fb73e03e2c16a08c7d41c1987102168af9995b16657f681dd927751b3424bd84

Resubmissions

20/02/2024, 02:25

240220-cwmtlshd8t 3

20/02/2024, 02:22

240220-ctjzyahd5t 8

Analysis

max time kernel
57s
max time network
148s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bcbe12e2ee6689afeb3d473a86ebe879.jpg
Size

160KB
MD5

d2e5dbcadc018f6674fbb45d458bc82c
SHA1

f76bdf0e422a936127c731e9a92164d2f65dbaed
SHA256

fb73e03e2c16a08c7d41c1987102168af9995b16657f681dd927751b3424bd84
SHA512

fb25223f95dfa8f60c7720ac9f4f500a8fa70bbf6742f77adb5835f06a82045c34c37c32a138415bd21b5ee391d371111e98b7baa5fb12836fcdfa5b0faa8454
SSDEEP

3072:Zu6amBV8MwHzmkUApalmq7DRhgjxIJm2O56ekFwKDhG9gIkGm7e5:3aq8M6zX6hNmnkFw2hG9gIk97e5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2620	chrome.exe
2620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2192	rundll32.exe
2192	rundll32.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 2632	2620	chrome.exe	30
PID 2620 wrote to memory of 2632	2620	chrome.exe	30
PID 2620 wrote to memory of 2632	2620	chrome.exe	30
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2592	2620	chrome.exe	31
PID 2620 wrote to memory of 2536	2620	chrome.exe	32
PID 2620 wrote to memory of 2536	2620	chrome.exe	32
PID 2620 wrote to memory of 2536	2620	chrome.exe	32
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33
PID 2620 wrote to memory of 2436	2620	chrome.exe	33

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\bcbe12e2ee6689afeb3d473a86ebe879.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7879758,0x7fef7879768,0x7fef7879778
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1112,i,11418266676380272026,10936180708888860656,131072 /prefetch:2
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1112,i,11418266676380272026,10936180708888860656,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1112,i,11418266676380272026,10936180708888860656,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1112,i,11418266676380272026,10936180708888860656,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2068 --field-trial-handle=1112,i,11418266676380272026,10936180708888860656,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1512 --field-trial-handle=1112,i,11418266676380272026,10936180708888860656,131072 /prefetch:2
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1328 --field-trial-handle=1112,i,11418266676380272026,10936180708888860656,131072 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1112,i,11418266676380272026,10936180708888860656,131072 /prefetch:8
  2⤵
  PID:1276

