hxxp://anydesk[.]com/ru

Analysis

max time kernel
1800s
max time network
1794s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2023, 04:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://anydesk.com/ru

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Executes dropped EXE 5 IoCs

pid	Process
2232	AnyDesk.exe
5372	AnyDesk.exe
4356	AnyDesk.exe
3732	AnyDesk.exe
1228	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
4356	AnyDesk.exe
5372	AnyDesk.exe

Drops file in System32 directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4356	AnyDesk.exe
4356	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1684	chrome.exe
1684	chrome.exe
5372	AnyDesk.exe
5372	AnyDesk.exe
5372	AnyDesk.exe
5372	AnyDesk.exe
5372	AnyDesk.exe
5372	AnyDesk.exe
2388	chrome.exe
2388	chrome.exe
5372	AnyDesk.exe
5372	AnyDesk.exe
5372	AnyDesk.exe
5372	AnyDesk.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2264	NOTEPAD.EXE
1228	AnyDesk.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: 33	5144	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
3880	NOTEPAD.EXE
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe
4356	AnyDesk.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3704	firefox.exe
3732	AnyDesk.exe
3732	AnyDesk.exe
3880	NOTEPAD.EXE
3880	NOTEPAD.EXE
1228	AnyDesk.exe
1228	AnyDesk.exe
2264	NOTEPAD.EXE
2264	NOTEPAD.EXE
2264	NOTEPAD.EXE
4404	NOTEPAD.EXE
4404	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 5080 wrote to memory of 3704	5080	firefox.exe	31
PID 3704 wrote to memory of 3756	3704	firefox.exe	86
PID 3704 wrote to memory of 3756	3704	firefox.exe	86
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3092	3704	firefox.exe	87
PID 3704 wrote to memory of 3640	3704	firefox.exe	88
PID 3704 wrote to memory of 3640	3704	firefox.exe	88
PID 3704 wrote to memory of 3640	3704	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://anydesk.com/ru"
1⤵
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://anydesk.com/ru
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.0.293102688\8640009" -parentBuildID 20221007134813 -prefsHandle 1808 -prefMapHandle 1804 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24576e2f-6481-41e9-b207-d37c6ed087bf} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 1892 26d3b5ed858 gpu
    3⤵
    PID:3756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.1.1731960076\287278094" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 21676 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4010dbb0-2651-4024-b364-9a495fc5c514} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 2368 26d3b4fa158 socket
    3⤵
    - Checks processor information in registry
    PID:3092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.2.1903927066\426981251" -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3176 -prefsLen 21714 -prefMapSize 232645 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2dd971f-8d10-4c9a-8aa7-38403be3b601} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 3188 26d3f80ac58 tab
    3⤵
    PID:3640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.3.1260102633\298499800" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2054ef2-ec8b-4fbc-9622-78625dc17571} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 3588 26d2ed60758 tab
    3⤵
    PID:732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.4.1285349705\1011630335" -childID 3 -isForBrowser -prefsHandle 4864 -prefMapHandle 4212 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b8f2b7c-c405-4535-b9c6-eac969b6d7af} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4204 26d41957e58 tab
    3⤵
    PID:2676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.6.1389975521\1503303201" -childID 5 -isForBrowser -prefsHandle 3268 -prefMapHandle 5332 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7f70438-9557-44b4-b4cb-c8c89adf7e39} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5224 26d42233f58 tab
    3⤵
    PID:4052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.7.755790144\640052032" -childID 6 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fec6908b-87b6-4a12-bc86-a7abc252ac5e} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5516 26d422d1558 tab
    3⤵
    PID:3188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.5.13751300\1666491649" -childID 4 -isForBrowser -prefsHandle 5296 -prefMapHandle 5284 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95697dab-02f6-4855-94b3-44654e7f0702} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5320 26d4219fb58 tab
    3⤵
    PID:2316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.8.164647299\445447545" -parentBuildID 20221007134813 -prefsHandle 9416 -prefMapHandle 4624 -prefsLen 30180 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94299699-83f3-40e6-9fb9-38a4ad08ebc7} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 9420 26d3f80b558 rdd
    3⤵
    PID:5692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.9.1852832138\369488338" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9296 -prefMapHandle 9300 -prefsLen 30180 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b9b2338-1398-4085-bad1-4f89fc52b798} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 9288 26d3f8f2358 utility
    3⤵
    PID:4984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.10.1642417212\647923319" -childID 7 -isForBrowser -prefsHandle 6160 -prefMapHandle 4680 -prefsLen 30180 -prefMapSize 232645 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7bc5e07-96fa-46cf-923b-1a2614be01d5} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 9420 26d41f8c058 tab
    3⤵
    PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8beae9758,0x7ff8beae9768,0x7ff8beae9778
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:2
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4760 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4928 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3256 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5580 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5584 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1152 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Users\Admin\Downloads\AnyDesk.exe
  "C:\Users\Admin\Downloads\AnyDesk.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  PID:2232
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:5372
  - - C:\Users\Admin\Downloads\AnyDesk.exe
      "C:\Users\Admin\Downloads\AnyDesk.exe" --backend
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of SetWindowsHookEx
      PID:3732
  - - C:\Users\Admin\Downloads\AnyDesk.exe
      "C:\Users\Admin\Downloads\AnyDesk.exe" --backend
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:1228
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2396 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1640 --field-trial-handle=2032,i,3343301159260973937,8923932855599537678,131072 /prefetch:8
  2⤵
  PID:4940

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1272

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x478
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5144

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:6064

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.bat" "
1⤵
PID:5460
- C:\Windows\system32\rundll32.exe
  C:\Windows/system32/rundll32 user32, SwapMouseButton
  2⤵
  PID:2192

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.bat" "
1⤵
PID:3800
- C:\Windows\system32\rundll32.exe
  C:\Windows/system32/rundll32 user32, SwapMouseButton
  2⤵
  PID:5588

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\New Text Document.bat"
1⤵
PID:1984
- C:\Windows\system32\rundll32.exe
  C:\Windows/system32/rundll32 user32, SwapMouseButton
  2⤵
  PID:5108

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.bat" "
1⤵
PID:4652
- C:\Windows\system32\rundll32.exe
  C:\Windows/system32/rundll32 user32, SwapMouseButton
  2⤵
  PID:528

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4404

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New.bat" "
1⤵
PID:2036
- C:\Windows\system32\rundll32.exe
  C:\Windows/system32/rundll32 user32, SwapMouseButton
  2⤵
  PID:5920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
18KB

