55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
5208	tor-browser-windows-x86_64-portable-13.0.9.exe

Loads dropped DLL 2 IoCs

pid	Process
5208	tor-browser-windows-x86_64-portable-13.0.9.exe
5208	tor-browser-windows-x86_64-portable-13.0.9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-635608581-3370340891-292606865-1000\{60564D15-4B4D-4E86-A555-BBD4AA86A242}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 549178.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2104	AnyDesk.exe
2104	AnyDesk.exe
2044	msedge.exe
2044	msedge.exe
3936	msedge.exe
3936	msedge.exe
4800	identity_helper.exe
4800	identity_helper.exe
4752	msedge.exe
4752	msedge.exe
932	msedge.exe
932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
388	AnyDesk.exe
388	AnyDesk.exe
388	AnyDesk.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
388	AnyDesk.exe
388	AnyDesk.exe
388	AnyDesk.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 2104	1380	AnyDesk.exe	85
PID 1380 wrote to memory of 2104	1380	AnyDesk.exe	85
PID 1380 wrote to memory of 2104	1380	AnyDesk.exe	85
PID 1380 wrote to memory of 388	1380	AnyDesk.exe	86
PID 1380 wrote to memory of 388	1380	AnyDesk.exe	86
PID 1380 wrote to memory of 388	1380	AnyDesk.exe	86
PID 3936 wrote to memory of 4908	3936	msedge.exe	97
PID 3936 wrote to memory of 4908	3936	msedge.exe	97
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2268	3936	msedge.exe	99
PID 3936 wrote to memory of 2044	3936	msedge.exe	98
PID 3936 wrote to memory of 2044	3936	msedge.exe	98
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100
PID 3936 wrote to memory of 4404	3936	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2104
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8283346f8,0x7ff828334708,0x7ff828334718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1812 /prefetch:8
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:932
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14882280497962774607,3402496800233033283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
412e48e6d0e44739b5333a8d905e9ccf

SHA1
e0b0381ee82dec0dc1ad3a75cdd53b2d3b186c94

SHA256
6e346d8f7b476ce9e42b7fab91a5c2799295c937616735387e455648496c239f

SHA512
7511399ca01c795ec570e8002cecc12b1dbd0d2f1d2eef9285b5e89569697b268b9d22de34045c3efcadd3290aeac9724e7473b2b823fbbdc7c073e6573fb2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
398B

MD5
3afe89e5d880c04758d9dbeb945cba07

SHA1
61f1a5d4a1112ce26c0d2731bfebc0d2e3bab56d

SHA256
6c028ff13095386c526f56159c6cccc6a9d33c0b1ededd9273bb31518e66244c

SHA512
445f63744bb9b86356d33c8908087bff08e773f210960cead5d214f26076659637c3a22396337677cfe0f4425bdac24564eeeaee3a8b46028f8c28d42135fbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ef30cc85632df4188fc673ae1c8f84b

SHA1
ab9678d6dfa374008b81a9095c7f188d0c5ea348

SHA256
9f561eff2cd40e977a8a9e0529e6ca86dfedcebd5dea3e1e058fb27896fdecf4

SHA512
777b09e75f6c16cc085ffadd3f339e900d3950286b96052180eb38485ce8d2656aaaf70df5812dfb019fd5ab155b73ad5598cfc2fbd54a2406b4107d0325e4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e91b9761c21c823eec30fcc8dde7f88a

SHA1
f7dc73a185b37cba64520a10f4fd084bac2fbeab

SHA256
4ec5a0df4bf0fcccb4396554cdaa80583b506d48f7d27ed4536b186508f41049

SHA512
5eecbf2f5a44177a8dd558286167632c6f476cea9e5f8516eb84d6d449bfc882a328f5efc81cd6114d85c02f0b813ab10606d51d0c3539cfe8f9e452716fa130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9dbc62ca9b99b93785aa0dec04594bdc

SHA1
4e0ac8604ae1339bc458927943ea3a5c150ca5e4

SHA256
b819f61da6cd6ca9135d2c9a0557436ae8b7546db43be970013692225fa94479

SHA512
a4392290487a45e47963871fb9b884a90e1fe467a83ea60d43216c18301b9daf07d685f486d83cad4b1f4d78fd60f3e57408bfd47c1d86eab12ca305cb8f0c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a472e8ae2e6f49392712b0fc2d39f41e

SHA1
483d94dda41ea186828a9cd5262d17b41388c2a7

SHA256
85d14d4babf56a50e16198848e8846cfa17877b83663cb48bfb9e2987c92cc3c

SHA512
098d5dc617b1b04132e3be3cd55ed9be0683537cd5437f941de2683abfa5d8a572de9bbbed257ff1d22ae34451b47f54617fee80e366d59dc01761fec0427f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e417e03b11a9da003dd3793ff86aa72

