734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a

Analysis

max time kernel
318s
max time network
321s
platform
windows10-1703_x64
resource
win10-20230621-en
resource tags

arch:x64arch:x86image:win10-20230621-enlocale:en-usos:windows10-1703-x64system
submitted
24/06/2023, 23:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

3.9MB
MD5

bca01af10aac7833188c47d7fec17196
SHA1

7f7898da333b924bd358aeb9936a944eb8bf3c09
SHA256

734f3577aa453fe8e89d6f351a382474a5dab97204aff1e194eee4e9fdff0a4a
SHA512

4429536226a6f3e72d008525c99bc0e676973be04670f7bb49f93ad20e7c8957ceb945c9eeea3ff47e6a751525976b0f4702e90d682940d225d6cb82a6567032
SSDEEP

49152:6ZeC+Xpi5ZnHuNO7HrDequJVU6GTTC/gZAjj4agcXz75rtelRqEiruLh3fZlTP5t:cpfn7HruwEk00agcD7fkRX6uRfZrnAnC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4400-1107-0x00007FF809B00000-0x00007FF809F6E000-memory.dmp	upx
behavioral1/memory/4400-1108-0x00007FF81EFC0000-0x00007FF81EFE4000-memory.dmp	upx
behavioral1/memory/4400-1111-0x00007FF822630000-0x00007FF82263F000-memory.dmp	upx
behavioral1/memory/4400-1112-0x00007FF81C5A0000-0x00007FF81C5B9000-memory.dmp	upx
behavioral1/memory/4400-1113-0x00007FF81F620000-0x00007FF81F62D000-memory.dmp	upx
behavioral1/memory/4400-1114-0x00007FF81BFB0000-0x00007FF81BFC9000-memory.dmp	upx
behavioral1/memory/4400-1115-0x00007FF81AD90000-0x00007FF81ADBE000-memory.dmp	upx
behavioral1/memory/4400-1122-0x00007FF81BC00000-0x00007FF81BC2D000-memory.dmp	upx
behavioral1/memory/4400-1123-0x00007FF81B630000-0x00007FF81B664000-memory.dmp	upx
behavioral1/memory/4400-1124-0x00007FF81B000000-0x00007FF81B00D000-memory.dmp	upx
behavioral1/memory/4400-1126-0x00007FF81AD00000-0x00007FF81AD2B000-memory.dmp	upx
behavioral1/memory/4400-1125-0x00007FF809A40000-0x00007FF809AFC000-memory.dmp	upx
behavioral1/memory/4400-1127-0x00007FF81AD70000-0x00007FF81AD8F000-memory.dmp	upx
behavioral1/memory/4400-1128-0x00007FF8098C0000-0x00007FF809A31000-memory.dmp	upx
behavioral1/memory/4400-1130-0x00007FF809840000-0x00007FF80986E000-memory.dmp	upx
behavioral1/memory/4400-1129-0x00007FF81A830000-0x00007FF81A84C000-memory.dmp	upx
behavioral1/memory/4400-1131-0x00007FF809780000-0x00007FF809838000-memory.dmp	upx
behavioral1/memory/4400-1132-0x00007FF809400000-0x00007FF809775000-memory.dmp	upx
behavioral1/memory/4400-1134-0x00007FF819BD0000-0x00007FF819BE4000-memory.dmp	upx
behavioral1/memory/4400-1135-0x00007FF81ACF0000-0x00007FF81ACFB000-memory.dmp	upx
behavioral1/memory/4400-1137-0x00007FF8198A0000-0x00007FF8198AB000-memory.dmp	upx
behavioral1/memory/4400-1136-0x00007FF8093D0000-0x00007FF8093F5000-memory.dmp	upx
behavioral1/memory/4400-1138-0x00007FF819890000-0x00007FF81989C000-memory.dmp	upx
behavioral1/memory/4400-1140-0x00007FF80F780000-0x00007FF80F78C000-memory.dmp	upx
behavioral1/memory/4400-1141-0x00007FF809260000-0x00007FF80926D000-memory.dmp	upx
behavioral1/memory/4400-1139-0x00007FF816BC0000-0x00007FF816BCC000-memory.dmp	upx
behavioral1/memory/4400-1142-0x00007FF809250000-0x00007FF80925E000-memory.dmp	upx
behavioral1/memory/4400-1143-0x00007FF809230000-0x00007FF80923C000-memory.dmp	upx
behavioral1/memory/4400-1144-0x00007FF809210000-0x00007FF80921B000-memory.dmp	upx
behavioral1/memory/4400-1145-0x00007FF8091E0000-0x00007FF8091ED000-memory.dmp	upx
behavioral1/memory/4400-1146-0x00007FF8091C0000-0x00007FF8091D2000-memory.dmp	upx
behavioral1/memory/4400-1150-0x00007FF808F50000-0x00007FF8091A2000-memory.dmp	upx
behavioral1/memory/4400-1151-0x00007FF808F10000-0x00007FF808F39000-memory.dmp	upx
behavioral1/memory/4400-1163-0x00007FF8092B0000-0x00007FF8093C8000-memory.dmp	upx
behavioral1/memory/4400-1164-0x00007FF809270000-0x00007FF8092A8000-memory.dmp	upx
behavioral1/memory/4400-1165-0x00007FF81A600000-0x00007FF81A60B000-memory.dmp	upx
behavioral1/memory/4400-1167-0x00007FF813C20000-0x00007FF813C2B000-memory.dmp	upx
behavioral1/memory/4400-1166-0x00007FF818C40000-0x00007FF818C4B000-memory.dmp	upx
behavioral1/memory/4400-1168-0x00007FF809240000-0x00007FF80924C000-memory.dmp	upx
behavioral1/memory/4400-1170-0x00007FF809200000-0x00007FF80920C000-memory.dmp	upx
behavioral1/memory/4400-1169-0x00007FF809220000-0x00007FF80922B000-memory.dmp	upx
behavioral1/memory/4400-1171-0x00007FF8091F0000-0x00007FF8091FC000-memory.dmp	upx
behavioral1/memory/4400-1172-0x00007FF8091B0000-0x00007FF8091BC000-memory.dmp	upx
behavioral1/memory/4400-1173-0x00007FF808F40000-0x00007FF808F4A000-memory.dmp	upx
behavioral1/memory/4400-1174-0x00007FF809B00000-0x00007FF809F6E000-memory.dmp	upx
behavioral1/memory/4400-1175-0x00007FF81EFC0000-0x00007FF81EFE4000-memory.dmp	upx
behavioral1/memory/4400-1176-0x00007FF822630000-0x00007FF82263F000-memory.dmp	upx
behavioral1/memory/4400-1177-0x00007FF81C5A0000-0x00007FF81C5B9000-memory.dmp	upx
behavioral1/memory/4400-1180-0x00007FF81BC00000-0x00007FF81BC2D000-memory.dmp	upx
behavioral1/memory/4400-1181-0x00007FF81B630000-0x00007FF81B664000-memory.dmp	upx
behavioral1/memory/4400-1179-0x00007FF81BFB0000-0x00007FF81BFC9000-memory.dmp	upx
behavioral1/memory/4400-1178-0x00007FF81F620000-0x00007FF81F62D000-memory.dmp	upx
behavioral1/memory/4400-1184-0x00007FF809A40000-0x00007FF809AFC000-memory.dmp	upx
behavioral1/memory/4400-1185-0x00007FF81AD00000-0x00007FF81AD2B000-memory.dmp	upx
behavioral1/memory/4400-1183-0x00007FF81AD90000-0x00007FF81ADBE000-memory.dmp	upx
behavioral1/memory/4400-1182-0x00007FF81B000000-0x00007FF81B00D000-memory.dmp	upx
behavioral1/memory/4400-1186-0x00007FF81AD70000-0x00007FF81AD8F000-memory.dmp	upx
behavioral1/memory/4400-1187-0x00007FF8098C0000-0x00007FF809A31000-memory.dmp	upx
behavioral1/memory/4400-1188-0x00007FF81A830000-0x00007FF81A84C000-memory.dmp	upx
behavioral1/memory/4400-1189-0x00007FF809840000-0x00007FF80986E000-memory.dmp	upx
behavioral1/memory/4400-1190-0x00007FF809780000-0x00007FF809838000-memory.dmp	upx
behavioral1/memory/4400-1191-0x00007FF809400000-0x00007FF809775000-memory.dmp	upx
behavioral1/memory/4400-1192-0x00007FF819BD0000-0x00007FF819BE4000-memory.dmp	upx
behavioral1/memory/4400-1193-0x00007FF81ACF0000-0x00007FF81ACFB000-memory.dmp	upx