MD5
cbaef45dadb2747617621f4d279dd3da

SHA1
0e27fe656392b7c43447215bd19d616ac5a44324

SHA256
a1092d5c727358b11c5b6e1771652fb5b8397f87fabea841cf13569d3b02d1fe

SHA512
8ad51fe5d8842bc954b5a510d310e8987b6364b1b26ee3b3dbfc417fd5812347aeab5bf4b4b3ebae1f9107c3c9d40b186ded7175db1244a30b32536331923a4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
40KB

MD5
3704675810543ed85e43becb661e4d5f

SHA1
5a3e50c8d6aad819ebef2bd087ef5233df05e684

SHA256
89e75af743b3ba603f70f3997f295dc0c9a80abf38779165e4b53ac47ccbb2c8

SHA512
60942519632fa2dbfd1a747e3154857462943ef6880937bb86987409f2f52c21f2d260d2fb20788f68b0f7dacaa13248d321788b85f63214ec02d79ab16fc270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
49KB

MD5
ce472ea46d2efe12a9b98b13b6cba310

SHA1
b7a9ca56b5bba3a39acb7f6be40a8e796c930cd6

SHA256
aaef80feb89559054d2a2cb4316d75f136e9d4659065d49542f2214cbab72f7d

SHA512
810b1197e47d746081988c5a860e079486a44ce21ebbf3151f5fccd3f67be13c5b29f4caaa26a583cfdc88a4c9f6eeb97df3d498dbdc4331abe08f8b60ac6d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
144KB

MD5
1369e29c42f3a5aaa911ee70db581f63

SHA1
e70787f6560526bc803f5cfd101e9e1b20e0aeac

SHA256
7c8666debe140ba9cd1e65c78bb4b6e3c8fab0147e53a6d613c3510d97e2ffdd

SHA512
d82b6c032caba4d41c8a579346ffbe2f717dd46e8fcead9c81570c5fc277db209d416c3f8817d055ff675254c9d2fe65c2c348a39fae264ee5b244f0ffdd50af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
17KB

MD5
4aa052a326d93fc780e81acbb7ada3bd

SHA1
49d094ef9778e505e65c9d2a29a71d42432da9d1

SHA256
cdd67b1bf7a888b19e7225a7e455170e79b4e7a9da327b9707ffbe130dfa55f7

SHA512
2fe8afa3df36b55c96b7afa0b07073ccdcfb3aae007c2d0b8981a9b9de54c92d9f2c76266654f82162974228ab9fcdd258485c9d846ed5658ba64d884775506d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
1024KB

MD5
0dd97e35a5332b811eddf2f9e9cbd13d

SHA1
22d73380bb66ebe49f45cd1bb4e88e19cc179b12

SHA256
35dd5f27d93d1e2a29be0531695d764b1e290fc97c67c4907304839d56f934d1

SHA512
21397fad7f9f20e450c17ed01f33e3bb94b9cdea8eb43ab56bb2400c1035b697a6372b3475660977073777c7f97ffb0ee1c09b5694ec8d1e0a9f411a75ca0d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
be344ec1f217eb7c771428ef616f7d76

SHA1
5e7500a44d4e80dacf0bd2d07e1ece9db906ec54

SHA256
39857801448205d571200a5853b9b9b81c6b4524a6ae4ae25d5cc575289f81b9

SHA512
0e63f85c4ac7f91e34553fcf4d5c8f561cd0e57aa5c0cc0f126e1bd8002fe1f392a24b325188fecd38bf151f5f48bad6d53c8a2e104e893c88fcec816fb98138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c6c27f290b3c0a4233c44cb58d25db47

SHA1
8975c0bd05d6ea09b591dc6d9660ff3f685497cb

SHA256
e2306a149e7ede6c8c6d8ab2a336e2edb6df8f1eb03b9174fde25c7968b293b4

SHA512
bd73635cdcb8806ee6820f8be81f09127e763c96696d8d6e731dff6ff45956218980f4a8b4510ba3019d6604c7556365b70e2757bbf01973216d7ddf367f2798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5a24e647bdd91a2485896e9635283fee

SHA1
9905d2669e3546bed0d9f1cecbf04fbcda53b024

SHA256
7b181243be3f17136e7e64c8c4e98f05362bc970a08190ea343dd1f4c8041e94

SHA512
ec5d373ea8c48635d11a1491d5087ac22792021dcbe893f808d7363910ee6b3401e0af2b3cb4bb6ad00de0394513ed6bd264473a4d2f99a3660b71da133eebd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
abc2bc46cb6cbe84f347bd8898c0c938

SHA1
5acab9026c6e455e1e4e87b2319a5eb94fbaf775

SHA256
e923184b1b43234b7a1f0cc9d859544e4d632fca597d0359a267115d32bb460d

SHA512
279def707db5ec42db1dbe82743ab4a2f4599cef267e2511493a711154ef256e82bdf2248bd95dc7d300812dac429f7a8dde7bbedc74de6c32f97916cdb89fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fd6f7501dba93bf4d99df2a2c1277dbb

SHA1
687ed5b93ff2f3c849608b80c23e23657c98b2bc

SHA256
113df27dc2bb7c289beacdb3df6b8f1889eea9e5ae961fb0bfcc05dcb43057ed

SHA512
e85ed8c7d1687ad8619d7ac0aeaaed380ca47b46a9814bae222200bc2e13729c59f2ca701c2dfea73f63d55a3675c38857e13dd0314a68723b4443940bf5e1b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
363c361a583e51428f4bba5b56ed3af8

SHA1
16903981e56fcfedf027980ac1fdf01b8b7724a4

SHA256
db9b88e360f817f8b896d24ff3c313a5619e8e6cde473ce5f96a4452b647c037

SHA512
4f39691164b431e7d9d073ea716643490a83a994b64c1d38c8e3336088df20bb9893499d70a304f2fbc7acc6ebc9cecfd374d3baf923ff4e592a6209d9f8002f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
868B

MD5
b6fe9489346f557590794fb84e791aa9

SHA1
8dc71a6cd15e3aeb29f58593fad44cc39694a2f0

SHA256
0d842629cfa31fdca7846b87bf90868dfa8f238bbd168e4724c365eecf25e122

SHA512
4f47e655f746fd8d74dbd353afe04de312e973a9f1566b181acd0494ad3ed4998810e1fd0df5cbf6aeb0af0c79ffacb0db4588a782b1990132e35de54bbb2bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
705e60c9c33b6dd2fe21ad6a786e3a27