SHA1
5101328c8fbe8034de87be41d439f345c0f74e81

SHA256
605b332338f5911325a507ab0da753bdb879f0febf70062fd6423cf62b3bc481

SHA512
7c915d5397ed8d54c3799a9313346291797f682af01268cebfdc0303491b6c742dbfcbd353ea6294674494fbd62d63cb8c48d66cc1c2507519386ffd0b46d698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
98ba1c2ee17e8c62d9d346f93e15914f

SHA1
6171a50d9367dfa753b1185ed327d5d48fb2a034

SHA256
c6d06a55345d598011bbf2ceeb010c844aa642086b7c15759ab8c1b6f8d56b3b

SHA512
3e07ea89ddc0d02440f97066296c2682cbd709e1b99e75e43c7f9873bbd205a37f7c0ceafd03b7f3fbf7d0039dac7c1e50147df527aa17f82b1d11203f445554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dd5b.TMP

Filesize
538B

MD5
725c0c4de9f916022801af1e3fd4ddf4

SHA1
17fe0c721c59272037fe7fcc7be49f930354f36d

SHA256
dcae31701fe53578f2b4399d4d5c07490cf8404e97cab4cab72744c709a67a08

SHA512
40e8f3d0ff64c4ec9e79d1097ebf5c9521ac53990ff0b9d980535edddc1fa0cdb6dec93d5f571115ebf33db0411fd5fe627299a0279a8b085a827320e030b9e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
666fc9f077851a5ed2974891b7b3f37b

SHA1
f092dae48f4a049df1a8f1d6e854179caaee95e3

SHA256
86a1c8c6178962c04e19cc8bd43ef3151604cecbb9b5b8de36efca0ab2b195cd

SHA512
058387878979af13f1b48ed44bd7df7b0ddf85fd0f5c39f6acb236cea7c80c535f58e16661ca086aa0c471f176b5542adfc624293f4f08c4c197f5b824fa2ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c5550068eebf585017a24f5679e4bab5

SHA1
430ba808d471731778e7e8ee90332acfc954d1e4

SHA256
2dac0a5650f4b8ba3ef8d2a7bdca0c4db0ba11325182e7a8bc760f6a58178835

SHA512
ecffbc839484d471a8f1ca5785e3d1dc85148588f430ec5bcc49455a01240000ee1c73bfc48a740d8abb9a9e0ff8a5f25e67dc814370bc38c1b9ca376eb294f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq9CF4.tmp\LangDLL.dll

Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq9CF4.tmp\System.dll

Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
4d6a84d982832435abc3e9a4f504a7d0

SHA1
ffdbe7653b73dbe6d881d288011015d8b87b13f8

SHA256
1838753437d70f61b33f15a4e92d27d61cf1dc1b66ce8e6cc712299468d707c4

SHA512
fbd4f41e28e758e4c7d4b0df2cd24ccbee15865d4726ce500c790e338fb992c6d2c8cd6656cd8558a33f937fe80a34236229b7152805ecd874584ea9f72b4eb2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
460171691eeaf2105bd40db13c7126d7

SHA1
a4df2edf111d2618124e8cc578c6b5d4c74bbf29

SHA256
360b2a0e079e913be75cc2d3fabf897ca081ca2957909ede236f53c533a15fed

SHA512
8c8c0863d5db0505277f80d588106caffa4d552896b00d2f5140e4dd1bac59b4037cea8920058eade04d6846ae77ffe6734eb8bcead8d33e5b50c2c652befee1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
e42482a56e7780ef541e3934276e7070

SHA1
4eb07cc512d009673fc48fc712862ebe746f799c

SHA256
6a5068222bed5e9816a7a238b26f361b2eb9b890d0408f1873975293bb943132

SHA512
94a7e7a3a10295260ebfd27ea11820771fa69549c24faa13c1e9c8a07d258464af71e29256a8a88e1ccdc4e4d3c6c5915124e5eeccb49195a1ea5d4b2a28e8c8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
ce19588980021ece9b636b9b8ca3a5d1

SHA1
602cb579fd200a133fb8b8484c7059e500347f07

SHA256
bfae6cf16cda3477d1d72ac01b79b1d435f47d375b1ef14d1547bf34da50c1a2

SHA512
12d9bf7b300d93aa3662b77bb50365265637ca446b3dbba4cda1119e303fd77b335b56e327b6e8a77fbd6740fc3c1c2254eb8dd0ec80482421ccb2e2565b1b0f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
733B

MD5
91d8fa14f24eb3face27889eb1966d99

SHA1
e36d0e10fe219ad8d46839b7ce7bb77c416c3689

SHA256
a71b4d55794996cb81d6e737061473e7917b24548dc5858948658e6281d01efc

SHA512
211853bb72e3da2933d9acf2d2f203f88ea9190c677250e33a81cba41cc28aea566689148e2e10f075eca7988bb52fef71ed954f0ee6b0de3a571754eca5dd98