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
659	api.ipify.org
658	api.ipify.org

Executes dropped EXE 4 IoCs

pid	Process
6092	vapev4.10.exe
4400	vapev4.10.exe
4972	vapev4.10.exe
4852	vapev4.10.exe

Loads dropped DLL 64 IoCs

pid	Process
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe
4852	vapev4.10.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133321220338344262"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1032500962-593345068-3128969974-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1932	AnyDesk.exe
1932	AnyDesk.exe
3196	AnyDesk.exe
3196	AnyDesk.exe
2712	chrome.exe
2712	chrome.exe
2684	AnyDesk.exe
2684	AnyDesk.exe
932	chrome.exe
932	chrome.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe
4400	vapev4.10.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
2684	AnyDesk.exe
2684	AnyDesk.exe
2684	AnyDesk.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2684	AnyDesk.exe
2684	AnyDesk.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
4204	7zG.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
2684	AnyDesk.exe
2684	AnyDesk.exe
2684	AnyDesk.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2684	AnyDesk.exe
2684	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 1932	3196	AnyDesk.exe	66
PID 3196 wrote to memory of 1932	3196	AnyDesk.exe	66
PID 3196 wrote to memory of 1932	3196	AnyDesk.exe	66
PID 3196 wrote to memory of 2684	3196	AnyDesk.exe	67
PID 3196 wrote to memory of 2684	3196	AnyDesk.exe	67
PID 3196 wrote to memory of 2684	3196	AnyDesk.exe	67
PID 2712 wrote to memory of 208	2712	chrome.exe	71
PID 2712 wrote to memory of 208	2712	chrome.exe	71
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 844	2712	chrome.exe	73
PID 2712 wrote to memory of 2660	2712	chrome.exe	72
PID 2712 wrote to memory of 2660	2712	chrome.exe	72
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74
PID 2712 wrote to memory of 1160	2712	chrome.exe	74

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff81b799758,0x7ff81b799768,0x7ff81b799778
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:2
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4672 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3268 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3016 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4960 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3024 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5440 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6300 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6520 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6480 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6744 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6168 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7228 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7084 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6008 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5876 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5652 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5576 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7572 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7936 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7924 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7896 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6500 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7884 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7756 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7720 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6456 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7352 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8488 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7528 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5628 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8244 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8536 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8548 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8684 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9068 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9728 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9928 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9908 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9896 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9780 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9668 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8092 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:8
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=3188 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10484 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=1516 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=4628 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7552 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4992 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=11216 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=11244 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=5800 --field-trial-handle=1692,i,6934918379578932944,14368558442062702695,131072 /prefetch:1
  2⤵
  PID:5600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1668

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc
1⤵
PID:3152

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4184

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\main.exe\" -spe -an -ai#7zMap17236:78:7zEvent16572
1⤵
- Suspicious use of FindShellTrayWindow
PID:4204

C:\Users\Admin\Downloads\main.exe\vapev4.10.exe
"C:\Users\Admin\Downloads\main.exe\vapev4.10.exe"
1⤵
- Executes dropped EXE
PID:6092
- C:\Users\Admin\Downloads\main.exe\vapev4.10.exe
  "C:\Users\Admin\Downloads\main.exe\vapev4.10.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
    3⤵
    PID:5672
  - - C:\Windows\System32\wbem\WMIC.exe
      C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
      4⤵
      PID:5868

C:\Users\Admin\Downloads\main.exe\vapev4.10.exe
"C:\Users\Admin\Downloads\main.exe\vapev4.10.exe"
1⤵
- Executes dropped EXE
PID:4972
- C:\Users\Admin\Downloads\main.exe\vapev4.10.exe
  "C:\Users\Admin\Downloads\main.exe\vapev4.10.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
1024KB

MD5
d09169ddb8ada93911943e5a7d178271

SHA1
7289998b24f5003af4d9f386b5309b7493580263

SHA256
64449f1e490919a1df0e4c8a6c15d1faccf359adacf88113618dd0f204566835

SHA512
22e944c61adb574bef0058b37f548aa8fbec097824f54925819b9111a25382a000403feb4564c418152bb7cddcf5f5ee266328fb0c91f956405d24b141b915de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
226KB

MD5
648a74fe72e9a08f36417480bb580215

SHA1
1542930a842ce9cbcec82b4b16f722b440ee3932

SHA256
5dcf56ae3c35b265b012971ff56fda0f2a1b544b7915515748c556948d3e54d5

SHA512
b7598c8b5f3a02bfae94b6fea3dd66e280567c02dcfc6ef68f95a0c28c685b25a6b21b702926bbdce340dfdaf27dd929a83787b514e8001ea5d1dcf47b068f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
1024KB

MD5
a721c381435acb81dc2f0df419494c98

SHA1
1891b03395d1885dec084597f918abbbdce8b51c

SHA256
21f90877ebd93afba1e55a88c7f4e6e3aeae57a5c4a2100a1c75a1fb86a063dd

SHA512
6af9d674ff832b77f00193aee9b9acc90d78644a7e3ff3d4413835b4c262da0245bdd47a0247bb41df56124e6f87c629c0d4dd79e8ca00aff86acc44cf361e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
632e4e7d9000485b811a549c55c3ac79

SHA1
3a8dd14edada0dde485f96fac3a65f68f0ad17ed

SHA256
257e91297679c8bad79a53fa445a6e27573f32f714c4383f07af9b0b79e9fca3

SHA512
b8447b59664a0bfdf009aa55a3b6b424498cf42bc21f178301daa1bf01c2044c01e07ed1aee1cfb42686a4eaf6193b3322a175323f082d5fc26794a4721381a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2a631c3c4147f5a89d057be0ddb05652

SHA1
751b1a2dc36de9ed5393c0a511ac0e1a961393f9

SHA256
defbe5be6f717251c8d040ea5da49362f0ed927828a50f9b198a3c627a286660

SHA512
86d9d5b1046909cd6a48474e75a08631c1a56513fd6e26bb250f1835d43ce15b671518ee547556924cac69c6c900485022ce1e7fc694f10c3dda8d2d72e42f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f475e1fa66ff49b4b6934d7f3c66dbf9