SHA1
bb9de4c0af6562e459d1d5650290055d25257ff8

SHA256
7d04d242e25f7156f681030953253a1740267d4af5a585bb3651e051feed85a3

SHA512
0311fa411d39a47b7d89a5b0b6cf9e8e3297676655c88bbe65cd01819f75b4a7edcfe604d49d0aa41b4862e43da84372a8cf2adadbf55ad115cf9a0d847fec62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3ce1595fe001482f7f04ed27f6dbeaa7

SHA1
c9bb76c40b473d552cbe6ecfadc9f3931dc298c3

SHA256
934f6e6263a7b94264a1b3fe75aeecacb09c19e190433ac3786e8d04cb7145a6

SHA512
d827d81c174231b77c35f7133ad233f342f966ed2ae6bce72856889b9bcbcbacef92176cf56a1e0b44f5fd8bcb250ca3ac0584d0b46866c6af5af53ee9d49d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4af055ebd9ac805d7336cf31a932880e

SHA1
1afaaedd49170e77999b887705fb014963ae1135

SHA256
b6bf831a58be545b56e3797f2df107a2bc7cfa465d708195ff547e3cdc956c09

SHA512
2a34dfb2851903fff7c01c0992410e39dfe82b6e27f848bd94cdf6ae172cc46a81bca50f474374d138d1790a34058080d3435ee82a91657e785c3fb37bcc10a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
f87a7028f7b6dccb295512fd5b8328b6

SHA1
c0e288eb0ed844c46de1b475f52252b53615b892

SHA256
876e924a1c1720c6c88e64ef2f99d94441a1546bcf4ddeb2bc6dc90ac49a45ed

SHA512
343b7919398743435396225fbc8b2c5122a108cfdceab96d5cedfe9e3836d59b66817b2269b0b2197c6cde6ac20926fb0c79c7b607e4913a6c3aa3d0dff85707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
c91ddb945ea535e5d21d74e824dafb5e

SHA1
13cffe723ad83961d675cb3e216e246d2bc92793

SHA256
0397d446855cc73944d6bbf764b05b89a00ca38d3d30c74bd7685aeefd5b4fa9

SHA512
ae4d58d7c68e29095e4d929cecb6c5629921330d428b71d6422284262b2d7f6e4456d8aa6712a75b6b2bf3c03cd2ba1e3c2443845011e16d73980b95a313111b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
50726dde3bb4ccb8afe4f38d6b6481da

SHA1
8faf0248bc17f73ebf3b31fe513d1fdeb0484368

SHA256
2e64966cfa799b4d70aa49798fa6174647d80cf98e22545118b6888bc2f952e1

SHA512
8065173a3ecd8816204ce00408da48c7f4a4640b87cddfcc1a421c5eeb1034337c3fcab4373aac0febc3c350c07b5542788e1d2e287d7aa80ffccf0011b41193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
017d7dcae272029c5362a5ad9b32adc5

SHA1
e54a04f46aee1b60f7c44865e347f819a840615c

SHA256
2572e93201b1df3d96ac3a27c19b7041afb3b05c2318a6c56171904cc5b93223

SHA512
81951381e6b1c4af0bec89159fa7eeb573952edb5324e3da74b8ef2d2c0f599c306c260c8d46f1f1f7f115c771f8d54d7f8a5014903ae43a08bb23f7cddd6197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a6979.TMP

Filesize
98KB

MD5
a4ce7ce2dd678d95fe8dad06d169e759

SHA1
83414d5a37e5579f232e508fa8a2c887267969bc

SHA256
3a163c607891cc40579dbb73524ba5bbce033a031f409dc28cd18f1e5f5f3b03

SHA512
af38e9453510031ee2fbcf5696231cdb0ffff37e56d4d62453301465752deac88daa51bb9b3e5eefb8154220d59c9144911a9e09191d4501b130617d490bad37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
0ba35bf366f45963ecb28af19a497239

SHA1
ad5d7b64eada88b8ba6cdb274a0839886447ecb3

SHA256
a3e6ee1798798eba00dacdf6534b37b746404dac266b89abbc69064e93de8061

SHA512
602d7bfe7c1f1042d733ad98f0ac7b239d2fc5e513e950b6ff5154be918a164e470444fa804b310f3e92b3e2ffa2d9f48a6707915637611db7ff01240f2ad9fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\180089313729568CF6D0CAF9991F0FA4115478F0

Filesize
13KB

MD5
d4fb9fc9303a21a14ded5cf73c53416c

SHA1
c93b83cea55e0295789cb5d539dbde5ed911bed6

SHA256
f1f5efcd917a6ec739ba17bc4e578ec1dc0433b3cab2a0c28d106a135f9997c7

SHA512
bc2d0b1398bc6748077367a5e548555efd178c3f906e15d3f2fa24ca5ebe1a2e95144e6a11eb800ac71ba953b2c371124e677f3d0a317ef748adaeb24ee8207b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
ceb40780dcaedfa14aaf8fefeb44dbce

SHA1
890052c42aec1552832390b20b544b73d4b99de5

SHA256
1d6e83e25c970063ef7a8a292e1e008a90ab74b28dad6d7a4f373f97e36111d3

SHA512
e0b30a9fbe63e8f067577e96711feefc5c7fb8af86f74115fcb92b34f8f97c1c9a31931dbf052f8db63120d6b0acb0fa307c26ade526d63769f626f08d599d9c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
ceb40780dcaedfa14aaf8fefeb44dbce

SHA1
890052c42aec1552832390b20b544b73d4b99de5

SHA256
1d6e83e25c970063ef7a8a292e1e008a90ab74b28dad6d7a4f373f97e36111d3

SHA512
e0b30a9fbe63e8f067577e96711feefc5c7fb8af86f74115fcb92b34f8f97c1c9a31931dbf052f8db63120d6b0acb0fa307c26ade526d63769f626f08d599d9c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
40KB

MD5
ddef4c61b93c6c3836ffe40e0dc21bc7

SHA1
8cabfb4e2920a3ed36209f77682745e6ff2a2b40

SHA256
e90b1f0837c7e929f0551526d632937990d74166c1dcb7f4ec5535ff4d84140d

SHA512
5f1af0797fc45aecb320a845f6893775642ab684d59223e29ef5cfa6ba1bc3cb470a63a66ec191234793bf2abccbc508d53624528b3e1bd474322b9c3ca4d399

