55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
10/02/2024, 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
25	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3632047111-1948211978-3010235048-1000\{4454A16C-8DA9-44B1-9F3E-4EC36FD11C73}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
3932	msedge.exe
3932	msedge.exe
4224	AnyDesk.exe
4224	AnyDesk.exe
4824	msedge.exe
4824	msedge.exe
3144	identity_helper.exe
3144	identity_helper.exe
972	msedge.exe
972	msedge.exe
6104	msedge.exe
6104	msedge.exe
6104	msedge.exe
6104	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
676	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4932	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4932	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
4540	AnyDesk.exe
4540	AnyDesk.exe
4540	AnyDesk.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
1768	msedge.exe
4540	AnyDesk.exe
4540	AnyDesk.exe
4540	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 2272	1768	msedge.exe	81
PID 1768 wrote to memory of 2272	1768	msedge.exe	81
PID 1824 wrote to memory of 4224	1824	AnyDesk.exe	83
PID 1824 wrote to memory of 4224	1824	AnyDesk.exe	83
PID 1824 wrote to memory of 4224	1824	AnyDesk.exe	83
PID 1824 wrote to memory of 4540	1824	AnyDesk.exe	82
PID 1824 wrote to memory of 4540	1824	AnyDesk.exe	82
PID 1824 wrote to memory of 4540	1824	AnyDesk.exe	82
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 500	1768	msedge.exe	84
PID 1768 wrote to memory of 3932	1768	msedge.exe	86
PID 1768 wrote to memory of 3932	1768	msedge.exe	86
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85
PID 1768 wrote to memory of 1200	1768	msedge.exe	85

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4540
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\CheckpointUndo.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff8639a3cb8,0x7ff8639a3cc8,0x7ff8639a3cd8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,7598956889324578385,2112528493917019002,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x0000000000000484
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
552758a7bb19b27354a76866861c4801

SHA1
93a74b56e5bb5aa86a53db413081b3ca7ffb808b

SHA256
53e1302ff50d199fd0002ddb9d4f66fd264b17e73a50e67299adf1243663530c

SHA512
13889bc4ffe240d8a7cf71ca0f2a397f33e38106116f38b5b8fa6c977187899d2d7084d606288f2892d14776460c2fe450adbeb93d2d200caffefe9919076fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2ba0cd74-6884-4926-b913-03542833eb63.tmp

Filesize
5KB

MD5
1d27c482baea804a2362b6120947835b

SHA1
c6669a541e8bf0676768ea082a4608b8ceb71070

SHA256
92e6f7ab0161a79b0a85956b593bdec591a9d5d71fc628e06dd13070b67f0877

SHA512
087cd7052a58e4b054fc055a10222da6369edebe1c2784f8eaf66761db6d9076a8e28ec1a8a387fb542f103b0a537cd861c8017f589e95b46e22f3311a67ab61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a9c8a6d224aa735730f555103863a27a

SHA1
bfa7b3556b377db873d3daa56285691ca3138637

SHA256
f20cbf0814d5ff4f3522d2c3796fbce6f04364037e3f0bfbce191301887de47a

SHA512
36a5d819da80fb3ac9b93a2cf46b644e14a86296b470a58dae5fee8c59c68cf9b6c923b52ccdbdad4d281ad9725cd1e57cf087efe361bca0e22df39a9ddeee02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
af6651e1a9bcb6a63af9147c0e289af7

SHA1
dace17b2e41e4919f882347fee456f2547d95e05

SHA256
17453375fa78c62bfdecd168d48f7c4314dbf60e648ff490434b39cdaf43c125

SHA512
740b3d5074970acf46897273dd13e14c2d5af2b088a28baae92849089b184e5e5de82e4b0540b737477f076b75929b5899781c05731799c0eb0a7b75ea700fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
678B