SHA1
44de3f0ab885a73b348f530e6b4d142cfe4eed5b

SHA256
83be2bea2d910125a89a91c09903942018936d8f0443504241dc63b4b9b0fb68

SHA512
68ba256d110e2f3670bd921bafb9296e72baa03e4096326b3c8edff79ecd246c730950fb1d2697454e8f4b38011a156508edda8622031286e3fd89fee9626ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
91983f828edbd13f977704c5df4dfd3c

SHA1
fb5e86c6cea6c81a68c505401928b5b7db24dbe4

SHA256
0ebb4a616bf224beb45a788930e74135ec1d1d52bcb55e7172363db5df9685af

SHA512
fa53235c1d8dc208febeb152b93bde0d50bf4de9ebf23d40eb1242738c72298dfe3dd144c521464493a3ddef34f52db8e80743c2f52441ea64bc45bbf877566b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
8c58a4c609ce6b39119107d85871ec3d

SHA1
8465dc035e9532505c9f208da7a92a90db49b437

SHA256
98af7cc68d4262caa0a409b1c84815299c54198a9c903565feed8d4843f258d0

SHA512
5b588189605107fa4fce7afaab54e910eb092f0493009fbcebcf2c1ef35bd9eb60dda688bcd4f77d5cd5acd24d118bf8450408b62657d1d231ed7920a0b911d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
161a5792c6a7f28da7526cf85853d9ba

SHA1
fa408b8d247119bf486d77442d96decfce07dded

SHA256
b3828da13a10c809b264e3bb1a492c002dc040e4650f50f978ecf12644dda24a

SHA512
ecc5d9ba24b26b442da29f69072b815e10cf75bada9dd6b8c5ec1c52a924eda393c7ab547c89ed7a93178b89d6e5253488e9c81d3b2c72eb8479e77fb719c2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
af58315af047f9fe60f12cc50ad00687

SHA1
564c54351ed46082c59c73533ebd3311c9164761

SHA256
34dabfb7adc8bcbfd48ef2c37a65c092e405430af479aa24d6c20838e5fc4bc8

SHA512
b0ff064d8f886228b3537d5f79e865fa11badab99a6be842f68c57b14a258799400124209f757121017344a6a2beabf22c7abf1d312ab885b80e71a1f7951825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
186005f63783cd497bd05c4bac0fd597

SHA1
a6d803876bec8648b252f10c5b0a0272577f9d1e

SHA256
5122b271b525e68afb872283947125a4d5b739f4ffa7bc84dbf63efa6e244a6a

SHA512
083afe910752556bbfffb2af73e026dfcce99aa9ca8de04d15959a47ca35f081c260d3cc3e95bd409fb99297546f076af68a9bf09c0ad69eed80a7d73832aed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
128da61d3c741d6f9dfc9173a22539af

SHA1
a85e57c2598c5ad0509e267306caf86f90a7972f

SHA256
2c1305e4b1bd98cb21998af3809187dca73d7e1c43329379154d0621ea250a12

SHA512
d9d9864752b54a8aacc1e1d5f0b620283f90e2535d729297df0b3daeda4ef8b54d4ae6c16b5654e6601133f5cb48cf9d1179d1819db169adbe89fbe546c2d1d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
bfb7da2b71a41fd8ac8d5635ede325da

SHA1
d74e902459d2d2b1b50b323eca9a4d8c26ffa0e1

SHA256
a06977017ee2415f226fb0028e9f1fbdaecb3c7bea72e39310f075bc511e1bc5

SHA512
094fc899860adc7700ec4f5014d8d46839b90efdd38f28fbd5ae8f492ca4e9cfa9cc5bd6717107681921985b73b0ee84741b45ecd740c52310e07e9106cd7671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
bfec41dbeb37ad24a21df6c6e84a93ff

SHA1
422e9d2641224e403a173ecf662358f809922b05

SHA256
fdb16236f3fe8d189fda89620677fea4600ea4e68db3b66c06696216de048845

SHA512
c92e0773d67ca453ff05ba33604230cda29ee4329c45e679e826866026e2b2f3efe99cab6e62763c254ff0697ad2a0f8b90364d4cbf99c2b259588c3e4736935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
61533108969c353756542dd4b4f6feb2

SHA1
9a475a9efcf5769ce39542915ebb0766f54248fe

SHA256
f70937571a8c646881f43d0871e62049fa5c9a82c206687b505416f811e2fc6a

SHA512
eda8eae4e2c529df9e23d9bad840797609e1cbacda83cdbfbe6f8908be366d70c4b4fbe4008d0bffc2fb62921ff5f26fa5c6e4cf2d97774e86439d9e3083a65c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f944e4c474e25bb7f4fd54bde226f01c

SHA1
fac584fecc39f3ff49e94c3fbf50b6c2d39ab24c

SHA256
8476c9b42b647bc9831b586a680e2477a169d75b69fd02cd04f79be311f042e0

SHA512
7d78378f852c42d27b33cb31f66021a388bb549431aaf764f4a9ac21a31741a1753fcd297e69cfa13dce13147100dede2d0e2be33534e8b40e0cdcd00e8e81a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9ef25a9b87bea681838a0783c5145341

SHA1
4079ab006cb7b19efb198ebe67f7385756e9cfbe

SHA256
0c3ffab9f7504cabe629fd4806e7bfcd77a4d1f7bc621c39ed213693a98c1caa

SHA512
ffbd827371dc6f9cee1dfdb092838e4b1cfb758df445fbfbf2d42c2c7d02db39d68e36bd4c4f54f7b771f3843b5c19d9018d53b6acd77f0d88dc9273b17005b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8b114988b582ccdb10a5d8e9781455e6

SHA1
8c3c36a2eef507dd9f58ba5817d65fac3b0ca305

SHA256
e0227a523c3028af8e63b3bc501876f2257c9f18bd6770e2c6b95b49d4d8f29f

SHA512
252a311224ae2cf2a3afe663d4f85d5346b9cd2a821905bf9cb885e3c83043a126dc07e1352dd82d3e07d9b25b7e0d2cfafcbf90445552ec0a08e28e2f5f873e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c7951aa765fecb0f8058d1bce4293cfb

SHA1
b61aa1e6803123fe8a105e4df1a85125e0c91d56

SHA256
d801b68b41efb8a74f855fe82ca85f1ee4fe7a842b0c1880de4b8f429a976ec2

SHA512
c5ae8b20607d61f79082dca367787e5f1e119f76d8fea861a1c42e7d7c1e02effd6fbf49b4abca40d772838352a5ced10cafcca3eb47f992529f0a9068b5b314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f2d71f28-2a5b-41df-9eb9-a4a2fc664823.tmp

Filesize
5KB

MD5
9174e7a478dd8a5b087cf025b378621b

SHA1
95db31dc1a74ddadead87eceeccdcb2daa08c540

SHA256
bfe3793858ffe29cba297748b335f97af1cc712cdffd36b411e8b3aa32908b15

SHA512
83682d5028f6b80aa95c9f54f023b77bba4410b01b3ec1d59829cd0f5e3fef765ee4338941c8f5b83891e097e9a4ca7e008558452b679e52aa3e283fe6cc1035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
cc2e43296abb7bea3c49d8bf05ee4829