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
4e13fed78377bfad10437d6a5adc897c

SHA1
a4021c58af29e3effbf48219f3c5e35ec648141b

SHA256
ec0890b2e3fc1fb6e6a9698db8d5bb00de293f4975d6739a36ff2935f05f23c8

SHA512
de37ec46a5433246b16de19e2da3abdcd76151272b2fa46019c83637b00765b188c74db82962f052ac310049c83e2f3f46252a69eeccbf35a39cba449ffd047e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
4e13fed78377bfad10437d6a5adc897c

SHA1
a4021c58af29e3effbf48219f3c5e35ec648141b

SHA256
ec0890b2e3fc1fb6e6a9698db8d5bb00de293f4975d6739a36ff2935f05f23c8

SHA512
de37ec46a5433246b16de19e2da3abdcd76151272b2fa46019c83637b00765b188c74db82962f052ac310049c83e2f3f46252a69eeccbf35a39cba449ffd047e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
88041550fdd58fef2d83b380d683b48e

SHA1
c94114c9a0a273a0cfe6bf8355882dd165fb41a5

SHA256
340ab3f254fb9dfbe2f868c9c964f5b12ecfa23cbdd165e638a1d64313f066c5

SHA512
f98902a59bb835dec6040aa2415a7ad419032c802a785f49fb4f9ab7ab7b528207b3f9d74f30892c7f908d9cd5712c0e10df0b5aca7a89dad0cdb9d7dee4ad3e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
6694b6c7b84522f597be8cc876261e68

SHA1
aeab11508bbd6f08ec1de33c114422a68803cd3b

SHA256
43e9ee4b1fe99bbf716a160b90c7426a60e8aca712eca88a408a1b138c8938f3

SHA512
8a346436d25b526f5697395f60ad155a9a3ca6a45fa49799e1091ad3e8e521a38a19a241f6ba231495a9bba6dd7d4a45a791627070ba2e29f3b9c64fd332e181

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
73ec1f5b53ef8a22fa106082e1236fc3

SHA1
75a178d086a5e10f27e71a778894b5ea3fb29bf8

SHA256
7da3c81848be7a13e168d31c7ac7d643f3ac8f161f25538df6c4e8b17a18395e

SHA512
9c92eef483ecbed5dbc2c2f8d08a8f50c38285fa3175b62d871a9f01096efdd393f82d5e5af1da7b3c09b8a3d0bf1705f59a45baa82966cc49fb98fc487907d3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
8cd6936f83dd3767effd6309ef830162

SHA1
48c76081a73756931292d7cc77b012f5c13ba6aa

SHA256
7863917f47aee68a81a7ffe9f060bc5623594dcc67286d0a9e6ed3be60e8afa1

SHA512
a0ad616ef968ba74c790a81076608b92459a9978d629778ee2e81d313b838bdc2264c67e29cc1b3be030efcea7531c362ee2a72de9e7eb6b7f0647a35370fb13

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
8cd6936f83dd3767effd6309ef830162

SHA1
48c76081a73756931292d7cc77b012f5c13ba6aa

SHA256
7863917f47aee68a81a7ffe9f060bc5623594dcc67286d0a9e6ed3be60e8afa1

SHA512
a0ad616ef968ba74c790a81076608b92459a9978d629778ee2e81d313b838bdc2264c67e29cc1b3be030efcea7531c362ee2a72de9e7eb6b7f0647a35370fb13

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
680B

MD5
57973bcffcfa0516b3507b758fcd55ca

SHA1
c907ad3b111a5af091ac675b19e536e7824caa1c

SHA256
8786d98c9b71442a058ed7f7fa4856f2f08efcceca981a959f1d4395452cd509

SHA512
f1c08e0cad27802b87afce8b886b49689eb92b12b5e17eacdefd50ef7549659d4758b6235349ad22a13f4c9b0d2dc61dc18b7884b9017bfa5d13997c7613fce0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
680B

MD5
57973bcffcfa0516b3507b758fcd55ca

SHA1
c907ad3b111a5af091ac675b19e536e7824caa1c

SHA256
8786d98c9b71442a058ed7f7fa4856f2f08efcceca981a959f1d4395452cd509

SHA512
f1c08e0cad27802b87afce8b886b49689eb92b12b5e17eacdefd50ef7549659d4758b6235349ad22a13f4c9b0d2dc61dc18b7884b9017bfa5d13997c7613fce0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
801B

MD5
2ec6eada2d2a89e27699381b4cc865ad

SHA1
47b8f3dc19b5965a6e9f9ea6bfe16ea77cefb53f

SHA256
90811839f7e0c39fa86e0cac2af53b0cbf98ccb95d848d3e23bdcb4806c29c0f

SHA512
d1009b5b3d665f377b617f9e345d9144d64286fc9946db390407dac8d79da36f8a993466385e3d74f3193507bb527123523179a8a18f00ea055a6d884ceaf29d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
bce5a1f4b5a24e1f03a474c5d3fe210b

SHA1
eafb894a7564edada21dd63c39d06a995bd1ddfd

SHA256
2eb7cff8224575b9fdf8ef3a414641f1b1d7bc51ce94c043685bb06cd2b83fee

SHA512
50f60d01e2413caee2159f239bd19455e0fca481fb1468b36ba28d201a8248e3b8fa14adf245d9dad53b26fe5752a6c69b4e9fd90c0bcac74dc7b40879e5a6ae

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
054bc9d329cffb8c87e131658379f6a3

SHA1
6f064cfece84987d53733a7695bb34960802d7f6

SHA256
1887824b5a3baf522d1af696990f05f1de06161176893d291a25a3ef4c06826f

SHA512
81369525e53edb3f1680fcfbba639252ea14668ad135543ddc7651e9bfe2d4ba27445571a933e0dafb8f143cadaa0c1185b1d78ed40aea18ccedeb176d1ba530

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5388a346d16c08ed39d010e5523479f0

SHA1
5dd7943b39c9d3aaed1ec984f285f321fce25778

SHA256
15d07a39ef40d9ecb1fa3aeeaa72b059f10e8930f302ccf292ae808c86771848

SHA512
e7bf56e83e3976051a5583d34c9ddd1d27a2ceabeaee59d5f8ad83ed42f3390f894d501d8e23855dd803ccccc4134b66e34964452fbbd96167cb540196ae4a5b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5388a346d16c08ed39d010e5523479f0

