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4812 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=3316 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5828 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7048 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2844 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6784 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7268 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7440 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7476 --field-trial-handle=1832,i,7829331599170111635,3575072622913124034,131072 /prefetch:8
  2⤵
  PID:5704
- C:\Users\Admin\Downloads\Advanced_IP_Scanner_2.5.4594.1.exe
  "C:\Users\Admin\Downloads\Advanced_IP_Scanner_2.5.4594.1.exe"
  2⤵
  - Executes dropped EXE
  PID:5256
- - C:\Users\Admin\AppData\Local\Temp\is-7VJ40.tmp\Advanced_IP_Scanner_2.5.4594.1.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-7VJ40.tmp\Advanced_IP_Scanner_2.5.4594.1.tmp" /SL5="$120256,20439558,139776,C:\Users\Admin\Downloads\Advanced_IP_Scanner_2.5.4594.1.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Advanced IP Scanner 2\advanced_ip_scanner.exe
      "C:\Users\Admin\AppData\Local\Temp\Advanced IP Scanner 2\advanced_ip_scanner.exe" /portable "C:/Users/Admin/Downloads/" /lng en_us
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x368 0x36c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5856

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service
1⤵
- Executes dropped EXE
PID:1164

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --control
1⤵
- Executes dropped EXE
PID:6044

C:\Program Files (x86)\AnyDesk\AnyDesk.exe
"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --new-install
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:5620

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5924

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1144

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc"
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Scanning

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.9MB

MD5
d9f15227fefb98ba69d98542fbe7e568

SHA1
248795453ceb95e39db633285651f7204813ea3a

SHA256
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371

SHA512
76f8fb624bdf303f7ce7db234775b30385146734aa5e94830efc0601aa7a056d30f37d59c6f86a6ed0ab59da3134bd3a2a07402d08474e4e34a2000e6eea27aa

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.9MB

MD5
d9f15227fefb98ba69d98542fbe7e568

SHA1
248795453ceb95e39db633285651f7204813ea3a

SHA256
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371

SHA512
76f8fb624bdf303f7ce7db234775b30385146734aa5e94830efc0601aa7a056d30f37d59c6f86a6ed0ab59da3134bd3a2a07402d08474e4e34a2000e6eea27aa

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.9MB

MD5
d9f15227fefb98ba69d98542fbe7e568

SHA1
248795453ceb95e39db633285651f7204813ea3a

SHA256
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371

SHA512
76f8fb624bdf303f7ce7db234775b30385146734aa5e94830efc0601aa7a056d30f37d59c6f86a6ed0ab59da3134bd3a2a07402d08474e4e34a2000e6eea27aa

Download Submit
C:\Program Files (x86)\AnyDesk\AnyDesk.exe

Filesize
3.9MB

MD5
d9f15227fefb98ba69d98542fbe7e568

SHA1
248795453ceb95e39db633285651f7204813ea3a

SHA256
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371

SHA512
76f8fb624bdf303f7ce7db234775b30385146734aa5e94830efc0601aa7a056d30f37d59c6f86a6ed0ab59da3134bd3a2a07402d08474e4e34a2000e6eea27aa

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
b54e9cd7ecd08a222d387e41d8cb3565

SHA1
48802231425ea1ee04f01742764b70ecb116e19b

SHA256
4fb6d958276e617b20785bdc8d389550b7cca265109c34ff916f2e028cd9790e

SHA512
3aefa1687a2429d3bbf7cff77bab05338a21acdbf53df16974c79f73154dc14a5366d5d135ed339b29f91308e9e5eb19dc856e7859f9fc583ffa2542b5081a9d

Download Submit
C:\ProgramData\AnyDesk\service.conf

Filesize
2KB

MD5
b54e9cd7ecd08a222d387e41d8cb3565

SHA1
48802231425ea1ee04f01742764b70ecb116e19b

SHA256
4fb6d958276e617b20785bdc8d389550b7cca265109c34ff916f2e028cd9790e

SHA512
3aefa1687a2429d3bbf7cff77bab05338a21acdbf53df16974c79f73154dc14a5366d5d135ed339b29f91308e9e5eb19dc856e7859f9fc583ffa2542b5081a9d

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
77d167dd191bdb358c90ead31a778f36

SHA1
b2c8def292ba3a0a6526db0f63e250d650a0162b

SHA256
c560ece09b93a135f072f4caeba3a974822802ae67b6154406d3a00fbc1ff0f0

SHA512
a4d4cd3f67278bceade6f27f459ee51f00929c8f5be1e24379abb6705bfda234a15e90324344eb012146b832cd6f4334c6cb63a5ca814001d1e98751b06982ae

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
77d167dd191bdb358c90ead31a778f36

SHA1
b2c8def292ba3a0a6526db0f63e250d650a0162b

SHA256
c560ece09b93a135f072f4caeba3a974822802ae67b6154406d3a00fbc1ff0f0

SHA512
a4d4cd3f67278bceade6f27f459ee51f00929c8f5be1e24379abb6705bfda234a15e90324344eb012146b832cd6f4334c6cb63a5ca814001d1e98751b06982ae

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
36e9bc3bc43ab5539b1f12f352805dbd

SHA1
140f697aee0dd9597ef13509d32657f412d4e814

SHA256
d65df4b3fab84a6af2099c7f7cd653b8067196dc20204a3aa5af6b48743e1cd1

SHA512
577aad935aa1f0f7271dc597d3060879b5bb0c530a0b599dcf6c352a3f8bdc64d011c5d23853ae466832f571ffe27c51cb5afebda436e1bf89e9d01c1a446161

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
77d167dd191bdb358c90ead31a778f36