SHA1
6dd734d4ea7eb1e3f1b3be36af29040f642aabd4

SHA256
4c5ea6e32cd17798c8a51ad2d230ce2f329674e3d1270a06c9813133e6ebcad7

SHA512
9590c97eb0375ebbc94290a0879f6771fbfa25cc3001fbef15832c3dc584860e3d1bd5300722a956007657099f27467f024079db63c1fe64fba823ff5882121a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
529603de9e5ecb5ee1fb2a990e298820

SHA1
b62aa48cd8f88f9e1347eb8b7f1b8bcfe1d7b551

SHA256
b2834eb78941b4339af0f2b8f87e056fc146141ff2a63a857b7b28ae4136e153

SHA512
2b58a78317218288fcaee0975a373c43e5f0e5b67ac2caaa5b63b9d12b33b39f20559551788cf1839ae616115d435d0916ab51e68ce2f07e4089d5ff530dd635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
ba2fa1ec223b3829db1c72e8433398fa

SHA1
b233761b6657220aadefeb0d5ef08ad9d53687ec

SHA256
291098b444b697b1a51e102d4acb3574991b6a66c22b57625ed2652313f82ac0

SHA512
397e7a617b12cd25de0c8fc2081f9aa50388cfbb4c89d6c329362edebf55b472c371af8ac26385b134b40d8adecad2fd6af48c9658bfb88911bcaa00c6bbd13d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59ea08.TMP

Filesize
93KB

MD5
487ee892ecd06364bcf3ecd3f04e48ac

SHA1
f93a262d50b7b2afb473771d346765292d49fe0f

SHA256
e197cdc0849fdbe1f83b99ca997518876006d2adc255dd6c0efab8a972c763f7

SHA512
367d7a5f576a9f6eb402882b15fd6d762cf079f2e2a395d9877c83ebe630521cb45542949c815a19fec727aab6bf5f8077d29425adaebba9e84f07a1b8f51c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
ba62866270c3b6fd41de3af41a49631a

SHA1
23d9d8c7842810f4c083e066213f1bbed8c52ca1

SHA256
881a5ae6e84c45f14284ff47bb65d349e7f7bd2b2e5988ae0d37db8033481c3a

SHA512
0389310d01732370b1108572dc8a7c52276c1d486ba0f03d47f97248e8d2c5084613498d5eded6b85f3927826a5594a6c787f1181c20d215892c77a4fe25bfca

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
50a4ebf207b9b5a369d65867bc7379fd

SHA1
98d3adad5fc87e2c90d63677675bc65a655f65fd

SHA256
cd03249959a7bbb1356d5c427ad2893707702ae90922590492f97e2da2ac6b64

SHA512
cf5f69b1795ffd212d5ae9098e459110912c5683dc2898bafc35d0ed070464521e74179f7c6ed4411f20c6f9ed8b9050d7a27d20f6a2aa62ad9e2ffb759b3423

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
7ebd5440f4ca17bda75230f8cb785fc2

SHA1
0ef76c12202abc496309cdb8cf7cf32dccd85626

SHA256
dd0e52e35f05048952a6d8904381b976139b27746e960919379ceb9545602a17

SHA512
6093ca8a51baf00160e9868481b57eac8ed6aa6ef2bb15f66109c781f729caab9b40998f741cb73b6e0e202d518d655e4ef38651895167e7047df22863ddeaa6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
7ebd5440f4ca17bda75230f8cb785fc2

SHA1
0ef76c12202abc496309cdb8cf7cf32dccd85626

SHA256
dd0e52e35f05048952a6d8904381b976139b27746e960919379ceb9545602a17

SHA512
6093ca8a51baf00160e9868481b57eac8ed6aa6ef2bb15f66109c781f729caab9b40998f741cb73b6e0e202d518d655e4ef38651895167e7047df22863ddeaa6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
06d623fcb461399690231e8b48513460

SHA1
903de7b234c672a414ea8177f06a659ab34b5637

SHA256
e03b4c0ecd6aae53b67b00ba7aefced53e8e16ec5d624aa0aefa32fd4b9a566b

SHA512
6c7826e75c9c0fd9e6950fd59d9cdc72351ddfc349e2ead8687b0604af1fc003ec2c1ab01d44551a5ff83dda9448bf7823e4afebae6e5dbb38b25114412975d6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
df0e8d35fc584e19c32b7f8aa6956b9d

SHA1
7aa302e44bbb0fdf5d14087e26f6a569fcba5ff1

SHA256
62425aa376698fe5de90c9c44f45155254912287267c4e5c37629a2900e5fcdb

SHA512
7da92b334c0f9355c65bd06a2119e51fb37b97ec3464258160c21d29e4c2265a97b3bda7943f46ab6ce87a4c9317b8986a6ae01a1c6f33dba252364de7d7163e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
9495afc567706590c99d4fe6bee06f8b

SHA1
24abfe8a2c37eac6a5b11f8debb3e579dfd6e6e2

SHA256
013093fd87c2b8ebf5a25589416bedae2d23257277c4e7feb714d63f42cbd20c

SHA512
721a42839ea2a903cb9e8f80c239c114fb326df2062fe4ea35403fb8449f9560e6ac243edbf79a431e45f0208a388d8bc4685c3105d79106603ca2bda8608dee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
9495afc567706590c99d4fe6bee06f8b

SHA1
24abfe8a2c37eac6a5b11f8debb3e579dfd6e6e2

SHA256
013093fd87c2b8ebf5a25589416bedae2d23257277c4e7feb714d63f42cbd20c

SHA512
721a42839ea2a903cb9e8f80c239c114fb326df2062fe4ea35403fb8449f9560e6ac243edbf79a431e45f0208a388d8bc4685c3105d79106603ca2bda8608dee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
9495afc567706590c99d4fe6bee06f8b

SHA1
24abfe8a2c37eac6a5b11f8debb3e579dfd6e6e2

SHA256
013093fd87c2b8ebf5a25589416bedae2d23257277c4e7feb714d63f42cbd20c

SHA512
721a42839ea2a903cb9e8f80c239c114fb326df2062fe4ea35403fb8449f9560e6ac243edbf79a431e45f0208a388d8bc4685c3105d79106603ca2bda8608dee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
3fcf0715e1003d1727e1148b0e244bfb

SHA1
5288d97863152d442a38efe33bf7562910eab0ee

SHA256
76ccf27c3207a7c37f8fa76f749c9fc68c8b4873caa6e56271975dc716616fa1

SHA512
1181583894cda10d308210ad07fefba2a8f3129ce035397a85bed2376c4789810f016e3663d111def6d3556ab895b043081e1e27cb9ff6293717cc800e96db99

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
3fcf0715e1003d1727e1148b0e244bfb

SHA1
5288d97863152d442a38efe33bf7562910eab0ee

SHA256
76ccf27c3207a7c37f8fa76f749c9fc68c8b4873caa6e56271975dc716616fa1

SHA512
1181583894cda10d308210ad07fefba2a8f3129ce035397a85bed2376c4789810f016e3663d111def6d3556ab895b043081e1e27cb9ff6293717cc800e96db99

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
b619048cb9d8db2e316d79fe48347a3f