SHA1
5dd7943b39c9d3aaed1ec984f285f321fce25778

SHA256
15d07a39ef40d9ecb1fa3aeeaa72b059f10e8930f302ccf292ae808c86771848

SHA512
e7bf56e83e3976051a5583d34c9ddd1d27a2ceabeaee59d5f8ad83ed42f3390f894d501d8e23855dd803ccccc4134b66e34964452fbbd96167cb540196ae4a5b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5388a346d16c08ed39d010e5523479f0

SHA1
5dd7943b39c9d3aaed1ec984f285f321fce25778

SHA256
15d07a39ef40d9ecb1fa3aeeaa72b059f10e8930f302ccf292ae808c86771848

SHA512
e7bf56e83e3976051a5583d34c9ddd1d27a2ceabeaee59d5f8ad83ed42f3390f894d501d8e23855dd803ccccc4134b66e34964452fbbd96167cb540196ae4a5b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5388a346d16c08ed39d010e5523479f0

SHA1
5dd7943b39c9d3aaed1ec984f285f321fce25778

SHA256
15d07a39ef40d9ecb1fa3aeeaa72b059f10e8930f302ccf292ae808c86771848

SHA512
e7bf56e83e3976051a5583d34c9ddd1d27a2ceabeaee59d5f8ad83ed42f3390f894d501d8e23855dd803ccccc4134b66e34964452fbbd96167cb540196ae4a5b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5388a346d16c08ed39d010e5523479f0

SHA1
5dd7943b39c9d3aaed1ec984f285f321fce25778

SHA256
15d07a39ef40d9ecb1fa3aeeaa72b059f10e8930f302ccf292ae808c86771848

SHA512
e7bf56e83e3976051a5583d34c9ddd1d27a2ceabeaee59d5f8ad83ed42f3390f894d501d8e23855dd803ccccc4134b66e34964452fbbd96167cb540196ae4a5b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5388a346d16c08ed39d010e5523479f0

SHA1
5dd7943b39c9d3aaed1ec984f285f321fce25778

SHA256
15d07a39ef40d9ecb1fa3aeeaa72b059f10e8930f302ccf292ae808c86771848

SHA512
e7bf56e83e3976051a5583d34c9ddd1d27a2ceabeaee59d5f8ad83ed42f3390f894d501d8e23855dd803ccccc4134b66e34964452fbbd96167cb540196ae4a5b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5388a346d16c08ed39d010e5523479f0

SHA1
5dd7943b39c9d3aaed1ec984f285f321fce25778

SHA256
15d07a39ef40d9ecb1fa3aeeaa72b059f10e8930f302ccf292ae808c86771848

SHA512
e7bf56e83e3976051a5583d34c9ddd1d27a2ceabeaee59d5f8ad83ed42f3390f894d501d8e23855dd803ccccc4134b66e34964452fbbd96167cb540196ae4a5b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5388a346d16c08ed39d010e5523479f0

SHA1
5dd7943b39c9d3aaed1ec984f285f321fce25778

SHA256
15d07a39ef40d9ecb1fa3aeeaa72b059f10e8930f302ccf292ae808c86771848

SHA512
e7bf56e83e3976051a5583d34c9ddd1d27a2ceabeaee59d5f8ad83ed42f3390f894d501d8e23855dd803ccccc4134b66e34964452fbbd96167cb540196ae4a5b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d82be398beeca962ce01295c6f0616c8

SHA1
eb3d75d18a250b6bcfec0c38438fd6107554fbe9

SHA256
39fd6e1b81f72687d64b829444405fe783b112c21e0b0da04ae4378b779b2f28

SHA512
e6c50f16756eea86c62f53ad7c26bc040ef858efd6a5af16850af43d1b52f003cd65dfe4ada0411aeceae50a77407d537bb56794e22d17ea0ce3dc54b4ada33b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d82be398beeca962ce01295c6f0616c8

SHA1
eb3d75d18a250b6bcfec0c38438fd6107554fbe9

SHA256
39fd6e1b81f72687d64b829444405fe783b112c21e0b0da04ae4378b779b2f28

SHA512
e6c50f16756eea86c62f53ad7c26bc040ef858efd6a5af16850af43d1b52f003cd65dfe4ada0411aeceae50a77407d537bb56794e22d17ea0ce3dc54b4ada33b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d82be398beeca962ce01295c6f0616c8

SHA1
eb3d75d18a250b6bcfec0c38438fd6107554fbe9

SHA256
39fd6e1b81f72687d64b829444405fe783b112c21e0b0da04ae4378b779b2f28

SHA512
e6c50f16756eea86c62f53ad7c26bc040ef858efd6a5af16850af43d1b52f003cd65dfe4ada0411aeceae50a77407d537bb56794e22d17ea0ce3dc54b4ada33b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d82be398beeca962ce01295c6f0616c8

SHA1
eb3d75d18a250b6bcfec0c38438fd6107554fbe9

SHA256
39fd6e1b81f72687d64b829444405fe783b112c21e0b0da04ae4378b779b2f28

SHA512
e6c50f16756eea86c62f53ad7c26bc040ef858efd6a5af16850af43d1b52f003cd65dfe4ada0411aeceae50a77407d537bb56794e22d17ea0ce3dc54b4ada33b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d82be398beeca962ce01295c6f0616c8

SHA1
eb3d75d18a250b6bcfec0c38438fd6107554fbe9

SHA256
39fd6e1b81f72687d64b829444405fe783b112c21e0b0da04ae4378b779b2f28

SHA512
e6c50f16756eea86c62f53ad7c26bc040ef858efd6a5af16850af43d1b52f003cd65dfe4ada0411aeceae50a77407d537bb56794e22d17ea0ce3dc54b4ada33b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d82be398beeca962ce01295c6f0616c8

SHA1
eb3d75d18a250b6bcfec0c38438fd6107554fbe9

SHA256
39fd6e1b81f72687d64b829444405fe783b112c21e0b0da04ae4378b779b2f28

SHA512
e6c50f16756eea86c62f53ad7c26bc040ef858efd6a5af16850af43d1b52f003cd65dfe4ada0411aeceae50a77407d537bb56794e22d17ea0ce3dc54b4ada33b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d82be398beeca962ce01295c6f0616c8