SHA1
b2c8def292ba3a0a6526db0f63e250d650a0162b

SHA256
c560ece09b93a135f072f4caeba3a974822802ae67b6154406d3a00fbc1ff0f0

SHA512
a4d4cd3f67278bceade6f27f459ee51f00929c8f5be1e24379abb6705bfda234a15e90324344eb012146b832cd6f4334c6cb63a5ca814001d1e98751b06982ae

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
77d167dd191bdb358c90ead31a778f36

SHA1
b2c8def292ba3a0a6526db0f63e250d650a0162b

SHA256
c560ece09b93a135f072f4caeba3a974822802ae67b6154406d3a00fbc1ff0f0

SHA512
a4d4cd3f67278bceade6f27f459ee51f00929c8f5be1e24379abb6705bfda234a15e90324344eb012146b832cd6f4334c6cb63a5ca814001d1e98751b06982ae

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
77d167dd191bdb358c90ead31a778f36

SHA1
b2c8def292ba3a0a6526db0f63e250d650a0162b

SHA256
c560ece09b93a135f072f4caeba3a974822802ae67b6154406d3a00fbc1ff0f0

SHA512
a4d4cd3f67278bceade6f27f459ee51f00929c8f5be1e24379abb6705bfda234a15e90324344eb012146b832cd6f4334c6cb63a5ca814001d1e98751b06982ae

Download Submit
C:\ProgramData\AnyDesk\system.conf

Filesize
482B

MD5
36e9bc3bc43ab5539b1f12f352805dbd

SHA1
140f697aee0dd9597ef13509d32657f412d4e814

SHA256
d65df4b3fab84a6af2099c7f7cd653b8067196dc20204a3aa5af6b48743e1cd1

SHA512
577aad935aa1f0f7271dc597d3060879b5bb0c530a0b599dcf6c352a3f8bdc64d011c5d23853ae466832f571ffe27c51cb5afebda436e1bf89e9d01c1a446161

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk

Filesize
1KB

MD5
15e852d1c4d4029301f0b0399c75e270

SHA1
75ae928e65431871a190576c755857a0c99f0d60

SHA256
4da38749d620019e90024e94729d237e6ff09f72e4360f2f1c1b4b6dda70515b

SHA512
0b99bdb19dda86a58cc689cd163ef6220ce77f3e889cf02546e730118f1195538e54923d7d8add0013c2eef8e8e6372e1ddf2f66e9fcf92e5a074cee22c5122f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085

Filesize
162KB

MD5
44ec03cb3248c903b67751ea27df310a

SHA1
c57e9cf90caf30457e9d57db750b8a0eb8856770

SHA256
d4de4a836d11828dd561db1eb8d7fd48a7e0ce9afd8645e2eabb19a1267b6894

SHA512
657e8958d97eab524224bbd8903e0bd7d0c2640805f77da7546060164fe03f7b6ece99a005ef44e41b7233a2e24ffc63430b2fe3c87f61a1b26e0d7c7e52c365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b4

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
adb36bf28ade7b46386438b2659a0aa1

SHA1
9514e37bfd7ecd9572e8d211069bd1b587620dbf

SHA256
def1e4393900a6dda729a5c5d7e4efd9dc95c526bbc303c91929c4399f025f3e

SHA512
50c65602e6ca8da11e3491347dd76a4f167cdee880e961358de2ee8164a8d6e26f709c74833d3d96bb267898ce41aa9ebce28b1defc47ac7e72a45e317d4857c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d2c0c8ddb29655017f4bf8632eb39bac

SHA1
df112a4770ee55c35b36dea2a51029693028344f

SHA256
98ef1ed1f33a098623fcefa3140f9fa979b76f67954d71e523c4785e968c35e7

SHA512
901ee43c20a58c7f806acb9cf5be70a61b0ac9b02a54baeb8ce191e5b975e964127d238426ae16009ecbbc837519477a7f9db69ed3fe14646107e80ebb219d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
95f3f830230ee660d1c6236f2751c7d5

SHA1
1ac3639616998d33e2317d8b7263d6d1635fe041

SHA256
cd49cba72bc6410064b57bf30cc1aea777128e07ed157b397b5a73556b38e3fc

SHA512
85f37912ef1852ab9cbaea50a522eae40c087a99a54bdbf8e043e2951d2d2cb763380a29dc1d0cb8cea818d1eb575a8e02c0a603ab414f6f06a18a389048b516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
c6e3bb38e6c3952bcbc0c2e7509f01b2

SHA1
d74a8ac1528b74414870e2e6975dfb4307ce9a0b

SHA256
b07080060b45a9def4345938522b0904126a0f8590bce7bd15688f0a3e5ee33f

SHA512
0a4cd23dd0401b7f32913eb255b87ffe7e57244a988b91412ad9838324822a68e4e22b3b3c1bb1570728354526191a9b5159ba9a29ef88b4095af184da377478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
0bfad75c1252860df1e33ae05bce4879

SHA1
6726c1536179897534dbc8428017150f6901351c

SHA256
5baf97157c53e852b2bfeada8a732a7f57a816b00024bb5aa98ea3c3295d024e

SHA512
7802602e6f54f691a6c1d06b54194eff8e91042413293f632469bb50310e3921cefc3ca0c57d89a62490f97597eb7431afed52a07feec057a58c03c687c3bc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
844b7b28036e208cd370efdd9f789e7e

SHA1
a797c99fae784e3be1dbdfdcf1782ed18c8436e4

SHA256
2e2dec1cb5c6b16000f92e00caa1fd0184fced75563f3be88bf4898cccee378e

SHA512
fa6d2e5f74280a03d08d286405f7178a8a039b4e4c9179d5c73652913fea8dc276a0a3604fe8bb9944e4d22972bbf0a22ad13b39695c97727b1d1566eb60f33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
52c19c1eba1410074742011c3112aae6