SHA1
a5e0dc39d95f70199bf5d36aca71b73e9d923ae0

SHA256
82bd982c9e08bc75e65fe4e927004ffc089edd1ba5a0ee783dea017f6c00b423

SHA512
0b97432d9857d517205340d22683c9f259ceed460e12eef388efb56003da3ab94aa0100b62893ca75f219a5dbb6ae96a28bf522da499a3ba1f7b322dd57a86e1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
849B

MD5
4f33aa316ed5c569130ea3d19f3e27ca

SHA1
551543dbf913b3731ff2994f01e950c8692914a0

SHA256
6ca51e21bc791038779420d122cb802058cd8f9bc8e6dfef16388b0d08574471

SHA512
40601cc7e7b519aaf4f6f1f0b1c15a1a69a0272c96a768a48539c2a3e6ea0593c8a53f5a728df0d4b640dc2b7310e9a80c85702bcc883b63227d6d08ec0eab4b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
849B

MD5
4f33aa316ed5c569130ea3d19f3e27ca

SHA1
551543dbf913b3731ff2994f01e950c8692914a0

SHA256
6ca51e21bc791038779420d122cb802058cd8f9bc8e6dfef16388b0d08574471

SHA512
40601cc7e7b519aaf4f6f1f0b1c15a1a69a0272c96a768a48539c2a3e6ea0593c8a53f5a728df0d4b640dc2b7310e9a80c85702bcc883b63227d6d08ec0eab4b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1239fcb2bbd71c1940d4552783431569

SHA1
99056302e8fc903266d691217b26115f6086aa7f

SHA256
c9bf597e1307f241ae9d208544394a024bb3ce448903d67258283f8aeb0c8c2c

SHA512
4e3155d1366d4f346307532b37a6dfeebfebbce65d304a57a1e94212898068983e64641526e05aef43be4669897781105a37835f33deec73e754a38eae6175ba

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1239fcb2bbd71c1940d4552783431569

SHA1
99056302e8fc903266d691217b26115f6086aa7f

SHA256
c9bf597e1307f241ae9d208544394a024bb3ce448903d67258283f8aeb0c8c2c

SHA512
4e3155d1366d4f346307532b37a6dfeebfebbce65d304a57a1e94212898068983e64641526e05aef43be4669897781105a37835f33deec73e754a38eae6175ba

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
57dde259fa9520fa72e27fde86070d39

SHA1
70a628efc374960921adf0c7ba24b1f2873b0ceb

SHA256
623ef8f72ebee8e2b0fbd27e0eb834c6ae4e50dfee6ad20a16123097c7755b75

SHA512
ed045c2893d97bdfdf0550a5784ed6bc97b105e05347c3a5d4a021caff6ab3caa46606369b7c5b4f351af9c8cfb172c4d7b6c202ef69b8b1cda978dc506ca23b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
57dde259fa9520fa72e27fde86070d39

SHA1
70a628efc374960921adf0c7ba24b1f2873b0ceb

SHA256
623ef8f72ebee8e2b0fbd27e0eb834c6ae4e50dfee6ad20a16123097c7755b75

SHA512
ed045c2893d97bdfdf0550a5784ed6bc97b105e05347c3a5d4a021caff6ab3caa46606369b7c5b4f351af9c8cfb172c4d7b6c202ef69b8b1cda978dc506ca23b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
57dde259fa9520fa72e27fde86070d39

SHA1
70a628efc374960921adf0c7ba24b1f2873b0ceb

SHA256
623ef8f72ebee8e2b0fbd27e0eb834c6ae4e50dfee6ad20a16123097c7755b75

SHA512
ed045c2893d97bdfdf0550a5784ed6bc97b105e05347c3a5d4a021caff6ab3caa46606369b7c5b4f351af9c8cfb172c4d7b6c202ef69b8b1cda978dc506ca23b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
57dde259fa9520fa72e27fde86070d39

SHA1
70a628efc374960921adf0c7ba24b1f2873b0ceb

SHA256
623ef8f72ebee8e2b0fbd27e0eb834c6ae4e50dfee6ad20a16123097c7755b75

SHA512
ed045c2893d97bdfdf0550a5784ed6bc97b105e05347c3a5d4a021caff6ab3caa46606369b7c5b4f351af9c8cfb172c4d7b6c202ef69b8b1cda978dc506ca23b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
57dde259fa9520fa72e27fde86070d39

SHA1
70a628efc374960921adf0c7ba24b1f2873b0ceb

SHA256
623ef8f72ebee8e2b0fbd27e0eb834c6ae4e50dfee6ad20a16123097c7755b75

SHA512
ed045c2893d97bdfdf0550a5784ed6bc97b105e05347c3a5d4a021caff6ab3caa46606369b7c5b4f351af9c8cfb172c4d7b6c202ef69b8b1cda978dc506ca23b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
57dde259fa9520fa72e27fde86070d39

SHA1
70a628efc374960921adf0c7ba24b1f2873b0ceb

SHA256
623ef8f72ebee8e2b0fbd27e0eb834c6ae4e50dfee6ad20a16123097c7755b75

SHA512
ed045c2893d97bdfdf0550a5784ed6bc97b105e05347c3a5d4a021caff6ab3caa46606369b7c5b4f351af9c8cfb172c4d7b6c202ef69b8b1cda978dc506ca23b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
57dde259fa9520fa72e27fde86070d39

SHA1
70a628efc374960921adf0c7ba24b1f2873b0ceb

SHA256
623ef8f72ebee8e2b0fbd27e0eb834c6ae4e50dfee6ad20a16123097c7755b75

SHA512
ed045c2893d97bdfdf0550a5784ed6bc97b105e05347c3a5d4a021caff6ab3caa46606369b7c5b4f351af9c8cfb172c4d7b6c202ef69b8b1cda978dc506ca23b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
57dde259fa9520fa72e27fde86070d39

SHA1
70a628efc374960921adf0c7ba24b1f2873b0ceb

SHA256
623ef8f72ebee8e2b0fbd27e0eb834c6ae4e50dfee6ad20a16123097c7755b75

SHA512
ed045c2893d97bdfdf0550a5784ed6bc97b105e05347c3a5d4a021caff6ab3caa46606369b7c5b4f351af9c8cfb172c4d7b6c202ef69b8b1cda978dc506ca23b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
47e155300684f2548efea14274e2e22f

SHA1
7c3ac8ab6e76f984eb9cc4c859e0a8b8935d12be

SHA256
3943ce59f02a3f9659ea1acc174c9804ee5ede10bbc9e53f9ad4d6860c9c65e3

SHA512
33935bce90b1238db098cbd56d6d57b7afb5dd3fd06f4376df986dbcd006f7fd4e95b9767434c3330f5d5a117fadf841e97bb8164bc7982dfb748b622e468088

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
47e155300684f2548efea14274e2e22f

SHA1
7c3ac8ab6e76f984eb9cc4c859e0a8b8935d12be

SHA256
3943ce59f02a3f9659ea1acc174c9804ee5ede10bbc9e53f9ad4d6860c9c65e3

SHA512
33935bce90b1238db098cbd56d6d57b7afb5dd3fd06f4376df986dbcd006f7fd4e95b9767434c3330f5d5a117fadf841e97bb8164bc7982dfb748b622e468088

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
47e155300684f2548efea14274e2e22f