SHA1
eb3d75d18a250b6bcfec0c38438fd6107554fbe9

SHA256
39fd6e1b81f72687d64b829444405fe783b112c21e0b0da04ae4378b779b2f28

SHA512
e6c50f16756eea86c62f53ad7c26bc040ef858efd6a5af16850af43d1b52f003cd65dfe4ada0411aeceae50a77407d537bb56794e22d17ea0ce3dc54b4ada33b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d82be398beeca962ce01295c6f0616c8

SHA1
eb3d75d18a250b6bcfec0c38438fd6107554fbe9

SHA256
39fd6e1b81f72687d64b829444405fe783b112c21e0b0da04ae4378b779b2f28

SHA512
e6c50f16756eea86c62f53ad7c26bc040ef858efd6a5af16850af43d1b52f003cd65dfe4ada0411aeceae50a77407d537bb56794e22d17ea0ce3dc54b4ada33b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
0269f3f1fecf3e1e84792c92f7648515

SHA1
f002fec3d658190be9b45f80c0fb0475fb9550ae

SHA256
04e703dc195ec4bfc4cc4a1e9649f36c7f51b67dae822a225791608bba1f29b2

SHA512
94677e649519123251caa2fd8400e99dd402dc596abdafce5b7ca915973218d2473fcd001d3d5ea6496d1d4c628f997c926ae55b9defedfe1473ef9b890af953

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
0269f3f1fecf3e1e84792c92f7648515

SHA1
f002fec3d658190be9b45f80c0fb0475fb9550ae

SHA256
04e703dc195ec4bfc4cc4a1e9649f36c7f51b67dae822a225791608bba1f29b2

SHA512
94677e649519123251caa2fd8400e99dd402dc596abdafce5b7ca915973218d2473fcd001d3d5ea6496d1d4c628f997c926ae55b9defedfe1473ef9b890af953

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
0269f3f1fecf3e1e84792c92f7648515

SHA1
f002fec3d658190be9b45f80c0fb0475fb9550ae

SHA256
04e703dc195ec4bfc4cc4a1e9649f36c7f51b67dae822a225791608bba1f29b2

SHA512
94677e649519123251caa2fd8400e99dd402dc596abdafce5b7ca915973218d2473fcd001d3d5ea6496d1d4c628f997c926ae55b9defedfe1473ef9b890af953

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
0269f3f1fecf3e1e84792c92f7648515

SHA1
f002fec3d658190be9b45f80c0fb0475fb9550ae

SHA256
04e703dc195ec4bfc4cc4a1e9649f36c7f51b67dae822a225791608bba1f29b2

SHA512
94677e649519123251caa2fd8400e99dd402dc596abdafce5b7ca915973218d2473fcd001d3d5ea6496d1d4c628f997c926ae55b9defedfe1473ef9b890af953

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
0269f3f1fecf3e1e84792c92f7648515

SHA1
f002fec3d658190be9b45f80c0fb0475fb9550ae

SHA256
04e703dc195ec4bfc4cc4a1e9649f36c7f51b67dae822a225791608bba1f29b2

SHA512
94677e649519123251caa2fd8400e99dd402dc596abdafce5b7ca915973218d2473fcd001d3d5ea6496d1d4c628f997c926ae55b9defedfe1473ef9b890af953

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
0269f3f1fecf3e1e84792c92f7648515

SHA1
f002fec3d658190be9b45f80c0fb0475fb9550ae

SHA256
04e703dc195ec4bfc4cc4a1e9649f36c7f51b67dae822a225791608bba1f29b2

SHA512
94677e649519123251caa2fd8400e99dd402dc596abdafce5b7ca915973218d2473fcd001d3d5ea6496d1d4c628f997c926ae55b9defedfe1473ef9b890af953

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
13b5587bdf1b63bb84336cf20de2fdd7

SHA1
5997eaae23d8ccab72cf5ebfd903325314a2548f

SHA256
3d1b22ff7299290ea70b3e0c44c08f2802112ec310f889caa3d42a8a43fbdd63

SHA512
d9a25df20764cb6bacf3cdc67343b249813cf510093ec271a50769f89686e51694b4d0c32d19444a950e6b4273292b02515d4ba138eed26a42bf4306bb030b93

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
a14cd1c33e72b15ccdc9b3717c85b2e9

SHA1
15fc0580430ac638c41319e6729919328d9c3803

SHA256
d06b5f3ade87d960b8e789c95e6c285da196b4af0316ec8e0ca9e4940a75b1ac

SHA512
d97c768ef73011b00f392f07212cb65b35382e28d28646e50750717af23b02e7f490ebd01be5cb546bc30126f29006cf827a3cb29558915b2a5e8787d07e1be0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
a14cd1c33e72b15ccdc9b3717c85b2e9

SHA1
15fc0580430ac638c41319e6729919328d9c3803

SHA256
d06b5f3ade87d960b8e789c95e6c285da196b4af0316ec8e0ca9e4940a75b1ac

SHA512
d97c768ef73011b00f392f07212cb65b35382e28d28646e50750717af23b02e7f490ebd01be5cb546bc30126f29006cf827a3cb29558915b2a5e8787d07e1be0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
6KB

MD5
d60bbc39bd688ae729dec1cd2770486a

SHA1
99661c16cec245c0a6ab751e057b04215aa32dad

SHA256
32373cd42bbc51e8ba8f0035d126d72393613a4228c4a115b74d1e2f05e4750e

SHA512
511506ddfdf5cc56622b21db74d2149e4f946fc0896416c2a38d53181c1a24e5fa0d57ddfc703ee82e394e594b7ef1c6f51b559e5cbc0ae0f07d27a447f999b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
8KB

MD5
5bf1ae6622342b469af064fe2913458f

SHA1
0004f933034210a56f1bd3c4bf0d84d468c7226f

SHA256
a4f9ed2a1fd63c55ad1b1d8d6e09eef7feb41f2f448750261c8bf95112d3d75f

SHA512
fdc3e87533679ca163cb41c03f0beedd5a2ac70b8a82ecace82dc879c1d09afa10034fd0c108438c4ade09d546641560e7d039754d6e355e58a450822e03cf95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
10KB