SHA1
c691f31b69c26b268ac7a6a6ed8223e000adfb5c

SHA256
a88713a5a760e9fbfab4f53fb963f459d041daafa5facc210a2232a58844b788

SHA512
306c73a0c9d996e470ee9a710a77f733f81e5c6e23e65955e0aee5d4bff128cd66a56c0246569e8d531deb577791ed86f30aeb57f661ee03682589454e0462b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
00c2ebda962309646cc4afe0b451300e

SHA1
0a51dd7709abea8926496f7f0a30b08c22ec7828

SHA256
d034c344c42f93a211e60131be4e688b03419f33d82820361a41dffebef6602d

SHA512
4611c2aa7d26411fb68ce62106cc309b0de1a79efe51446b3fc38010fd10bbd9295d7c5c647cd2de3860a1cb3cea59883ae53f7a5c43442fd94ed6fabd28787e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7a99e7aa619c0574ab47a76ee7bad161

SHA1
b54374d6be45e20f4e299b5393c04f134a4fb2cc

SHA256
483021799a2a37de092ad78b49e131f6c91b3090da0912aebf3cbb88a8ef02b7

SHA512
ec650233ad2b6af94cd8a81d0c8c8207e5ba72c55287ba17e7260f2db984fedaef1b7aab24d7bf7871135f0d24db972a586eb7bf715389a17d8797fbac8647a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
5bb5f90e172483b4a01dc7306c173275

SHA1
dcb64686a8229fd3181e2b69c1795286f43c1255

SHA256
acbbe93d19db75367f612ce0e3ab64874a4d732ad34ec23a0a2ae03ac092bc97

SHA512
78619a48eb421be3761ac83e11510226618490e3bc4c4be65c386807dea64959a44be96a08a1e04b5402e44b2ef3e3efdb88306436547a64f21130c12b714c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e38ca78dd0e5a2fcbce16016fb7ea405

SHA1
85171c0905ffc03c333c910144583f8a65055416

SHA256
3f0b0e7e02f51db48a1105df05ee1dfc9670ff0c9a99158e89aebf04e42add2f

SHA512
1b1962019ed5c04badbc17c4ab99c0e034d08f4348b4c32b6393b71ca2fa5c48850589f1a3338ef900143c2b882d88bbdfbba80d6b12cb9cef899a2cbacd6ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0f73280d5d7fad448599403af0c9a406

SHA1
e452618de6f7786d99fcc4eb20236048203c52ec

SHA256
623772d8d9d299ff3aac386b6825d23b01de508192a48bafddcb8825e2b890dc

SHA512
2cd244b0ef13eb41ced61ef920dd6a1b75135fb6c9ff87f1b26c8342a92376f19842c3ebfa8cc7aad0ee10a33b27ab6a153ffaa9227961e2ee2609f89458dda3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2ac0f6079f8378e8db476c0aa269dfed

SHA1
5a7a5f62b29332ab8a9f1a61f35500078e8fabe7

SHA256
0a6b1b8f57d9468612b51de26aa12d0157726605c799ba1b17eee6093a507a3a

SHA512
ad7666b8d3028ed46da539369cba6c427e57e64a1e627804685ddc5ddd04c2862d1aafe57a7df45134fd6db51390b57b9e62158b45c057f2ba6f0de5821a112b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c3e7f3eaabccfd0f7be2bb928f4d46f

SHA1
4a80241b5725f277ea64ebf08ac80a4a858273b6

SHA256
50e8ba51707410acde9a242218465d189043a4cbaa2f7803af6cbff02fbb079a

SHA512
d717f520e25bc5b7b8c21908b0ded07ed6a9ae0c922c6ee31dbebead7a5890668b433f9bb88899f603dcd47863969422aec44a1b20faa4650be0f1cf92048926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c5d8ac9a2de00c8c6d25e81cf39cd0c5

SHA1
04aff15e6832480da089ef53fa4de199924c0733

SHA256
b4159bf456f22a72182a624f18f6829c12f6dbc87c58c83519749767a0a4f534

SHA512
2de4d875cb1bfbee33ce79bb9381bf7395c2f7caec42004f18feb8dd48772a15e99f315f73aed5b4649cceed4be08cc3acba003da9e4e26ed83c6344bd4ba3b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b0e90717a576d0a963913a5ecfee08d0

SHA1
89f87ed9da4ec15eb5aea93b5fc01f5fc4d059eb

SHA256
c6695b7f7464628f0acc2d4f6778434c1954d171b4f8136d3a85495728459d75

SHA512
9f97d78fd303dc7040e0e7615e743a8e344306810020a525fbdc87fa9be3a50b55daab61b80cb5a2da4967952a2a6856059ed10234b30b7d94f03d67b68a8f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dae091aa714e177438d6b80659237072

SHA1
b6986baa21214b3e8111db06a239b60daf9283a2

SHA256
75d3ec8d2a6bed5774b85a31ee2fe52bf2a95e58aefbf58ef65975e7efd3c94e

SHA512
10bb16d842a928da474e4230fff0482001f9a9ff9ebfb33e2e394b2d78bd263e4f4c39d40d99d4c80124c3bd06c441961e8084805ea2c1cdbca490f91dbc1558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
56c609c2788cce26abfb37ac4ddf00a2