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
733B

MD5
0ee23237ce6db31770a9446c1575096f

SHA1
1bbe88f91dff8bc763e5dfc740688bd8c0461b69

SHA256
ed8cc2dd3fadf11b32181371d66cb8893dbdf02ea25640be5a80b216d76a6f82

SHA512
75a587dcf0a0de6ec9171d8901dbe9acf4d604230097a2e4cc1d61ed8a8d589654b0a3dc9c64f004737b430149d673674d17a355d4d2c1e930b227e80c5628dd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
dbe0832d6baafbfa106b09c855f83a49

SHA1
66890f26bc5c9f6c5ed21f025b3e75ca5521fe5f

SHA256
7d9404ebdcdc0876b6a18779bdc8a3b6ace707a1c85c5138765ecbb8757ff88d

SHA512
06608b3acdd9efd28549f8873e78abd4ad469acbf99e56eb1434a11c0674e218c4b7b0fa9d127af9958237612122037d7fd4d4b89a2e5f2d2de80252b04bc844

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
09d9a958ea63cddac3fd7008c80ee988

SHA1
75dae13f22e6089c9f76bacad9977be1a5962a42

SHA256
a661657dd6d05166fac37cda893c0a85ced099a3196d9319389c7ed6edd2e7ce

SHA512
7f6faf2e1b3cf488f6f9b6572041cf235e975b2b6c65fc88d92b90e20f047749aa97efbeb606f4980d52766292c51729e7259ba1cba65d735b054ab3c56014a5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
3ca94a750e907764f7985bbb3a0bf08d

SHA1
124cb100080715a9c9b37500ecdd2604890e8098

SHA256
95b497e697ef4cb5454e0533de8a76ca98b4df5983ff123ca5d9d92a398e23d3

SHA512
1bb701f02767faa56f4b4218546b78670fa8f0160f87edcdac43120fee0f920054b52048dd17646cdf67ea447d55cd724819e02dbd4af6173c9ee4eacaf5e8b3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
3feacd3bb57ef19675abe8d6ad8adcc2

SHA1
ff044910de08ab1b72af92a51616f376cc47de1f

SHA256
b42714c4a40740a03b93cc1e4b1a92cdb8ff3ff05175616a60308ab8b45d7cc0

SHA512
fa325d7d3885bc88cf110cf7d83be0c7bcfb10d548facf349cf672c9203876336cbebd06f748889525ec526d2c7c2db89373e8e7a74e901c956514c158578807

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
0a39561f2f84a0938a01584ff9ffa945

SHA1
7664882ab139257a2e56563e4ab5a64dfd7ee9b3

SHA256
42aebb392e6d44752204c3b79aa29e111a8be1343d9fc04eba9eda1b7149ab62

SHA512
aeccb013fa96ce61b77df2c95df785a26a0249ea338ebd5348e818de521c248983cec2d2f0a2e6561251032ed2bf4792bdc257af220397b0d75f29ed6f354964

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
46af35829440554c221b8db95b73f1e6

SHA1
e13c1fe0a636d3710f0a520f2e5ceb936196564c

SHA256
c3d4e8c4a148e9bb9091edebc70fcded9ab7433a3c05625f92fc2d74631c9e9e

SHA512
6291b8adaf9ee54550323f4ef26c0b43bef2fd5b71884509e02b920d7da4a1e8ec9fec6f190385489c1f6b97ce3c4272c31319dcea68b5369989a9b998d9e660

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
37f5aee8945787a8afcf82aba62df5fe

SHA1
fe85caf4079f7c5547de620538bf67feb593a408

SHA256
52695137c5b9194ce9d8b19ed1b92aa82f74daaabc04c456cf3bded7507d05a5

SHA512
dbfb522d72f35676d96222ab50272fe0c2badd8fca34bd3352b56118a727487945fe0e66206104ed194871d37e32a5bed8a3aa7356db8721e578c127fe8be7bf

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
32d60fcf6e5cfba646638dadc6c83b13

SHA1
505b5d5afa2a4ef7e33ced4be06cda4c95fb2bea

SHA256
0ec53f210175a97d3e34426a1ed7bd6dc10ec8124c0cabaa722ad7216c3b95b2

SHA512
d5a4d207eb51af56214d5fd131e4104283257a2f01038e1ca42fdb4a912d24c408aa6d31973c8facb056193c025fd20c47f919e628951d6582593958eebde1d7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
2efc7b82cbd89a928df29812db486cac