SHA1
7c3ac8ab6e76f984eb9cc4c859e0a8b8935d12be

SHA256
3943ce59f02a3f9659ea1acc174c9804ee5ede10bbc9e53f9ad4d6860c9c65e3

SHA512
33935bce90b1238db098cbd56d6d57b7afb5dd3fd06f4376df986dbcd006f7fd4e95b9767434c3330f5d5a117fadf841e97bb8164bc7982dfb748b622e468088

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
47e155300684f2548efea14274e2e22f

SHA1
7c3ac8ab6e76f984eb9cc4c859e0a8b8935d12be

SHA256
3943ce59f02a3f9659ea1acc174c9804ee5ede10bbc9e53f9ad4d6860c9c65e3

SHA512
33935bce90b1238db098cbd56d6d57b7afb5dd3fd06f4376df986dbcd006f7fd4e95b9767434c3330f5d5a117fadf841e97bb8164bc7982dfb748b622e468088

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
47e155300684f2548efea14274e2e22f

SHA1
7c3ac8ab6e76f984eb9cc4c859e0a8b8935d12be

SHA256
3943ce59f02a3f9659ea1acc174c9804ee5ede10bbc9e53f9ad4d6860c9c65e3

SHA512
33935bce90b1238db098cbd56d6d57b7afb5dd3fd06f4376df986dbcd006f7fd4e95b9767434c3330f5d5a117fadf841e97bb8164bc7982dfb748b622e468088

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
5KB

MD5
47e155300684f2548efea14274e2e22f

SHA1
7c3ac8ab6e76f984eb9cc4c859e0a8b8935d12be

SHA256
3943ce59f02a3f9659ea1acc174c9804ee5ede10bbc9e53f9ad4d6860c9c65e3

SHA512
33935bce90b1238db098cbd56d6d57b7afb5dd3fd06f4376df986dbcd006f7fd4e95b9767434c3330f5d5a117fadf841e97bb8164bc7982dfb748b622e468088

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
189c424a247a5de8efb02da289e434df

SHA1
9e3481b15b4865dff2e8b986a4b9c9d57d862411

SHA256
ce72341d016a0b0defce9a556b6469ac673a935158e060d847680be11231d439

SHA512
83df435213355dcd4c8f0bc434e6f7be0c1ab60de79a138f2405bc6f48a3110a688fce860b6f17bc1fb226fd8d8659489da4488ced970037e59befebb2d5b964

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
367cc1d60286ac138ad24af87e5aac32

SHA1
86ccad29ddd30f2b8e64371b8d510db078980155

SHA256
b380c8b0dc02b33955ba2987e2877b64267e6f8ffb4066ea5999c2b1bbc36268

SHA512
2d01c29e003bc096570d5a551432923dfbdf8a6b59b0013767815e57ca2f29b1e5ca62a61a803e79a1a015c330db2e43cdef91b2717ca1f9494fa3d50c20495a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
367cc1d60286ac138ad24af87e5aac32

SHA1
86ccad29ddd30f2b8e64371b8d510db078980155

SHA256
b380c8b0dc02b33955ba2987e2877b64267e6f8ffb4066ea5999c2b1bbc36268

SHA512
2d01c29e003bc096570d5a551432923dfbdf8a6b59b0013767815e57ca2f29b1e5ca62a61a803e79a1a015c330db2e43cdef91b2717ca1f9494fa3d50c20495a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
aac96b777038b42865746be3d1c51bb4

SHA1
261599452594bc054fae039a9e7ec9b1d0838c05

SHA256
f68b0a02212e1c8d74c4f9b01924d1d2bd9dc0128527fea4c89db44ca0dd9c61

SHA512
c558354af909fd5e08dfe0687dbf6ffd85d28dc5e15ca13bc9f7484f4f598195c95bef3abba5517a436b607347297f1babb150e52a82c97044a9ba24a08560ba

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
33db1198727136a4238984b6c474140f

SHA1
1d8f68b49bd62f7ae9527da0e12664427ec30179

SHA256
99f2378087aff96cd7d2af2d29829662fc48e965c2517c0c4ead98ca7b001201

SHA512
6a8c4fb3db456f3e4578960ce3dea33e3e8509fed72074f02e2cd70c1d7aebb2ec8df654e1c3365465b5390f680213e29a1d50d541cd6787b1a5479be422b354

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
3ee40fdd904d39b78e6eb979566006dd

SHA1
b165e491f918900f9a5091dc306e3fe729b330b4

SHA256
eaf434481d3a1a0b5863e72741c0ea402bcff5ae07384dd86f7b62cc76d7d2e4

SHA512
904392ff274f36ebdf75e145e2120945255baf5f401cd8fb0cb0c65ede4cdd110bf0f72330f1fee3a111be8ea82fee69622938ca23948c9d0b26f552cd928805

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
18eeb2f58d69e4497a0534a5e633c60f

SHA1
e052d699a8e9cec22fc5833cfe197b41407101ab

SHA256
92acafca0332410e2c67cea057965ec883a06fdf2b504695fc32924c86ae8204

SHA512
d7252cbded7307f0bd5ba6133c20b2fa0d1b6e9bff2e88ae306706957f6c181927f4226e84f23d30309cef8895aec00e87dcc97af8436dabc9adb7cae78d43d2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
18eeb2f58d69e4497a0534a5e633c60f

SHA1
e052d699a8e9cec22fc5833cfe197b41407101ab

SHA256
92acafca0332410e2c67cea057965ec883a06fdf2b504695fc32924c86ae8204

SHA512
d7252cbded7307f0bd5ba6133c20b2fa0d1b6e9bff2e88ae306706957f6c181927f4226e84f23d30309cef8895aec00e87dcc97af8436dabc9adb7cae78d43d2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
9cdcb0880057e688dd73d293f1da80ff

SHA1
9347737ae268e7b9833fb3144fcdc4a8c07f2bd1

SHA256
9ae79c9cddb44a53b0707a1649f0c330d3614868cdf9b849d4cdeec8651eb034

SHA512
f60083f1f51e8a9b5720583eb1c91a10061f9c37ddeb1ff79c4e8204aabbef6fcec1922a89acd732e31f71160d3f02443ab95d6c80ce680cfe1c7d18436371f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
69b42064f705bcef528602d744b77c25

SHA1
a318e3a731ed1de01c2be43d177f0245b6189966

SHA256
f268d4fec35c95343f2f3757ec1d4a254fea6b1eaa53789566a8a7b4a56f7d47

SHA512
495f5aa98074b6b664569f4a6cf811ccfb6a511272b6295e87bd21cd0b59d64ec41abac18bfaa300c3d4860a9e3e7cf6ca0a980f0c1e45147b40aeac1443f946

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
b6d6885cf86fc0a34a1efb733024dcfb

SHA1
eaae65f4af41a186acd6609a6146c8c1e7274bca

SHA256
c82c021822a91c97d6a2c4a08ebd7e8c0f6d47354d8c40a75c4e36814defb44a

SHA512
a59e68cbce3f0fc710d8493b50faa8dd35636def928419ef8e20658112d42734a8580c9ebc6ea727beab6ec0ef6c89274e1e1f6b2c2c3157cc49263eb79a04c9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
f0fc64f636352e5b32fff053c4b0f352