SHA1
847d2d95cba305c277efe7166c692178b2a38dac

SHA256
2e0229c270c0d7c16ea12f756523fe9b3eef89804222abbf32407a0265d90f9b

SHA512
61afedc9bf24b935a7d7344242ce5edb548b87654fd00e9cc5922fc379c1658e0a081f5bf05f26e82d390c744ded9092d953978a4fe2f70bb40a61b77eef3173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cc9607f47a31396150bf5a9cf4d35fc1

SHA1
d858104db9b8a8064d781b583346f49d2d171079

SHA256
5b0e111d07960ced5376e7ad9d65a6c9e508d4ac5be72ca18abf3e4df904d7e2

SHA512
bc225736417b926d8db97c996d0fe2eadc8940f1dbc5aadb15b23ed92c61b79f29ae6873181947d3a3d23f9248fe19b14625dddb9ab49b4c06d7885a9f8df6ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
adb743a0664d208d359ed5781f365ed6

SHA1
e71f2a5114e810dfbee4e2f4882605c1715d77e3

SHA256
9dbccd3f5e3da23bde0389780c13d254baf1e2cee86432bbcd62eb21e73fa7c1

SHA512
7661696865749adcdb891045851bcf9ec1eb9ebd5df5088d85e2dda1e0269d4bba5eb88037bc52bcb95fa9d6c701a0777fe0dab984450798fc6f45d9f81681ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
41fafab43f94d042a9c107ef06ba37fe

SHA1
39ba93973ace633a413f8063d9b67924e3121e65

SHA256
d6cfdf917c0dd672ea7078552e849673757df13dd66c0a99eae3c76c222ca631

SHA512
5962b3a9948cf7462647c209b4a6ec5934f8b4251f5038e5657f403bc8ce172e6d38c69a861cdabf2d216e0d8370a6fef1cc2fd5d666ef610be5adf8eef35f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
c61c88e779ae36cbe234e728d1fe3383

SHA1
1c7488f0e0b8d765041852bf4fb9e84d20523e01

SHA256
2132fcc0ba24bbb93cb151ca71247cec7698b327cacdd24fe8436e37c1cc9841

SHA512
1564c432e15f6ce111d92c04d9516b2dd00b21146eee4a4283c4a723f0ce12b4b81850b93b0f49e7b9d58901233c733bb60ac95c03acd56e15358d812004d126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
67933c59ec5e524d89682e7858189100

SHA1
51d5730c8381ca9882cde8a757e34ed858291166

SHA256
15a9ceb9c3ad43f2e4b94a0621b7a46e02890b97c2b67d2017dac1cf1479cf92

SHA512
7f50d152bb36daccc0859b8caef5d32447af08193e2eb5b2cd7bd9d77e32626c325e56ce9e8fe55e4d2f8dc9d5afbe7932876b4adc664a8bf4b51626ade9b6d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
3879db76d1d934630d925ac158420351

SHA1
0da7d07393f2aad6a417a4b3ad3c6b1c2ba8df93

SHA256
688f004d95393f5b6eb877388f950a63488292ac30e1aa418ee0954e219f76ef

SHA512
1bc0881bd779f8816b511c753ace67af307766e5e4d7f790304334d17326f421da36abfbf3369065ab81680dff61ce96974437ebdaf94cbcc64c5ac950acd7da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
d4d004aa19122a23a209a7a5fc26bea0

SHA1
4a657dc537707890ff1b44f64ddd5cfe33ba130a

SHA256
d2b05633c24e8910016802a71ba8d64d170a22220eacc0685d63a3096868eec4

SHA512
2ac7caa1134d6e3b75eee90ebd7cc62b6a4412510ce6f040c77db7f90b05828b15c4333936ef1ce4c3d5fb46061ad51fdef21a20e644cbe3c4a77d189f5365d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
6dfda793fa437bc884b69aaf07a0c461

SHA1
020b8906dcecd276775191d953a70c71dfd06710

SHA256
c9173922499c607ba4bbafd015c238d38358d0ffe4cd70a766eacb75c0e8d9ba

SHA512
2327e699eaa77027bc4e7b5e2499407c9303bfae6262f4ab3f4806e92c917e440af754f6f3a371990374b08f3a4311241e37d69a205f84d2f255c313f91dee6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591757.TMP

Filesize
113KB

MD5
22ddff6530251b950670fc280a011bb2

SHA1
cc96d147eb4c965cefbb98054a1bd17e87bed35c

SHA256
571d363bb2f1c76f6730c1638131f7d1f75eda5adce0884a051db4550999209b

SHA512
c759a652445ecf2469ee83f67f8b9f885770ee705883820a987a85682929e83ca1c815fa5a713d76550183cf7f90b7d7418d941010a4dc305b2eef66fe08ccb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Advanced IP Scanner 2\printsupport\windowsprintersupport.dll

Filesize
50KB

MD5
1184f4fb8efae468729c62787c9ed80b

SHA1
a06e3f759dc4bee0b9badeb7a5a67dfeebbf141f

SHA256
c075c95d5153de4005f0e6804eb4f783886d10b683712ed00ef09a6629d6917a

SHA512
2ef35e76f950218f3fabb3f53244366cc7de6d61ba090f3c312eea8b7457b239daae65d05fe3a0bd2a7236afc4eb0434aec7f8042e0c5db1d118fe0e11e04f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Advanced IP Scanner 2\qwindows.dll

Filesize
1.3MB

MD5
a95683988952cd21f5f6de5318122b98

SHA1
2f8c94fc2cf0a9bdc61743541e94ab0dcc2840c0

SHA256
10cabd7ec4b4bdb4cac85c905917b64dad626dcabacbf32748217b129a3b2099

SHA512
33c8f7daf9e13a91ba9c362aefc944733b7c946ad042e1bba1b7218b9b6500c5f04e8f3bcc3650cbaf2da163f8a6deb21aabccfdef8fbcc804b862e07b55cf89