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:380
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.0.917276594\772230447" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {253f7ae0-fe5a-42bd-847e-f2e48c07eba9} 676 "\\.\pipe\gecko-crash-server-pipe.676" 1304 110f3158 gpu
    3⤵
    PID:1752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.1.1553830149\2057408573" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c04a0e19-cc54-4d9e-8be7-26c5579811a3} 676 "\\.\pipe\gecko-crash-server-pipe.676" 1492 e70a58 socket
    3⤵
    PID:2116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.2.1018809875\787404964" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 20933 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82df49ff-3559-464b-858b-7ce8a70185cc} 676 "\\.\pipe\gecko-crash-server-pipe.676" 2096 1a495358 tab
    3⤵
    PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.3.475723305\2077143409" -childID 2 -isForBrowser -prefsHandle 696 -prefMapHandle 792 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44794660-5303-4288-b9d9-2d53e73d0a3d} 676 "\\.\pipe\gecko-crash-server-pipe.676" 784 e71f58 tab
    3⤵
    PID:1536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.4.558336273\985252945" -childID 3 -isForBrowser -prefsHandle 2792 -prefMapHandle 2788 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b3b0305-4b49-44d8-9a79-add55b9000b4} 676 "\\.\pipe\gecko-crash-server-pipe.676" 2804 e62558 tab
    3⤵
    PID:2516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.5.570301974\783996187" -childID 4 -isForBrowser -prefsHandle 3536 -prefMapHandle 2976 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14350a84-2de5-4f0e-9bc2-1eed8f7d52c4} 676 "\\.\pipe\gecko-crash-server-pipe.676" 3640 1a575858 tab
    3⤵
    PID:2728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.6.1849107316\187085201" -childID 5 -isForBrowser -prefsHandle 3760 -prefMapHandle 3764 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {faecf053-86e9-4824-a8bb-c2fb72933719} 676 "\\.\pipe\gecko-crash-server-pipe.676" 3748 1ec05e58 tab
    3⤵
    PID:2092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.7.919135949\1380599579" -childID 6 -isForBrowser -prefsHandle 3936 -prefMapHandle 3940 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31621405-865d-49db-8828-7881dd215ec1} 676 "\\.\pipe\gecko-crash-server-pipe.676" 3924 1f0e4258 tab
    3⤵
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.8.763181968\816294815" -childID 7 -isForBrowser -prefsHandle 4256 -prefMapHandle 3148 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bb17e67-e39e-4de3-8e27-e55516066c19} 676 "\\.\pipe\gecko-crash-server-pipe.676" 1872 229fb258 tab
    3⤵
    PID:2088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.9.258997504\1740744881" -parentBuildID 20221007134813 -prefsHandle 8400 -prefMapHandle 8396 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbc02931-369f-410a-b157-17c61da42065} 676 "\\.\pipe\gecko-crash-server-pipe.676" 8408 1ee69858 rdd
    3⤵
    PID:2988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.10.1222579066\1781246263" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 8300 -prefMapHandle 8304 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa7a1bf5-a45e-4c58-b18c-ffa8e94934d1} 676 "\\.\pipe\gecko-crash-server-pipe.676" 8288 22a54a58 utility
    3⤵
    PID:1736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.11.801029661\166959941" -childID 8 -isForBrowser -prefsHandle 7932 -prefMapHandle 7936 -prefsLen 26466 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1b5fbca-ad08-431f-b6eb-f5b20903f2f4} 676 "\\.\pipe\gecko-crash-server-pipe.676" 7920 22fdbf58 tab
    3⤵
    PID:2952
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe"
    3⤵
    PID:3380
  - - C:\Users\Admin\Downloads\AnyDesk.exe
      "C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
      4⤵
      PID:3544
  - - C:\Users\Admin\Downloads\AnyDesk.exe
      "C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
      4⤵
      PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5043ceaa-7007-478d-8795-45cee1cdf24c.tmp

Filesize
255KB

MD5
5596771e457272a0c93f5ad2aa6635ea

SHA1
e6c092d3eab5684ffaedfdd7da4c042020271dd2

SHA256
4516edf7c9c14254d99afbaacc455f1bc2e69e8fda1bc05ef16b8c515bd3a48f

SHA512
938869bda1d9cd02d3d96f6d8c4d854dfe66ee3b20827602e6bd4910b393ed374e7080da5cf082dd799e53cc1c6ad7bf099ce89b8b79f767d4fda3c4df783ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a8458cb5fa798f40207b325aa15fba9d

SHA1
ae9cf440d2670582f7e2cdf86d45d31df9e21c05

SHA256
c18bcd55c912874ac459b2e05d3b9969a1efdffa2df733281d436d19aab50605

SHA512
d440ee626d9683d7383a22729f6d768ee30e91a002e8d897752a5f35fcffcdca3fd8ef1cbdbefc92c515a871e5422659151d7d39de7a04015cfe6aed3a4605aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fe25064a1f8bb4821cbb69d152341124

SHA1
4014aad0d42549b34809d9a38631e96306636f28

SHA256
f8e5adcf3ff59bd3f5accd776a7a5ee3e3c1c004e57db3d1a3def13bd0b6af70

SHA512
92ac80dd4cef3eff5c483a75e27357f4b53f967dca387ca98d0ac8ae2e2555f42d14ffb944677e057e9a0cc157e37b20683b287153861af4ffa62d2fd6cba190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
0617b487b0c6b6f2c8674985391a1b71

SHA1
e8dc1e1f72f65b6b83154605f077153d32fd5b4a

SHA256
a5cd16b628f10b2e128958f5a1225c8f990d0652a59238c8d36f64b0b829a7b6

SHA512
7a54eaf2519a8af75efb5b43b912633fec9750d788fceef99390cffa82b87d471dab277c42c99d2397906e42b8361bc0835d5929e3483737fffa9b8d5cc79f31

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\24199

Filesize
7KB

MD5
1c15571f601e40ea516b0f00fca59862

SHA1
845a0fa5f616486272fd9405877582937e68fcac

SHA256
c4be78621edd0f6d02ca365e81f3b051dee1b074eaec5e5e9e2d23c112ccc24f

SHA512
3df5ace136f244657a16371c8264dfef4e24416bc06d309683755ff3f4a5cced57b63a20a58172ddc0c8a7dc98baa2fb1183fc193b84c5e4315f46928b658f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAF25.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
244e18540acfd55e4771322e689e3ff2