MD5
47079d268dd3be82cd571b30037da7ad

SHA1
f667c4874e660f3e084c76d7af7dd55f4b6f0351

SHA256
58c8bbd2c25510db4b1218dbb97115a432bb464d13d67e4de14e6adfc017fb8e

SHA512
9a14c6c0cf2b6500a2c659c4ccb1f59e382340c7d3255bd6d0908d6604dffddd29c1c593ed28fb4c2d04e5c6c641260bf0e0de3264d5ed402480957c6bd6f833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71b4f4f01167db00389f1c8e710fe402

SHA1
a4d3f63f546c7d3d24ffcdb4da80f682b17f4483

SHA256
f1cf96a77f2fec9f872720a67501b7b8c5206fa3cdf0e4695fdf4f8369828fa6

SHA512
a31493baba130cbcfc4465d98b1e086b51b4cecb0efc0c93207e5e67387fe6c6c72a6d955ec7b52075c4f9cef61f8f65ac7c03922a36ea550cf6198d2eb7c6ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6f688b5e0dab2a2b27e613d27bcc03b8

SHA1
dab9a92d7338643db16d5b785c2ed98cc03aa67b

SHA256
fb619ac10446ff476fb2894e2bb0086b4a4b699df44f4e5640c7a238e1a49b7b

SHA512
712a20a43a4ebe89a08894605130510730db607be7c9bfafe3207813a9d109363470192f75738e1debf9470aba10dc2ac1bdd2acc15cb9d53f88a1721df2f11b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd0923538f19618b92893e0b257540d4

SHA1
da90f023b429b735ee8a2abe45d16c957e1085d9

SHA256
83ba815ce8e89711e74e5370573a7b36850914219217d35c9d066142c4586ce4

SHA512
d4c71135263302642261fd94e328a5bdfb60009edf345ac8d91611aea69f56a1a9af82cc6c317e23358e22797e7c1a6a25263955408c58fc6765318ded2f7b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
be6be06a5cd313da506ac57bd7159fa9

SHA1
1b55b671bbddda6ef93f1b34c3c17a835602b321

SHA256
414fd005a98f4f9d7ae9f9a3c736a1448c4a2da39496b756a1c01d3ca413e499

SHA512
6400a8b4c61d34902c553c8152369e2929af5fe14cb153c648e64423b07ddb2e674d2dd1852c6b4ec358137ffa8c2f1da4d0da9db69147c3edb99034aadfea10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
63b6255b3f07d9e42bedebea98f2aca2

SHA1
40ebdc3a328e822aec42b2373d092dc73101342f

SHA256
51efbb488012f6ba9fd2182e4f57da8fe07e915e6b2c000fe96617c1d25d349a

SHA512
0e54c65fd7616217d813904524e84af94d966c93b9097053d0253f0e7111883f47aea07016b9d1096c6e6f877fe2c5754c035e82c6a5246418303da8662bf652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
018593d651e9efe59df2a4fa83d2b7eb

SHA1
28646e216010e49a7db4b831bdd9d80cdd0634e7

SHA256
72417cf0be11b2f9140723d25b3e6d9af40a18ae7053cd03d5aea53384f892d7

SHA512
792332ee9fdc6b5df4cd1fd5d982ff3529b9bf47637830b199184cff69fcc0f3d6babd8d93ace6dcc585e3fb02ad628fbdfe6a5b9883b408cdcda1bbbf98277d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a0ee.TMP

Filesize
370B

MD5
4bb74d8da3aef99a535dbb8b17edf992

SHA1
57b87315ac17621f4476836211b087eb7ee0103c

SHA256
98f4eb3224968d6857f3bb4c3863cf72c1c1b2116b780210ad634b3587457f30

SHA512
87cf82c9928c51a9faa58624ca227c804720c5c10c7566f18957574ee147f70912f072565ccf24a63a130ec1319f86f53e947606b79e7a45befdbed191aec17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
53a707f187675cb6cbed4db87f75563c