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
452c96308a5521b7787b2ca2c4ee4b65

SHA1
3c45d6a99af2a7465a4d1f3a51fd58fc061cdca1

SHA256
9cf46f8b86201fabf74c8df46c0c125bb2f216f80b055cc578e2c43e874150cc

SHA512
5e1df64265dd4258aa6fd318f19f4577506c233552b9ae98fbebce687fdaf2c4ad272363097db6049354c201b308503ff395112093830b41c975d63dab803a10

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
11KB

MD5
2a12f0432706730bd8c958a1c3cf892e

SHA1
a9d964176a540cc26ee058db6c1316e68520c628

SHA256
e7a67c5de9a92cb96f63c2ba7ab9ff8872752ca58fe5d774ca2e9d0b515fa431

SHA512
cc525f10c0af5cae334599845c370cbc2f9807b86320de5b0c0a1737b4b61519d82f22713ab0ec011e7ffd425746e4b07d2983c3ce17b1bd2c20e6988914fbdc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
27KB

MD5
811e3a586f110603799fc9dae3412bde

SHA1
3398dd5108afa35ea88b303bffdef3e616b6ef3f

SHA256
c44d93155d619113f94f00aa35ea9c7208c5296504a4e9fc6208b32d0485d9ca

SHA512
05c4b4277c0a6d10db9bd2fbf4dcc0a2cdae8f8eaa4df0f0df34900825275f516a63bd5f87b29928df578dbeedcdc7b9ccd81c72b7340ee2344a271a09cbcb6f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
37KB

MD5
7c3ad96246aea069d034cba081a781a6

SHA1
7c881b1690e982c3bd2b8f6ea9fab18513f31ce3

SHA256
6c6a4ed4d106c0b0df3b0b5e8cb3ce56a44784ea90f5e57390132ca3589f4bc4

SHA512
e5f909f60540e10e488229eef8b3df5cfd6bf40c7bb5326b7ef90af55f2b108e706fc188f9490333f45070c350c3afd8be5b8c60c71c5e0d04c54e943adc19b9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
42KB

MD5
b08a84fccd8e1487238dade961f11ef1

SHA1
83bc80cd249fbd02a789a41639e7dad83c699cc5

SHA256
4c1ad7c5ba15c49f4f48eb5aef4a4127cd4f8c18961fc219346dcfd747f776ea

SHA512
cdbb853a71ba5eb605e225d77b87b40ba4f18a09980a4b834eed2956f5a302571bafaa39740852415bdeaa3dae168df150bf3e53a27d022cb0cf9cc23c6c7f26

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
b54e9cd7ecd08a222d387e41d8cb3565

SHA1
48802231425ea1ee04f01742764b70ecb116e19b

SHA256
4fb6d958276e617b20785bdc8d389550b7cca265109c34ff916f2e028cd9790e

SHA512
3aefa1687a2429d3bbf7cff77bab05338a21acdbf53df16974c79f73154dc14a5366d5d135ed339b29f91308e9e5eb19dc856e7859f9fc583ffa2542b5081a9d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
b54e9cd7ecd08a222d387e41d8cb3565

SHA1
48802231425ea1ee04f01742764b70ecb116e19b

SHA256
4fb6d958276e617b20785bdc8d389550b7cca265109c34ff916f2e028cd9790e

SHA512
3aefa1687a2429d3bbf7cff77bab05338a21acdbf53df16974c79f73154dc14a5366d5d135ed339b29f91308e9e5eb19dc856e7859f9fc583ffa2542b5081a9d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
1a9bcb024f3d65edb879b756b49616d9

SHA1
40762e6ea46eb1d33fd176076f5a6dc758c16966

SHA256
dfcaf35ff1479340ea84a5610e3d279b096f060ed8be7a7e1db26b7d6e41233d

SHA512
d94efaf5bbef78430356c09e51d8e8075b58c812f7e205deda1ab284e8dc2fffd34cabb3049c678fb2ff90c6fa6b17999e11bbcd059bd01a5b257f77c11a738e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
1a9bcb024f3d65edb879b756b49616d9

SHA1
40762e6ea46eb1d33fd176076f5a6dc758c16966

SHA256
dfcaf35ff1479340ea84a5610e3d279b096f060ed8be7a7e1db26b7d6e41233d

SHA512
d94efaf5bbef78430356c09e51d8e8075b58c812f7e205deda1ab284e8dc2fffd34cabb3049c678fb2ff90c6fa6b17999e11bbcd059bd01a5b257f77c11a738e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
1a9bcb024f3d65edb879b756b49616d9

SHA1
40762e6ea46eb1d33fd176076f5a6dc758c16966

SHA256
dfcaf35ff1479340ea84a5610e3d279b096f060ed8be7a7e1db26b7d6e41233d

SHA512
d94efaf5bbef78430356c09e51d8e8075b58c812f7e205deda1ab284e8dc2fffd34cabb3049c678fb2ff90c6fa6b17999e11bbcd059bd01a5b257f77c11a738e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
a5dcd4f93f63d1ef3ae22dd0364a19fc

SHA1
a2d30f23b56f43fdcb49912aa5f998001c233c2e

SHA256
33f7af43e830a3045f443fef25162dbb1d135de0ec2d91adda9e1be266f795c4

SHA512
10dc2c7766e74f57882edad6f7095cc22a3170e49e72084d225064369b78a8c475db2f52e06a81097beecfc8340803a09221d25505ccc2ccf32ee44550e70279

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
1a9bcb024f3d65edb879b756b49616d9