SHA1
90f6b8a3b2bfa15104af7df6ea8c69b99063be2b

SHA256
b5f065f15db41ae283df1f23ba023d74d47cd8ec23f7776fe1df5057aec45344

SHA512
5234b214b189c612fddd54b58eb2554a73414034838a3b18f553b4f35309ee3150863ae2f447b3cf4a77a42b5082a3e5b1a02adfed3e720431e8ffbad500e622

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
720c252752e6191af73d50d82577abad

SHA1
34b8cbb4dc229f632ea9e05bc5dc5baa503b65a3

SHA256
3f54a8517a3845cdeff640770bea09fc8eedc16dea333cc8aa06d3993c39128f

SHA512
61e23cec44660a4ff65492212d9d4b06b5fca68cb9755c827ab46508b0576eef3d4306edca4eb5eb4a61adbad811338faa6d5a3f4c4e828a6ad80a79e0c35352

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
0be9b1116c45ef41c6c93fa0701e963b

SHA1
6e62dc547e63a1d14829fa2e55986411068da9d0

SHA256
6f04cbce9e0c79ed78532bee2df2279935772405ab76a580ce1c6f64c5099d5d

SHA512
b295dda9a02b3eb8d25f17295890c2e7ebac2a8135a35333388d6774014dc214377fed4a62e7d9eafc84adc2b476a35f206cc00c67e43d75ea3c3a495c42d2d6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
8e6c4eaa341a26288c92f8a840d3a5e5

SHA1
19c6eb1819de10aa821e4a5f3c441c23383b1fda

SHA256
6a2bd73709ff3410344c110a8490dedd231fbe87fa1a10aa64dda87e991c0468

SHA512
2c868d517b0326b4818b72a9bf8f3b600a6111eab781d22853a4021bb47449449678e3aa6d720fc920d6b562c8d93b569c0a3270f648f62a4da6fe718145226f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
bbcad7911dff910a299fa08ccb9061b1

SHA1
64e4dafcafa4a605b903d2b6ce2f08c1503136b5

SHA256
b79a77ef5fee452c87415cee70051eed15747dd75f89bf9d6991db5defe6d2aa

SHA512
f08079b42d7a7ed5b0d310f1af4c80b6e9e014b3e2892d526fc8670db7fcc0f2c4bb333ef15de4afc64881634082bbdf8660eca7ee9a910541848878e0f82479

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
992fe83ae4cae27eb6eb46fbe1fd3164

SHA1
5c9747b2750ecfb4a0bf9a1286c58f83f0cd0ddf

SHA256
190b1ba8aa18d6fc99fc2e55d0205c44a13fb18be052403569f9bb8481cc3481

SHA512
ba011666822f860bf0de3e6d185f321abb4b2b933ca18f964e714408353b5f96960837ba955804b1f4f6a0b69c268b64436aedf8e665a1fd7cc12a9dd3f468ab

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
58bb9f99fbb1c49d4cd1e4e1a6509def

SHA1
645835f6028588470bd077388d3c41b0c77ddbbf

SHA256
59a606dc716c6c2ddbc44ad303f7f2baee26171b13d05f1ae25ce0cc1ca024f5

SHA512
228e1a0ddcb4c6bae4b4b59bff5eae1735c6df0c66a419bc66cb2f3e1cb9a9265a8e590fcc508a6d4b2882a19c01a64c5496e32f98f11378c8b262ae80a29c3d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
3866e8ec75c1721324bb0cd11f0d24e9

SHA1
c1de96bb6d8061975febdd0159fa716d6411f83e

SHA256
b72daad61644e4f9c3c6cd9d4af9a05341b774f7b6ee5fb29c44f52c9e338edd

SHA512
3f5a10141617b2613b95fb1513019e0e1b4529853a7f0637ff7cf2ed2c971a270ac213c82320cb15579d9d39f9f07c37ae45c7c96726bf41908996ac10f26d1b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
66ade3d7fe3d13a0f3a33655ae138ef6