SHA1
c1b71a5a6a457e6dddcaa8cc453a8cff12f99ba7

SHA256
9baf996ea7ed42e1d9bb82ed966a35c2c49498f080bf94670a23287c679cbe2c

SHA512
346c77c61c16df7733deea78c32f12f0ff42b884b201c5a27572dbc82fb3e1529a479fedd2f43781197c3f7d205955edf94d6f791b029fc627b12528e6c1b154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bc973b9559ab5a7753e42ea64be24c41

SHA1
5e97b3c56a1ff01eb2baec4c5b439e1c442e3aaa

SHA256
8ac5a00388a8b2a5a5f42d75f3b865a8c0e1fc54351b2b931afeb2a3e67de5fb

SHA512
721af84b26988996959fd735fcb4ac9ea4b6d63d1076d3e01b8312233a1cc58890a32d3bebd19ecf5264ae60ddb5155e8092e1addab8350a9f7c00afaefb3c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d1e8f84f70b0cc2338900d5126568847

SHA1
d6046f3163b9e92cc3b47e268585f757f938405b

SHA256
01be9f146c76418fc694763723d7db32555c0f2a6adcbc14a5500f71dceddf93

SHA512
54107ee86bd89c9ee76416d417744d3cb019f0decfa3188fb878ac1cf7b819c4720b6d82e0a8c6407d6be158a947c4bf86a8fa8f2c4dfbcb1667667fc90c4b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
36cc3226b474e825b4071c459f025798

SHA1
3d8f71e75d2ad794cfe75841f6fd5e2571c0e1ec

SHA256
5828513482e6356351ba5c6bee93baea6d46125e6ffb596091e13838bfafdfc5

SHA512
9a70c6b00a0e2537ec46aaba068de267fe155562730fb983bd55914370df10d9e1bc0ba9054c4c562bff4bce360195249a50847964fd32f3360e6829735859d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
3b3a275bfb096d16c3d0d73647213b9f

SHA1
d5d925fe7e9cfe84eab64acb682382827e486606

SHA256
b0b7e94302f7869f28e6debc9fc7d5fadb0af28b66b2e8da4c590122ae7016bb

SHA512
1b309b615efe7cbb88305aa28ca1234e17515e9d72c0c7631ab63284318675af8878e144e3461b0ba1b36499502fb360c37f678d1f30499b952ee3200174e406

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
e5035db5ab2f04e3c0f3f717644ec115

SHA1
80302c3d6d00634429dc40d945df4a6d2a86b81f

SHA256
aeb69bb8efe36228b1ff4479750fceb79801567671366be60c13077fdeda586a

SHA512
779ec0b42f7d01c40fc05c4b7a44e633ca2eb9abd7359407989c3715b0bdb4540055d1607d07b6fdceb750cab68bd45ec86128f2ae486b3a331d2cf56ae4075b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
7cccae79c29d220e39126bfb521ac3b0

SHA1
2918d48563dfda59b03559806b29dc7324e69b77

SHA256
b9258b9c985c80854d519619016edd7e5675427352731304e1226cb351e6c68d

SHA512
bbf961e798f2301903fb5cbab52bcfb47df91be5890cc82d1fe5ff29719c0347f9de1e47e18b0ab3ab53fd70bd7d8bbc21b1b9270fa12fe55f587bb465b28077

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
e40b754d54d1c65822d0b108de24d7c7

SHA1
df0e51d39c85f046fa72db21234050cac5b99688

SHA256
f21e13a0b792dbce6b12c860171e5830b8cd78208553c1ffb530998651851b64

SHA512
6acfdacc94d628a56e43f404fbe13cd68cfbe5fc0c694845249f22d2a6f25a7eb3e423b88f943d1bbb2630f2aee8168052251b43384771b8526c5599c26e67a7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
733B

MD5
758ec5872c70ba227038f7b9a5db32d3

SHA1
7e3a2b078027053ea4126a04320afbba2f895c38

SHA256
e9bd7e017d6f5cf9479d6750c16d545304697d22e4c8533bedf1d7ac9d0f94ee

SHA512
c213e3ebd369d27e32711fe4e37305be0c2a50bdae9aa25fa2a87d80654110221c9998699353c4ad6f67562c89a14547461e5dc1a4efb3f7ffe46bf806f72653