SHA1
40762e6ea46eb1d33fd176076f5a6dc758c16966

SHA256
dfcaf35ff1479340ea84a5610e3d279b096f060ed8be7a7e1db26b7d6e41233d

SHA512
d94efaf5bbef78430356c09e51d8e8075b58c812f7e205deda1ab284e8dc2fffd34cabb3049c678fb2ff90c6fa6b17999e11bbcd059bd01a5b257f77c11a738e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
1a9bcb024f3d65edb879b756b49616d9

SHA1
40762e6ea46eb1d33fd176076f5a6dc758c16966

SHA256
dfcaf35ff1479340ea84a5610e3d279b096f060ed8be7a7e1db26b7d6e41233d

SHA512
d94efaf5bbef78430356c09e51d8e8075b58c812f7e205deda1ab284e8dc2fffd34cabb3049c678fb2ff90c6fa6b17999e11bbcd059bd01a5b257f77c11a738e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
a5dcd4f93f63d1ef3ae22dd0364a19fc

SHA1
a2d30f23b56f43fdcb49912aa5f998001c233c2e

SHA256
33f7af43e830a3045f443fef25162dbb1d135de0ec2d91adda9e1be266f795c4

SHA512
10dc2c7766e74f57882edad6f7095cc22a3170e49e72084d225064369b78a8c475db2f52e06a81097beecfc8340803a09221d25505ccc2ccf32ee44550e70279

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
08035e69a6a2a57fc09a3c857f0ebfc6

SHA1
7a3d553479e3bc4e102352db03a20843d22930de

SHA256
64f218f9d24a20ddd958dd9edec8eebfbde296f18c1fb903b368d130c04b19ec

SHA512
cdd2378d22e163aceba60ce328b1f279567e1ad422c9ec2498595128688d8e18ed3401dc9693f662895213946213a7dae83166c90a167bf24d070de4216b2754

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
202b1ef327a0d739d902d5fe810235e8

SHA1
6d1a0bc05e73ff130bf9b5cbd8688dca418104d4

SHA256
59a648d29b3ed708b4d040c5fb57e844e04e20f696d00496ae5ed258babdb0ed

SHA512
1b9f65414fbccd708e4e5391aba57c44465d4564a699d701cea82616fc15cb1dea7bca2e34cff0e47693b7669f7a48b12b8e1c1971e2e5a6af72e46631ba6758

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
99367a05e909a5268611645568bfd9e6

SHA1
0a83591c2abfead1f193887944eef82c6b4df94c

SHA256
615adc5e10f9b4efffb98f2e83ed49a018813152dbb7068bf729c6cdd98c0c39

SHA512
5b7e7c17b4a0995ee12621e6674ae5d22b1deaec0c75d76d1655606db3f3079617117d3a9e38ab107a5843951f18ed83cf77e4649548452805b387bd5733e330

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
99367a05e909a5268611645568bfd9e6

SHA1
0a83591c2abfead1f193887944eef82c6b4df94c

SHA256
615adc5e10f9b4efffb98f2e83ed49a018813152dbb7068bf729c6cdd98c0c39

SHA512
5b7e7c17b4a0995ee12621e6674ae5d22b1deaec0c75d76d1655606db3f3079617117d3a9e38ab107a5843951f18ed83cf77e4649548452805b387bd5733e330

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
99367a05e909a5268611645568bfd9e6

SHA1
0a83591c2abfead1f193887944eef82c6b4df94c

SHA256
615adc5e10f9b4efffb98f2e83ed49a018813152dbb7068bf729c6cdd98c0c39

SHA512
5b7e7c17b4a0995ee12621e6674ae5d22b1deaec0c75d76d1655606db3f3079617117d3a9e38ab107a5843951f18ed83cf77e4649548452805b387bd5733e330

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
99367a05e909a5268611645568bfd9e6

SHA1
0a83591c2abfead1f193887944eef82c6b4df94c

SHA256
615adc5e10f9b4efffb98f2e83ed49a018813152dbb7068bf729c6cdd98c0c39

SHA512
5b7e7c17b4a0995ee12621e6674ae5d22b1deaec0c75d76d1655606db3f3079617117d3a9e38ab107a5843951f18ed83cf77e4649548452805b387bd5733e330

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f193636b5cde6de463d77b5c067f547b

SHA1
9fe4e70c7cd6c22cfa06bcfe10360fe93dbee878

SHA256
69fc412ac669de8e8c92df0f09b0da4a8e8dc52c2d45f4bc4b9c7e0c87ac3585

SHA512
8009014e7fee5ee00eff6b3ca61ddb8845123a42fe92cc8226ad9957c4d33e65933a06feffbd74f2e8f31633426b9f8acf3ee1e2dac9928da06ce81335ddb4e6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
127cc052838e5100bb400bfd5c4ccf60

SHA1
dcf49fad2cd39b93f0f9dcfce773df113890647d

SHA256
b44abf51e59c359a1a66a739e91f3d454d93d532315622e9c9bca79360394c52

SHA512
7fcaa0f740471802e6843dc74aedd44dcb4d18cd347cf3f01c03de33fea52f82f614c40d5c1846255abf3b2199682001a122909a7667b06d530586294f24b221

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
3846c5f92feaf5dcc38412970984ebe7

SHA1
d487a14cce57f9d90f03d7b05763bb311d7990e4

SHA256
cffb74ad34624053ba9f0bccbf20ff16c4eb742112798ee41cb69de31a155d51

SHA512
2c5930ea2a21b8676423e9b0777733be6f03a9e1baf4502e6951cc8d5f5d8e0eed8045676cee6113f1ed29356e527d45dd50fdaf1fa2e3463288265dd6d786b4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
72e6ed3bfc3beddb57c8bfbc9f6ea668