SHA1
b22e94645e5d8fce4ad4cdf840225db0bf1a8012

SHA256
445971a890390412ceb3217960fc0c3e836ff974a797c97236413c7c862545f3

SHA512
9b61fad5049e7d489105dd4a25042ca63b03a35d5f004ae083d00a27ac1106ddd41365efba223107f8e3f372055c2daf30ea515cfe8cdcc2d1bf37c04cf1902a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
5ea2a6e11ead6153ed8f30d023355c52

SHA1
4d17aea677b551121558ee67100e1ee063277e5f

SHA256
262b81ff43d991ecde6e7226d0c8aeca4eb5a556732c273675afa5c68c58b5b2

SHA512
3c989b881b6af4b2ff6741e9aa044d844e1c29b9657821f5f26bb8044ee4fd79f1de74664eabe3ba3bd66fc2eca03748be3de918f3d2ef3e546b7552cb9618ee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
f1bd07cb8d52ecca54cc31d123ceaae0

SHA1
30cd26e8816afd105da72e7a165118175a68839a

SHA256
d8f5e2e854b03d294add5affe9366f71a14cbaa31f69f3ab039796ee2a6e413e

SHA512
6adb15c0169e403f7ccaeae87ead56192c245882ebbb655314851b181060568ca07404525bdc98bb2d05d51fd9339895aea32e85b3c797ce264f228d6ac5226c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
527427dc64a2893db467b927371db14d

SHA1
9435867309944613ca6e88ef34c4dcf1d6c96f5a

SHA256
52b5029a4ea6d5e4cd1014ee4588a961a3e90175292ba98b91920404357fb242

SHA512
9e5c4a7268617a92a46516c2493f0f80e5aa6a9614e8babeca7fa5022db7ee8d4a4e2a1683066c85d23efca4de623a209535e8ed0250c3083b98506aada9e2e3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
63f49a385e57f9e4fa45fbf50ea92ebc

SHA1
5108fc31df200b0a1230363f28961f69009924ac

SHA256
c8985fd245ae2538feac4613aee3894f5d56d928da9cb677cf15bb38d47ca547

SHA512
d7bff227ef2ae16fcc5a62ca7ac28437f1435e5a41083959f18a307f5de4e056bf257ae2275ca1a8bcc684011a595c961046be7be36c6a61758adf16ee00d956

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
e2b6f733cafb75fe8d09337572120196

SHA1
67edb77ad76bf9fc6de0fb1aef594e4c54837f70

SHA256
ceab3d36aff3310572b49a311b3a38e3c2f2b06f7af301b6c4369b90b8f9c300

SHA512
a1d0694c002705da13caefa4c55040ced89f0b610fd691b2e0f994ff514c7f2cf1ec74b149f5f77a4f00f85c19f9f5ea9827bf566b8d8be3c939370ed6116175

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
566927d76627ce18c81eb3c9b5a316e5

SHA1
66e0cd96514d91ed37f6f3dbc91534922907dbb8

SHA256
2ce590253be9e5442467196a6cf72e43639a8e2833a8da51121394316be409ef

SHA512
6c4a4d32dc7659d6ebdc982fbeed9c851a68c36b156c290e00b61834d8ce9b372691b5a8e6830f86519398f9d3a051d985ec51091e0234095adf993147ff11be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\33aa5d4d-6e93-4bca-803e-74e4e2413d2b

Filesize
733B

MD5
e88f548d06c1384c771a5e07be85ac62

SHA1
9bdf3d30f5e9f39b20f9d0b7bafb08e996a6d249

SHA256
2b56229ed2a0b3e5d6222542bb75023baffd83b8083c63d9c70f4c17bcf74c50

SHA512
f0fe183203e20037cb66b2d0321f2454e1495161144f7e67caebd67ba9409a3075f24580b7754264022bfc684fc1be6a131721e54f81012dcb15639e52c79d31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js

Filesize
6KB

MD5
387afdb607ba69c75ddcf78e02907039

SHA1
88ffe12d095287a636e4a7a7063028a75d2753ce

SHA256
981e7b5c4e76298f0f4baa1458b1c020f2ea8ab5384931ab811c9f8acf6634a9

SHA512
8ea8e1bd059ce734449e69b3d9ba2b755379612704a136e305de7779042c519b6ac8edc316948f761dc599e3c630443effc93f9fc0981421c65bd0c009ebab99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js