MD5
5555f4dd474c7f49c5a8ec37cbadad59

SHA1
17ecbbcb7250830b2f9d812e5e8f9a0e27254cb5

SHA256
397d10ba90b84a99b356bfed84da5a825068e14d4dfc13a1eb8177ba25bb778c

SHA512
e0f20dc2cd797ecc7330001d100f4d0da45dc08f92858a89d6b8d2239acf06cef2d5c3cf9523eef4fa1e95580baf71db80c59c8ef87b837d0465cbd0d3b7f2c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
10KB

MD5
050988f36c67ec106023d17c53a05940

SHA1
89a04d65ee5d91d30db6b083caaa8b257c23f5b3

SHA256
f0b811c85a640f9a8d21362732728c9ef16166ba6097440df6af1ff596b1bec2

SHA512
87b8f61727a40818027b07ad918dc5702daee0d366538a809f877ee112a78ea013a3931fd0918dade6dea88321118b8c90d124750354cc6f4b8527d4577aeafe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f93a59363dd2b3810a4c983504a0aab7

SHA1
69f5680471df118c6dd45293b06016f435fa6a3b

SHA256
a490037e3d2707db9f34953f212838148c2aa693ca2df7369e2b94e2c1d207ab

SHA512
be2017c50b0c2cc19cd8c3d91f94c4731e8d9736d89112ac8ac717653cb0787a25a183c19d48c302a25873def2c2fff966015eec3150028696a881c0111732a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
7efb4f1a729036966b2973919fe2ce77

SHA1
47827db4d2be0468cc092baa86673932f600153e

SHA256
1be938715f5d5ec4181cfe5f61d5f731e87251079979622504421d98ad596acd

SHA512
9e8eec0e581fac51bab0093bd67c9179b4926a162ddaa4b79d9cc3830544a048f4a1192a460064068e67cc2e1f6b8cea1aff9870a6b014d284b225bb2a65069e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
686523afc26e2f2a3459b770fb1708dd

SHA1
3922a2e3c227f1e0c13664ccccc41eac4570627b

SHA256
77b7b78b4eb9c9bd702c2bcfaa467d590a91ded8de3eeda34a68b32e69e5772a

SHA512
b52332a171715397b71177a44ce932136f320ba4e8ff70283dedf4da8c5332e450549f83ed652f7d28a689239b3c6e056f94d0366be3df284253e3a91a3afa65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
1c7764303184cc261dcb8b2654eb7829

SHA1
a0be5fc7ff6320bf61af4fcab18652dbbe7d3f61

SHA256
3eb352c13a54d2497aefc28538cd47809c172b488022dbd234a86abc30fd354b

SHA512
7e5dc4841c3eb1b8f730e2338de25a0f860910bf3479c52a23a5f62a1ea70678022ff6787b35dd91a653a616fd646f418273d6837d1e76a311728d741f69af52

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
5.2MB

MD5
37e172be64b12f3207300d11b74656b8

SHA1
1895d7c4f785f92e48b5191fd812822593cbc73f

SHA256
bc747e3bf7b6e02c09f3d18bdd0e64eef62b940b2f16c9c72e647eec85cf0138

SHA512
98cf7a591beb4af2066ddd9d17caee69b3cbb42343cb4dc0d517fb99983159ae8e960c315030487b3ea22b2512359f108a6cfe15ec3b725c040ac06b877c88ff

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
5.2MB

MD5
37e172be64b12f3207300d11b74656b8

SHA1
1895d7c4f785f92e48b5191fd812822593cbc73f

SHA256
bc747e3bf7b6e02c09f3d18bdd0e64eef62b940b2f16c9c72e647eec85cf0138

SHA512
98cf7a591beb4af2066ddd9d17caee69b3cbb42343cb4dc0d517fb99983159ae8e960c315030487b3ea22b2512359f108a6cfe15ec3b725c040ac06b877c88ff

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
5.2MB

MD5
37e172be64b12f3207300d11b74656b8

SHA1
1895d7c4f785f92e48b5191fd812822593cbc73f

SHA256
bc747e3bf7b6e02c09f3d18bdd0e64eef62b940b2f16c9c72e647eec85cf0138

SHA512
98cf7a591beb4af2066ddd9d17caee69b3cbb42343cb4dc0d517fb99983159ae8e960c315030487b3ea22b2512359f108a6cfe15ec3b725c040ac06b877c88ff

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
5.2MB

MD5
37e172be64b12f3207300d11b74656b8

SHA1
1895d7c4f785f92e48b5191fd812822593cbc73f

SHA256
bc747e3bf7b6e02c09f3d18bdd0e64eef62b940b2f16c9c72e647eec85cf0138

SHA512
98cf7a591beb4af2066ddd9d17caee69b3cbb42343cb4dc0d517fb99983159ae8e960c315030487b3ea22b2512359f108a6cfe15ec3b725c040ac06b877c88ff

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
5.2MB

MD5
37e172be64b12f3207300d11b74656b8

SHA1
1895d7c4f785f92e48b5191fd812822593cbc73f

SHA256
bc747e3bf7b6e02c09f3d18bdd0e64eef62b940b2f16c9c72e647eec85cf0138

SHA512
98cf7a591beb4af2066ddd9d17caee69b3cbb42343cb4dc0d517fb99983159ae8e960c315030487b3ea22b2512359f108a6cfe15ec3b725c040ac06b877c88ff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 753225.crdownload

Filesize
5.2MB

MD5
37e172be64b12f3207300d11b74656b8

SHA1
1895d7c4f785f92e48b5191fd812822593cbc73f

SHA256
bc747e3bf7b6e02c09f3d18bdd0e64eef62b940b2f16c9c72e647eec85cf0138

SHA512
98cf7a591beb4af2066ddd9d17caee69b3cbb42343cb4dc0d517fb99983159ae8e960c315030487b3ea22b2512359f108a6cfe15ec3b725c040ac06b877c88ff

Download Submit
C:\Users\Admin\Downloads\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\Downloads\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
memory/1228-3164-0x0000000005E60000-0x0000000005E61000-memory.dmp

Filesize
4KB

Download
memory/1228-3162-0x0000000005D20000-0x0000000005D21000-memory.dmp

Filesize
4KB

Download
memory/1228-3172-0x0000000005EE0000-0x0000000005EE1000-memory.dmp

Filesize
4KB

Download
memory/1228-3175-0x0000000005F10000-0x0000000005F11000-memory.dmp

Filesize
4KB

Download
memory/1228-3176-0x0000000005F20000-0x0000000005F21000-memory.dmp

Filesize
4KB

Download
memory/1228-3174-0x0000000005F00000-0x0000000005F01000-memory.dmp

Filesize
4KB

Download
memory/1228-3177-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/1228-3170-0x0000000005EC0000-0x0000000005EC1000-memory.dmp