SHA1
9b0ef51b2ad1715525f30c2354accf07b2096494

SHA256
7606f1fd13cbfa5ee83dcdcef20e28de727da1807ada2a0be3c260a818ee6354

SHA512
6c76fb1fc310935b1fcd3b091d9f940b22827a6e3811524385ad170667b84ef4ec057724b8a0a74c99c216cd2b941ad8eb216546c6bb81066cf9160a123b1f92

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
72e6ed3bfc3beddb57c8bfbc9f6ea668

SHA1
9b0ef51b2ad1715525f30c2354accf07b2096494

SHA256
7606f1fd13cbfa5ee83dcdcef20e28de727da1807ada2a0be3c260a818ee6354

SHA512
6c76fb1fc310935b1fcd3b091d9f940b22827a6e3811524385ad170667b84ef4ec057724b8a0a74c99c216cd2b941ad8eb216546c6bb81066cf9160a123b1f92

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
72e6ed3bfc3beddb57c8bfbc9f6ea668

SHA1
9b0ef51b2ad1715525f30c2354accf07b2096494

SHA256
7606f1fd13cbfa5ee83dcdcef20e28de727da1807ada2a0be3c260a818ee6354

SHA512
6c76fb1fc310935b1fcd3b091d9f940b22827a6e3811524385ad170667b84ef4ec057724b8a0a74c99c216cd2b941ad8eb216546c6bb81066cf9160a123b1f92

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
6e78cc6969c8fe25199250dd34bae6ae

SHA1
e1033404e7919590451e8d6da780fc091ac5d31f

SHA256
299809dbb95d773c6bac4d2238d7b1099aa03d2ff18cc7b3c39b56572e81d6d5

SHA512
517a100d33da7ad93269dc3e7cddb40164c3dd3dce5a6b063496cbce5b27e40d9923d3888f6241d0022d1d40bd9a414c470e5f17b15af6e02054efec5489f32c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
46a204d2333fc80ac6ea1aa3de8da2e2

SHA1
4db1c465abcc39a6fb7fb4eb207335c3a2c13791

SHA256
6cffc7433674fc9f9aa8f3826ccec19e6debc2f2517df7f5390f913d391bd287

SHA512
549a95cad4aac1c9c2417f3f0e87ceae404db53bc2085255e3f71e4293cd1961778dd04cb97544dbe4758413f0560ebf3a1e4e9ff535228935c5b8af62760bb8

Download Submit
C:\Users\Admin\Downloads\Advanced_IP_Scanner_2.5.4594.1.exe

Filesize
20.1MB

MD5
5537c708edb9a2c21f88e34e8a0f1744

SHA1
86233a285363c2a6863bf642deab7e20f062b8eb

SHA256
26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b

SHA512
35f44c0df4635a1020f52743d7cf3e4346d1bdf9010161326e572250ac93e0285b202532a07d2db8dbc67f6f0ced864083769e904bd5d82611244339ca8d31a1

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
3.9MB

MD5
d9f15227fefb98ba69d98542fbe7e568

SHA1
248795453ceb95e39db633285651f7204813ea3a

SHA256
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371

SHA512
76f8fb624bdf303f7ce7db234775b30385146734aa5e94830efc0601aa7a056d30f37d59c6f86a6ed0ab59da3134bd3a2a07402d08474e4e34a2000e6eea27aa

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
3.9MB

MD5
d9f15227fefb98ba69d98542fbe7e568

SHA1
248795453ceb95e39db633285651f7204813ea3a

SHA256
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371

SHA512
76f8fb624bdf303f7ce7db234775b30385146734aa5e94830efc0601aa7a056d30f37d59c6f86a6ed0ab59da3134bd3a2a07402d08474e4e34a2000e6eea27aa

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
3.9MB

MD5
d9f15227fefb98ba69d98542fbe7e568

SHA1
248795453ceb95e39db633285651f7204813ea3a

SHA256
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371

SHA512
76f8fb624bdf303f7ce7db234775b30385146734aa5e94830efc0601aa7a056d30f37d59c6f86a6ed0ab59da3134bd3a2a07402d08474e4e34a2000e6eea27aa

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
3.9MB

MD5
d9f15227fefb98ba69d98542fbe7e568

SHA1
248795453ceb95e39db633285651f7204813ea3a

SHA256
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371

SHA512
76f8fb624bdf303f7ce7db234775b30385146734aa5e94830efc0601aa7a056d30f37d59c6f86a6ed0ab59da3134bd3a2a07402d08474e4e34a2000e6eea27aa

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 157140.crdownload

Filesize
3.9MB

MD5
d9f15227fefb98ba69d98542fbe7e568

SHA1
248795453ceb95e39db633285651f7204813ea3a

SHA256
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371

SHA512
76f8fb624bdf303f7ce7db234775b30385146734aa5e94830efc0601aa7a056d30f37d59c6f86a6ed0ab59da3134bd3a2a07402d08474e4e34a2000e6eea27aa

Download Submit
\??\c:\users\admin\downloads\anydesk.exe

Filesize
3.9MB

MD5
d9f15227fefb98ba69d98542fbe7e568

SHA1
248795453ceb95e39db633285651f7204813ea3a

SHA256
5b70972c72bf8af098350f8a53ec830ddbd5c2c7809c71649c93f32a8a3f1371

SHA512
76f8fb624bdf303f7ce7db234775b30385146734aa5e94830efc0601aa7a056d30f37d59c6f86a6ed0ab59da3134bd3a2a07402d08474e4e34a2000e6eea27aa

Download Submit
memory/1164-1007-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/1164-890-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/1164-768-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/1164-1314-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/1164-1084-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/1164-1205-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/1296-684-0x00000000005E0000-0x0000000001664000-memory.dmp