SHA1
82bbc28863d371ec6374222a931dbe243d2ca0cc

SHA256
2e5d4d0e34fd793afc6453c7a3437b28fe2a9f735d11cba4ffec17168adf693c

SHA512
8152413d21382f800c1f33c590c2dcfaa3041e2d02bbad66e99f241a1a36123264b46d67e1db4f04085d43a272386bae123f077e81eb5eb79165511c8fa4a171

Download Submit
memory/1932-381-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/1932-364-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/1932-138-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/1932-324-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/2684-147-0x00000000019E0000-0x00000000019E1000-memory.dmp

Filesize
4KB

Download
memory/2684-325-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/2684-390-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/2684-139-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/3196-328-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/3196-363-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/3196-121-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/3196-137-0x0000000004FA0000-0x0000000004FA1000-memory.dmp

Filesize
4KB

Download
memory/3196-136-0x0000000004F90000-0x0000000004F91000-memory.dmp

Filesize
4KB

Download
memory/3196-314-0x0000000000810000-0x0000000001894000-memory.dmp

Filesize
16.5MB

Download
memory/3196-123-0x0000000001A50000-0x0000000001A51000-memory.dmp

Filesize
4KB

Download
memory/4400-1124-0x00007FF81B000000-0x00007FF81B00D000-memory.dmp

Filesize
52KB

Download
memory/4400-1185-0x00007FF81AD00000-0x00007FF81AD2B000-memory.dmp

Filesize
172KB

Download
memory/4400-1113-0x00007FF81F620000-0x00007FF81F62D000-memory.dmp

Filesize
52KB

Download
memory/4400-1114-0x00007FF81BFB0000-0x00007FF81BFC9000-memory.dmp

Filesize
100KB

Download
memory/4400-1115-0x00007FF81AD90000-0x00007FF81ADBE000-memory.dmp

Filesize
184KB

Download
memory/4400-1122-0x00007FF81BC00000-0x00007FF81BC2D000-memory.dmp

Filesize
180KB

Download
memory/4400-1123-0x00007FF81B630000-0x00007FF81B664000-memory.dmp

Filesize
208KB

Download
memory/4400-1111-0x00007FF822630000-0x00007FF82263F000-memory.dmp

Filesize
60KB

Download
memory/4400-1126-0x00007FF81AD00000-0x00007FF81AD2B000-memory.dmp

Filesize
172KB

Download
memory/4400-1125-0x00007FF809A40000-0x00007FF809AFC000-memory.dmp

Filesize
752KB

Download
memory/4400-1127-0x00007FF81AD70000-0x00007FF81AD8F000-memory.dmp

Filesize
124KB

Download
memory/4400-1128-0x00007FF8098C0000-0x00007FF809A31000-memory.dmp

Filesize
1.4MB

Download
memory/4400-1130-0x00007FF809840000-0x00007FF80986E000-memory.dmp

Filesize
184KB

Download
memory/4400-1129-0x00007FF81A830000-0x00007FF81A84C000-memory.dmp

Filesize
112KB

Download
memory/4400-1131-0x00007FF809780000-0x00007FF809838000-memory.dmp

Filesize
736KB

Download
memory/4400-1132-0x00007FF809400000-0x00007FF809775000-memory.dmp

Filesize
3.5MB

Download
memory/4400-1133-0x0000018E7F0D0000-0x0000018E7F445000-memory.dmp

Filesize
3.5MB

Download
memory/4400-1134-0x00007FF819BD0000-0x00007FF819BE4000-memory.dmp

Filesize
80KB

Download
memory/4400-1135-0x00007FF81ACF0000-0x00007FF81ACFB000-memory.dmp

Filesize
44KB

Download
memory/4400-1137-0x00007FF8198A0000-0x00007FF8198AB000-memory.dmp

Filesize
44KB

Download
memory/4400-1136-0x00007FF8093D0000-0x00007FF8093F5000-memory.dmp

Filesize
148KB

Download
memory/4400-1138-0x00007FF819890000-0x00007FF81989C000-memory.dmp

Filesize
48KB

Download
memory/4400-1140-0x00007FF80F780000-0x00007FF80F78C000-memory.dmp

Filesize
48KB

Download
memory/4400-1141-0x00007FF809260000-0x00007FF80926D000-memory.dmp

Filesize
52KB

Download
memory/4400-1139-0x00007FF816BC0000-0x00007FF816BCC000-memory.dmp

Filesize
48KB

Download
memory/4400-1142-0x00007FF809250000-0x00007FF80925E000-memory.dmp

Filesize
56KB

Download
memory/4400-1143-0x00007FF809230000-0x00007FF80923C000-memory.dmp

Filesize
48KB

Download
memory/4400-1144-0x00007FF809210000-0x00007FF80921B000-memory.dmp

Filesize
44KB

Download
memory/4400-1145-0x00007FF8091E0000-0x00007FF8091ED000-memory.dmp

Filesize
52KB

Download
memory/4400-1146-0x00007FF8091C0000-0x00007FF8091D2000-memory.dmp

Filesize
72KB

Download
memory/4400-1150-0x00007FF808F50000-0x00007FF8091A2000-memory.dmp

Filesize
2.3MB

Download
memory/4400-1151-0x00007FF808F10000-0x00007FF808F39000-memory.dmp

Filesize
164KB

Download
memory/4400-1108-0x00007FF81EFC0000-0x00007FF81EFE4000-memory.dmp

Filesize
144KB

Download
memory/4400-1163-0x00007FF8092B0000-0x00007FF8093C8000-memory.dmp

Filesize
1.1MB

Download
memory/4400-1164-0x00007FF809270000-0x00007FF8092A8000-memory.dmp

Filesize
224KB

Download
memory/4400-1165-0x00007FF81A600000-0x00007FF81A60B000-memory.dmp

Filesize
44KB

Download
memory/4400-1167-0x00007FF813C20000-0x00007FF813C2B000-memory.dmp

Filesize
44KB

Download
memory/4400-1166-0x00007FF818C40000-0x00007FF818C4B000-memory.dmp

Filesize
44KB

Download
memory/4400-1168-0x00007FF809240000-0x00007FF80924C000-memory.dmp

Filesize
48KB

Download
memory/4400-1170-0x00007FF809200000-0x00007FF80920C000-memory.dmp

Filesize
48KB

Download
memory/4400-1169-0x00007FF809220000-0x00007FF80922B000-memory.dmp

Filesize
44KB

Download
memory/4400-1171-0x00007FF8091F0000-0x00007FF8091FC000-memory.dmp

Filesize
48KB

Download
memory/4400-1172-0x00007FF8091B0000-0x00007FF8091BC000-memory.dmp

Filesize
48KB

Download
memory/4400-1173-0x00007FF808F40000-0x00007FF808F4A000-memory.dmp

Filesize
40KB

Download
memory/4400-1174-0x00007FF809B00000-0x00007FF809F6E000-memory.dmp

Filesize
4.4MB

Download