Filesize
4KB

Download
memory/1228-3151-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/1228-3171-0x0000000005ED0000-0x0000000005ED1000-memory.dmp

Filesize
4KB

Download
memory/1228-3169-0x0000000005EB0000-0x0000000005EB1000-memory.dmp

Filesize
4KB

Download
memory/1228-3168-0x0000000005EA0000-0x0000000005EA1000-memory.dmp

Filesize
4KB

Download
memory/1228-3167-0x0000000005E90000-0x0000000005E91000-memory.dmp

Filesize
4KB

Download
memory/1228-3166-0x0000000005E80000-0x0000000005E81000-memory.dmp

Filesize
4KB

Download
memory/1228-3165-0x0000000005E70000-0x0000000005E71000-memory.dmp

Filesize
4KB

Download
memory/1228-3173-0x0000000005EF0000-0x0000000005EF1000-memory.dmp

Filesize
4KB

Download
memory/1228-3152-0x0000000003D90000-0x0000000003D91000-memory.dmp

Filesize
4KB

Download
memory/1228-3161-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/1228-3163-0x0000000005E50000-0x0000000005E51000-memory.dmp

Filesize
4KB

Download
memory/1228-3159-0x0000000005CE0000-0x0000000005CE1000-memory.dmp

Filesize
4KB

Download
memory/1228-3160-0x0000000005D00000-0x0000000005D01000-memory.dmp

Filesize
4KB

Download
memory/1228-3158-0x0000000005CD0000-0x0000000005CD1000-memory.dmp

Filesize
4KB

Download
memory/1228-3156-0x0000000005C00000-0x0000000005C01000-memory.dmp

Filesize
4KB

Download
memory/1228-3157-0x0000000005C40000-0x0000000005C41000-memory.dmp

Filesize
4KB

Download
memory/2232-2844-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/2232-2791-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/2232-2628-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/2232-2627-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/2232-2630-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/2232-2726-0x00000000070F0000-0x00000000070F1000-memory.dmp

Filesize
4KB

Download
memory/2232-2723-0x0000000007E20000-0x0000000007E21000-memory.dmp

Filesize
4KB

Download
memory/2232-2646-0x0000000005860000-0x0000000005861000-memory.dmp

Filesize
4KB

Download
memory/2232-2647-0x0000000005870000-0x0000000005871000-memory.dmp

Filesize
4KB

Download
memory/3732-2946-0x000000000C5C0000-0x000000000C5C1000-memory.dmp

Filesize
4KB

Download
memory/3732-2909-0x0000000005D10000-0x0000000005D11000-memory.dmp

Filesize
4KB

Download
memory/3732-2895-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/3732-2940-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/3732-2941-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/3732-2894-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/3732-2899-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/3732-2945-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/3732-2933-0x0000000005F10000-0x0000000005F11000-memory.dmp

Filesize
4KB

Download
memory/3732-2932-0x0000000005EA0000-0x0000000005EA1000-memory.dmp

Filesize
4KB

Download
memory/3732-2930-0x0000000005FF0000-0x0000000005FF1000-memory.dmp

Filesize
4KB

Download
memory/3732-2966-0x000000000C5D0000-0x000000000C5D1000-memory.dmp

Filesize
4KB

Download
memory/3732-2974-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/3732-2907-0x0000000005CD0000-0x0000000005CD1000-memory.dmp

Filesize
4KB

Download
memory/3732-2908-0x0000000005CF0000-0x0000000005CF1000-memory.dmp

Filesize
4KB

Download
memory/3732-2980-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/3732-2984-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/3732-3039-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/3732-2931-0x0000000006000000-0x0000000006001000-memory.dmp

Filesize
4KB

Download
memory/3732-2910-0x0000000005EB0000-0x0000000005EB1000-memory.dmp

Filesize
4KB

Download
memory/3732-2928-0x0000000005FE0000-0x0000000005FE1000-memory.dmp

Filesize
4KB

Download
memory/3732-2925-0x0000000005FD0000-0x0000000005FD1000-memory.dmp

Filesize
4KB

Download
memory/3732-2924-0x0000000005FC0000-0x0000000005FC1000-memory.dmp

Filesize
4KB

Download
memory/3732-2923-0x0000000005FB0000-0x0000000005FB1000-memory.dmp

Filesize
4KB

Download
memory/3732-2922-0x0000000005FA0000-0x0000000005FA1000-memory.dmp

Filesize
4KB

Download
memory/3732-2920-0x0000000005F80000-0x0000000005F81000-memory.dmp

Filesize
4KB

Download
memory/3732-2921-0x0000000005F90000-0x0000000005F91000-memory.dmp

Filesize
4KB

Download
memory/3732-2919-0x0000000005F70000-0x0000000005F71000-memory.dmp

Filesize
4KB

Download
memory/3732-2918-0x0000000005F60000-0x0000000005F61000-memory.dmp

Filesize
4KB

Download
memory/3732-2917-0x0000000005F50000-0x0000000005F51000-memory.dmp

Filesize
4KB

Download
memory/3732-2916-0x0000000005F40000-0x0000000005F41000-memory.dmp

Filesize
4KB

Download
memory/3732-2914-0x0000000005F20000-0x0000000005F21000-memory.dmp

Filesize
4KB

Download
memory/3732-2915-0x0000000005F30000-0x0000000005F31000-memory.dmp

Filesize
4KB

Download
memory/3732-2913-0x0000000005EF0000-0x0000000005EF1000-memory.dmp

Filesize
4KB

Download
memory/3732-2912-0x0000000005EE0000-0x0000000005EE1000-memory.dmp

Filesize
4KB

Download
memory/3732-2911-0x0000000005ED0000-0x0000000005ED1000-memory.dmp

Filesize
4KB

Download
memory/4356-3043-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/4356-2652-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/4356-2979-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/4356-2658-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/4356-2944-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/4356-2846-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/5372-2935-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/5372-2856-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/5372-2943-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/5372-2845-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/5372-2661-0x0000000003DF0000-0x0000000003DF1000-memory.dmp

Filesize
4KB

Download
memory/5372-2978-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/5372-3042-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download
memory/5372-2648-0x0000000000550000-0x0000000001CEA000-memory.dmp

Filesize
23.6MB

Download