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
733B

MD5
fd5bdef87483b911a31262d399f23b4f

SHA1
a14442176b9c72b4015ba6b900f43dd6c75512f4

SHA256
0643fee8e010cd14a489160499811697e8582b97813cd522dcf768bf7fe80184

SHA512
b0728f6754f5072b933670b05b84b2e6e9f24e3bdcdbd11eefcc9c6ab73cc65654cc834b677b7239bf905924c4dc08b1789b7a229ff68ce44c9184dc194775a6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
57b086ca2c81eb9e427d7d0219a85403

SHA1
63d780a096c85cee40857df5911eeb6b0da0dca1

SHA256
e11ca7c2118d6d3ec590f9e28cb38a11b5e84aee4ba03ae5d0176ffc0975d57b

SHA512
bc78673565d1fc0c594f42f8bb59abcc6713fbc1fcf6fc76f4463c5c4fd4e7e7968773b78af349ff41998019e4aa9203aaf2af34881795d0f42bf9f9e2c82541

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
edb120a33b11109eb59f447fe00f3b3e

SHA1
3e358cc22b40003369c6e41616ac44192cef7d59

SHA256
d2f6c26e32204ee4733e81b9460a3e24381b61b9869863feebceadc836b45c12

SHA512
349164136cf88c49473b4404ba07b4c22432183c6d4c7eaf3e81c6eddd645909f2708db40533534fcf5bdf01cfd7781be402af86dcc475b09d3796f370070998

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6dfde0b00a1ab443a8907f7b8b6403d7

SHA1
3a9e207487e937e01d6c80f2941ea7094601b452

SHA256
324f7f770d20e5b59897c239135295413710a7f2db3e8c1d01638230aad79ceb

SHA512
6602f8703fe06db6cfdab94fb0f2342e55d9ec24bf95ebca4d6677619bc3c3a68d44d455cc7048af214a5f2af91cd993f3e66153e7c46a336e52e4013b89ac6a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
37d959d723bd695a92e72cbcea53a8ba

SHA1
6b907834d34e24a917dcda13477abc75877d0958

SHA256
66dd820c9b9b0b577a38709a4bd315236ed2dcb2724d33da265143c28909e430

SHA512
92ff9b28dbc42abecfa59431ffea1ce21a8efef9447aed937f952f46afc720eacbadb8ae22f398c9301a9afff59dfce1e8563e8dd0f1b9ae27a4d8782de78980

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5665696e4693339d441fdb7f6cb07855

SHA1
79bf555b7daadc547ab3dee5976e32601966a873

SHA256
c5a5c05874c2ee3ba7a53b786303a739e2477ecaa86c9ea893d01c0d885ec972

SHA512
cecaa142c428c47b6d54bc558c24e4250256198e98284c9a66c1d6c44599072bf9e5ebbe554cf9fac40f97a237ae4cf920f94d536959a13dd9f006da66b0d747

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
cdcd83475b68b719990ed1a3497c2254

SHA1
7621b2d0c3ddf39809fd715254239efe4bef8999

SHA256
a225c721e4cb478def6419ae8b21736a8b16b29d2c757d00f0d9f6fe35a98a28

SHA512
885c1e4c059dc5a52b876149bfea9f6a0d5a7c8e206c83b7d6ec3ce82abfdffb7094e2a75af50aa211989596d244fca603aeb2af7e1640d94612c4eca964939a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
7d94744353e0625d4eebf6a5fc75a64f

SHA1
4daa3470e2c36a337727aa4b3600101a9aa88a35

SHA256
d9cb5ad3ced9653a4be6886104936e9f26aff0747c341e07483f14c9f3ed426e

SHA512
f9bd00cb3afbb75e62cde365c8488e310cd4ae6458716e777498fb25c8a160dc9872f3ad4b1edd32796c60079285c253d126955e31ea9f081d4c148d2422d39f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
cb94aa1f51c0bde8626c00b76548aa80