SHA1
0824bdb6da3956c75bd90eab4a893e5e3e15d4d3

SHA256
b18275e67a19f2b6e6412cb524b2a5a8949c1498ff67410f1972cf2670fa8deb

SHA512
bf0cdaede2231a5f0df87dcb4a50966f6e9499bb5611607eb40498d7dba20fd872d5f6c4ea471260b8567c7637473a77c46d09c80842ab753bdc0c1177a2bfd7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
8eb7043fdf9a4477f3ccbdd7e210acc2

SHA1
f6ef7fe5ffcb0a81a6842910416ba65c3178a2d0

SHA256
692f94604fc9ba47c607dd4b9d9b128304a1a661932a52a11d2b8b127b0d1a9b

SHA512
d64014c788d2e846c782073ecf504740031d4d4922fa5186cafa94b43e3d438f9797aa46f119544dedb4a6e9b18483b8eef525d01c170ac206ca47ec390b793b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
2a7a8e5c0a50fd8701bceea5afee3524

SHA1
afc025d75173757ba93d51769bc01826bd895653

SHA256
997f23592d97552656d8d1ea2ed9bef2e26f88323cd816e157fa60d6a95e1ef7

SHA512
c35f7b8c599e9ad265daad97100f79d78fe154b9e8ca4dd6b80b73e2c3ff843fe9de9457fb2e7f54ef19a0ad257771905c701f5676561150029a4434de88510e

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe

Filesize
11.5MB

MD5
cacc30d2ed8cb097cca589750baf8145

SHA1
f6b7efb21fad3ad92568bcadc0f589680a24cdf0

SHA256
9ab7ee7ebda03f71d86c253f5faa92ca1ec7b3aae25e4c48bb06e73add2c32fe

SHA512
a8130549deecc323c872606d743a91032ae8e5c2940f069075c71edbef4b5b266ba319eef23129849766c13f6c650e862917b49918d52ddf06b8922e9a94047c

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe

Filesize
12.0MB

MD5
ef600b4672ebf6087a908859a3ec26f0

SHA1
2ce1c3c4de224bae5998252107324f85c4e2a90e

SHA256
f58c944eb91ef955370d659fdbcf09487e2e519736f24d79fa54b184768b4348

SHA512
5bb340c293e394daeab846900f547dd9a594dab31275ee130cb6de7f11a644ff840096b4c82c33592adb8e89de8b35f6840e0702988dbb06ae95ca629538dbef

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.9.exe

Filesize
13.3MB

MD5
b6daf3e4e490d48f0d3fe0a3326f2113

SHA1
f121a4cbcc8634de031c7d89621e0d54463e5e83

SHA256
6964f4520b2c09f19beb53b0ac3b955900731337bc3e369a23047bcc56e4165b

SHA512
0e38f271e1ca1f1e8e8c6317e5012c8e02c89373c7417ef5b24d74ff9f6769777c68ca8252c4d39777ec2d4ebdedf5fd08df33c6f17d5ff3f995d1fa688b203c

Download Submit
memory/388-31-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/388-242-0x0000000000570000-0x0000000001CA7000-memory.dmp

Filesize
23.2MB

Download
memory/388-20-0x0000000000570000-0x0000000001CA7000-memory.dmp

Filesize
23.2MB

Download
memory/1380-1-0x0000000000570000-0x0000000001CA7000-memory.dmp

Filesize
23.2MB

Download
memory/1380-18-0x0000000005C20000-0x0000000005C21000-memory.dmp

Filesize
4KB

Download
memory/1380-106-0x00000000081F0000-0x00000000081F1000-memory.dmp

Filesize
4KB

Download
memory/1380-121-0x00000000073A0000-0x00000000073A1000-memory.dmp

Filesize
4KB

Download
memory/1380-4-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/1380-17-0x0000000005C10000-0x0000000005C11000-memory.dmp

Filesize
4KB

Download
memory/1380-0-0x0000000000570000-0x0000000001CA7000-memory.dmp

Filesize
23.2MB

Download
memory/1380-239-0x0000000000570000-0x0000000001CA7000-memory.dmp

Filesize
23.2MB

Download
memory/1380-240-0x00000000073B0000-0x00000000073B1000-memory.dmp

Filesize
4KB

Download
memory/2104-32-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/2104-22-0x0000000000570000-0x0000000001CA7000-memory.dmp

Filesize
23.2MB

Download
memory/2104-241-0x0000000000570000-0x0000000001CA7000-memory.dmp

Filesize
23.2MB

Download
memory/5208-697-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/5208-698-0x00007FF83F430000-0x00007FF83F43F000-memory.dmp

Filesize
60KB

Download
memory/5208-699-0x00007FF83F280000-0x00007FF83F28B000-memory.dmp

Filesize
44KB

Download
memory/5208-713-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/5208-748-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/5208-756-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download