Filesize
16.5MB

Download
memory/1296-811-0x00000000005E0000-0x0000000001664000-memory.dmp

Filesize
16.5MB

Download
memory/2176-1222-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2176-1224-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2176-1221-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2176-1220-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2176-1223-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2176-1195-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2176-1190-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2176-1189-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2176-1188-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2176-1187-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2176-1227-0x000000001D9A0000-0x000000001D9B0000-memory.dmp

Filesize
64KB

Download
memory/2396-150-0x0000000004980000-0x0000000004981000-memory.dmp

Filesize
4KB

Download
memory/2396-144-0x0000000005250000-0x0000000005251000-memory.dmp

Filesize
4KB

Download
memory/2396-154-0x0000000000400000-0x0000000000E31000-memory.dmp

Filesize
10.2MB

Download
memory/2396-153-0x00000000049A0000-0x00000000049A1000-memory.dmp

Filesize
4KB

Download
memory/2396-171-0x0000000000400000-0x0000000000E31000-memory.dmp

Filesize
10.2MB

Download
memory/2396-137-0x0000000000400000-0x0000000000E31000-memory.dmp

Filesize
10.2MB

Download
memory/2396-138-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/2396-140-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/2396-141-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/2396-142-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/2396-143-0x0000000005100000-0x0000000005101000-memory.dmp

Filesize
4KB

Download
memory/2396-155-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/2396-145-0x0000000004FE0000-0x0000000004FE1000-memory.dmp

Filesize
4KB

Download
memory/2396-151-0x0000000004990000-0x0000000004991000-memory.dmp

Filesize
4KB

Download
memory/2396-146-0x0000000005030000-0x0000000005031000-memory.dmp

Filesize
4KB

Download
memory/2396-147-0x0000000005090000-0x0000000005091000-memory.dmp

Filesize
4KB

Download
memory/2396-148-0x00000000050E0000-0x00000000050E1000-memory.dmp

Filesize
4KB

Download
memory/2396-149-0x0000000003570000-0x0000000003571000-memory.dmp

Filesize
4KB

Download
memory/2396-156-0x0000000000400000-0x0000000000E31000-memory.dmp

Filesize
10.2MB

Download
memory/3144-133-0x0000000000400000-0x0000000000E31000-memory.dmp

Filesize
10.2MB

Download
memory/3144-136-0x0000000000400000-0x0000000000E31000-memory.dmp

Filesize
10.2MB

Download
memory/3144-135-0x0000000004780000-0x0000000004781000-memory.dmp

Filesize
4KB

Download
memory/3144-134-0x0000000002FB0000-0x0000000002FB1000-memory.dmp

Filesize
4KB

Download
memory/3936-158-0x000002825B4C0000-0x000002825B4C1000-memory.dmp

Filesize
4KB

Download
memory/3936-157-0x000002825B4C0000-0x000002825B4C1000-memory.dmp

Filesize
4KB

Download
memory/3936-167-0x000002825B4C0000-0x000002825B4C1000-memory.dmp

Filesize
4KB

Download
memory/3936-166-0x000002825B4C0000-0x000002825B4C1000-memory.dmp

Filesize
4KB

Download
memory/3936-164-0x000002825B4C0000-0x000002825B4C1000-memory.dmp

Filesize
4KB

Download
memory/3936-165-0x000002825B4C0000-0x000002825B4C1000-memory.dmp

Filesize
4KB

Download
memory/3936-163-0x000002825B4C0000-0x000002825B4C1000-memory.dmp

Filesize
4KB

Download
memory/3936-159-0x000002825B4C0000-0x000002825B4C1000-memory.dmp

Filesize
4KB

Download
memory/3936-168-0x000002825B4C0000-0x000002825B4C1000-memory.dmp

Filesize
4KB

Download
memory/3936-169-0x000002825B4C0000-0x000002825B4C1000-memory.dmp

Filesize
4KB

Download
memory/5332-2206-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/5620-1286-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/5620-919-0x0000000004EE0000-0x0000000004EE1000-memory.dmp

Filesize
4KB

Download
memory/5620-824-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/5620-854-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/5620-1053-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/5620-941-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/5620-918-0x0000000004ED0000-0x0000000004ED1000-memory.dmp

Filesize
4KB

Download
memory/5868-572-0x0000000005200000-0x0000000005201000-memory.dmp

Filesize
4KB

Download
memory/5868-548-0x0000000001D10000-0x0000000001D11000-memory.dmp

Filesize
4KB

Download
memory/5868-573-0x0000000005210000-0x0000000005211000-memory.dmp

Filesize
4KB

Download
memory/5868-545-0x00000000005E0000-0x0000000001664000-memory.dmp

Filesize
16.5MB

Download
memory/5868-722-0x00000000005E0000-0x0000000001664000-memory.dmp

Filesize
16.5MB

Download
memory/6044-940-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/6044-823-0x0000000000670000-0x00000000016F4000-memory.dmp

Filesize
16.5MB

Download
memory/6044-853-0x0000000001840000-0x0000000001841000-memory.dmp

Filesize
4KB

Download
memory/6088-564-0x00000000005E0000-0x0000000001664000-memory.dmp

Filesize
16.5MB

Download
memory/6088-736-0x00000000005E0000-0x0000000001664000-memory.dmp

Filesize
16.5MB

Download
memory/6128-563-0x00000000005E0000-0x0000000001664000-memory.dmp

Filesize
16.5MB

Download
memory/6128-576-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/6128-737-0x00000000005E0000-0x0000000001664000-memory.dmp

Filesize
16.5MB

Download