memory/4400-1175-0x00007FF81EFC0000-0x00007FF81EFE4000-memory.dmp

Filesize
144KB

Download
memory/4400-1176-0x00007FF822630000-0x00007FF82263F000-memory.dmp

Filesize
60KB

Download
memory/4400-1177-0x00007FF81C5A0000-0x00007FF81C5B9000-memory.dmp

Filesize
100KB

Download
memory/4400-1180-0x00007FF81BC00000-0x00007FF81BC2D000-memory.dmp

Filesize
180KB

Download
memory/4400-1181-0x00007FF81B630000-0x00007FF81B664000-memory.dmp

Filesize
208KB

Download
memory/4400-1179-0x00007FF81BFB0000-0x00007FF81BFC9000-memory.dmp

Filesize
100KB

Download
memory/4400-1178-0x00007FF81F620000-0x00007FF81F62D000-memory.dmp

Filesize
52KB

Download
memory/4400-1184-0x00007FF809A40000-0x00007FF809AFC000-memory.dmp

Filesize
752KB

Download
memory/4400-1112-0x00007FF81C5A0000-0x00007FF81C5B9000-memory.dmp

Filesize
100KB

Download
memory/4400-1183-0x00007FF81AD90000-0x00007FF81ADBE000-memory.dmp

Filesize
184KB

Download
memory/4400-1182-0x00007FF81B000000-0x00007FF81B00D000-memory.dmp

Filesize
52KB

Download
memory/4400-1186-0x00007FF81AD70000-0x00007FF81AD8F000-memory.dmp

Filesize
124KB

Download
memory/4400-1187-0x00007FF8098C0000-0x00007FF809A31000-memory.dmp

Filesize
1.4MB

Download
memory/4400-1188-0x00007FF81A830000-0x00007FF81A84C000-memory.dmp

Filesize
112KB

Download
memory/4400-1189-0x00007FF809840000-0x00007FF80986E000-memory.dmp

Filesize
184KB

Download
memory/4400-1190-0x00007FF809780000-0x00007FF809838000-memory.dmp

Filesize
736KB

Download
memory/4400-1191-0x00007FF809400000-0x00007FF809775000-memory.dmp

Filesize
3.5MB

Download
memory/4400-1192-0x00007FF819BD0000-0x00007FF819BE4000-memory.dmp

Filesize
80KB

Download
memory/4400-1193-0x00007FF81ACF0000-0x00007FF81ACFB000-memory.dmp

Filesize
44KB

Download
memory/4400-1194-0x00007FF8093D0000-0x00007FF8093F5000-memory.dmp

Filesize
148KB

Download
memory/4400-1195-0x00007FF8092B0000-0x00007FF8093C8000-memory.dmp

Filesize
1.1MB

Download
memory/4400-1196-0x00007FF809270000-0x00007FF8092A8000-memory.dmp

Filesize
224KB

Download
memory/4400-1197-0x00007FF808F50000-0x00007FF8091A2000-memory.dmp

Filesize
2.3MB

Download
memory/4400-1198-0x00007FF808F40000-0x00007FF808F4A000-memory.dmp

Filesize
40KB

Download
memory/4400-1199-0x00007FF808F10000-0x00007FF808F39000-memory.dmp

Filesize
164KB

Download
memory/4400-1107-0x00007FF809B00000-0x00007FF809F6E000-memory.dmp

Filesize
4.4MB

Download
memory/4852-1405-0x00007FF822630000-0x00007FF82263F000-memory.dmp

Filesize
60KB

Download
memory/4852-1407-0x00007FF81F620000-0x00007FF81F62D000-memory.dmp

Filesize
52KB

Download
memory/4852-1368-0x00007FF81C5A0000-0x00007FF81C5B9000-memory.dmp

Filesize
100KB

Download
memory/4852-1369-0x00007FF81F620000-0x00007FF81F62D000-memory.dmp

Filesize
52KB

Download
memory/4852-1370-0x00007FF81B640000-0x00007FF81B66D000-memory.dmp

Filesize
180KB

Download
memory/4852-1371-0x00007FF81AD80000-0x00007FF81ADB4000-memory.dmp

Filesize
208KB

Download
memory/4852-1374-0x00007FF81BFB0000-0x00007FF81BFC9000-memory.dmp

Filesize
100KB

Download
memory/4852-1375-0x00007FF81EFC0000-0x00007FF81EFCD000-memory.dmp

Filesize
52KB

Download
memory/4852-1376-0x00007FF81AD00000-0x00007FF81AD2E000-memory.dmp

Filesize
184KB

Download
memory/4852-1377-0x00007FF809A40000-0x00007FF809AFC000-memory.dmp

Filesize
752KB

Download
memory/4852-1406-0x00007FF81C5A0000-0x00007FF81C5B9000-memory.dmp

Filesize
100KB

Download
memory/4852-1379-0x00007FF81AFF0000-0x00007FF81B00F000-memory.dmp

Filesize
124KB

Download
memory/4852-1381-0x00007FF81A830000-0x00007FF81A84C000-memory.dmp

Filesize
112KB

Download
memory/4852-1380-0x00007FF809890000-0x00007FF809A01000-memory.dmp

Filesize
1.4MB

Download
memory/4852-1403-0x00007FF809B00000-0x00007FF809F6E000-memory.dmp

Filesize
4.4MB

Download
memory/4852-1404-0x00007FF81BC00000-0x00007FF81BC24000-memory.dmp

Filesize
144KB

Download
memory/4852-1367-0x00007FF822630000-0x00007FF82263F000-memory.dmp

Filesize
60KB

Download
memory/4852-1366-0x00007FF81BC00000-0x00007FF81BC24000-memory.dmp

Filesize
144KB

Download
memory/4852-1378-0x00007FF809A10000-0x00007FF809A3B000-memory.dmp

Filesize
172KB

Download
memory/4852-1408-0x00007FF81BFB0000-0x00007FF81BFC9000-memory.dmp

Filesize
100KB

Download
memory/4852-1409-0x00007FF81B640000-0x00007FF81B66D000-memory.dmp

Filesize
180KB

Download
memory/4852-1410-0x00007FF81AD80000-0x00007FF81ADB4000-memory.dmp

Filesize
208KB

Download
memory/4852-1412-0x00007FF81AD00000-0x00007FF81AD2E000-memory.dmp

Filesize
184KB

Download
memory/4852-1411-0x00007FF81EFC0000-0x00007FF81EFCD000-memory.dmp

Filesize
52KB

Download
memory/4852-1413-0x00007FF809A40000-0x00007FF809AFC000-memory.dmp

Filesize
752KB

Download
memory/4852-1414-0x00007FF809A10000-0x00007FF809A3B000-memory.dmp

Filesize
172KB

Download
memory/4852-1415-0x00007FF81AFF0000-0x00007FF81B00F000-memory.dmp

Filesize
124KB

Download
memory/4852-1416-0x00007FF809890000-0x00007FF809A01000-memory.dmp

Filesize
1.4MB

Download
memory/4852-1417-0x00007FF81A830000-0x00007FF81A84C000-memory.dmp

Filesize
112KB

Download
memory/4852-1419-0x00007FF809750000-0x00007FF809808000-memory.dmp

Filesize
736KB

Download
memory/4852-1418-0x00007FF809810000-0x00007FF80983E000-memory.dmp

Filesize
184KB

Download
memory/4852-1420-0x00007FF8093D0000-0x00007FF809745000-memory.dmp

Filesize
3.5MB

Download
memory/4852-1425-0x00007FF8093A0000-0x00007FF8093C5000-memory.dmp

Filesize
148KB

Download
memory/4852-1365-0x00007FF809B00000-0x00007FF809F6E000-memory.dmp

Filesize
4.4MB

Download