SHA1
c42710f45dec89814e0a6a7edc4bb152e05d2bec

SHA256
3ce0542891f73b55bf5cac0fbb5b9c3efc6a1fcf042e1cc03393eb7697cd8cca

SHA512
060b7c086933d0739740d6d56ef035d79299d0c8a00392f5c6b27f433d9bf461ba40a69e44aaf6b8981980de335596d1c386ce84d94e1e8256bea1b0d8552dd3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
f3aa0ba2aa90f221d8b524a31bdaf830

SHA1
9639c8f65e3d2b6ec2288e778dd75507cb35728b

SHA256
b3f75afa944db7d9d0f7fe50acd26248faec9697f127c4447d9c4cb825c39bfd

SHA512
7275f2311b699b57967106712a50b456ea91b350cdede6b40a4952afcb69d0ce2df2ca089b997d1ad52843cdf14ec1191edce72cdbe494ecad199b7074844a35

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ee7652a34feafe88588a99c7df95dbdd

SHA1
c45bffe5b996a364cbbd4b6ab66c04b636b9d91c

SHA256
598c9312fa4f83b5e964736895832e9e9edcf4640d93ee4b0540231192ef4d12

SHA512
f2a1a63ac006af3ac17e1ec6d07ee8094b5cb5bc6ab1a8ba3d87932ed20598c900c984f8ca075a39d2dae91b618229c82c036e53355fa82d42a4f2ccc6b206f9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
2f49c2d4652890ac93459cf558edd486

SHA1
c3040efe655e35fcad87970775c679c276fb0ac6

SHA256
68b17dbb2685481b90cb12874b3b15a118c4b255ef17359644b93b02259808a2

SHA512
d8196dd8d53afe068f3b904765158e820f99df6604c0c54b22e9bec983867b1e2650a04ee0e54f0e82caee12dfd5053b6d98ccba951c7a3c9f8e0e13ab6a4437

Download Submit
memory/1824-251-0x0000000000690000-0x0000000001DC7000-memory.dmp

Filesize
23.2MB

Download
memory/1824-130-0x0000000007330000-0x0000000007331000-memory.dmp

Filesize
4KB

Download
memory/1824-48-0x0000000005C60000-0x0000000005C61000-memory.dmp

Filesize
4KB

Download
memory/1824-0-0x0000000000690000-0x0000000001DC7000-memory.dmp

Filesize
23.2MB

Download
memory/1824-1-0x0000000000690000-0x0000000001DC7000-memory.dmp

Filesize
23.2MB

Download
memory/1824-276-0x0000000007340000-0x0000000007341000-memory.dmp

Filesize
4KB

Download
memory/1824-127-0x0000000007A70000-0x0000000007A71000-memory.dmp

Filesize
4KB

Download
memory/1824-4-0x0000000003D00000-0x0000000003D01000-memory.dmp

Filesize
4KB

Download
memory/1824-49-0x0000000005C70000-0x0000000005C71000-memory.dmp

Filesize
4KB

Download
memory/4224-63-0x0000000004090000-0x0000000004091000-memory.dmp

Filesize
4KB

Download
memory/4224-54-0x0000000000690000-0x0000000001DC7000-memory.dmp

Filesize
23.2MB

Download
memory/4224-296-0x0000000000690000-0x0000000001DC7000-memory.dmp

Filesize
23.2MB

Download
memory/4540-297-0x0000000000690000-0x0000000001DC7000-memory.dmp

Filesize
23.2MB

Download
memory/4540-51-0x0000000000690000-0x0000000001DC7000-memory.dmp

Filesize
23.2MB

Download
memory/4540-59-0x0000000000690000-0x0000000001DC7000-memory.dmp

Filesize
23.2MB

Download
memory/4540-64-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download