Filesize
6KB

MD5
829fd2dfa9d07317804e617573fb7f8e

SHA1
f4866a6df789e526134519effaf65a34f9afb43a

SHA256
77763fa56251247cad7668826de791ba0e8b3751860320bf2c13f895d8c45c5c

SHA512
82b2d15377c9318bcb3cb056c3bdcee13e60ee2481c46048b516597b0a698e2fc1eaec9261d532301341c005b4363bf627c3a411003f58b784b53cfc1a494f28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9d220ae560d41fbdc9703f714444a05f

SHA1
124374f5fde172613b4809034714020c8de9b511

SHA256
6fec7845e54603860bf26654d054daad0d8a14711b89351a77f49a33346030e4

SHA512
6e5f97532ec69c3275f1137c62908ee55d8393f53202cf8419dd9afa384ea6e3a1a536ca64e3d4e433815791023bda4f6ec93f62a77dffcfc0b2a9bbd04605bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
19c95444ffd01980ee018655c9f7ec0d

SHA1
5ee2e963e7d84c25ec26248ebed787eb406287a6

SHA256
30291cd3520553827d157ca4b3b34995e768da2cc6ad28d034e01706759eaeb1

SHA512
f866b94ddabaf166da2e663ae6e85b5a299b4b0f6da6b4e1dff1a67c9b7a6eb7fb92ea9c42f4b56b0b09b20bf2c636f3d287aed7d0c99418388fc5b7582899aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b95277f23b088f7419b39b19ea6e03d5

SHA1
c42573c32bde4517700e9d449e0f01acf398ad3d

SHA256
02562f31e5d7d7c4664a46a1dbcc2caab398b440b15a32ce004e922846407b2f

SHA512
f19a5de857382b046c09bc58b1b66deffbaca907b23a6dc5925280cee44e9a6e3f018ec9b7e83e17f0eb65a1a45deea05d4165e0267c709965f5c11bbc128b80

Download Submit
C:\Users\Admin\Downloads\AnyDesk.6TVC4gQ-.exe.part

Filesize
32KB

MD5
1a491ad762ce7466ad5f387074ee7492

SHA1
430797104a9f35de68c316baacd8abfdb005e4b2

SHA256
77b8fee35710e36b6e733474558326f316ecf6e488b32d6399bf82dd2d05aa31

SHA512
5b0d41dce4cc95500d8b9c5b1c1a356749ad8f13248279c8f60296107e5375ca40955a2a2f785eb7031029244acf2742827ae5d20977a5192a3513b5332e45fd

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
5.0MB

MD5
a21768190f3b9feae33aaef660cb7a83

SHA1
24780657328783ef50ae0964b23288e68841a421

SHA256
55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

SHA512
ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
576KB

MD5
bfd571db01f62dbf3dfaf35a5a4609d3

SHA1
cbbe06589881b2159b6128a5027d83a089761568

SHA256
d1f42976d745d8616f8ea1a97a9458301f86c6536628fb65278f4ddb6e48ffa8

SHA512
6084c0cb589d1eb0f2e7ea361392b3d42e1d58f5db8e968c48ef4cf92dd3c1b97e702895140125de96823b84e6cefd0cad578d557bfd5f69963947dd35edc274

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
512KB

MD5
5f51d8b15b0c741f0b772fa91d29330c

SHA1
045cceb9a97273c2ef146749b24123e3d0bed25f

SHA256
cddd42c4df1e958d91a767aabdd8ed21d22fde96bef8f9e0ec205c55b5d734ad

SHA512
2e8dea7cbcc5b88b643c533f7294561ec8d815d037d9a3a581e07e62aa3e2625ef89665fbd1f0c5e086f5a4d5e6b01c91e46fd1fb136ec1f5a9ee5f8fae94383

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe:Zone.Identifier

Filesize
110B

MD5
27b5902c353ca1528d9fe4573b211800

SHA1
5aad114403c4ec2dc88c9a112c5466aa720f0594

SHA256
1640f1a3d869557f28b2b408bd03c580b030ef247424a60672d9641b22ab7351

SHA512
081517fe37d650441799372bfdc6e1d7c554a0b2cd87fa47991c57654f4a3ae91a2eb93130047839f70897542285089a53e495341f8b387e9f3fc879618cad37

Download Submit
memory/2192-0-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/3380-592-0x00000000039E0000-0x00000000039E1000-memory.dmp

Filesize
4KB

Download
memory/3380-679-0x0000000004680000-0x0000000004681000-memory.dmp

Filesize
4KB

Download
memory/3380-678-0x0000000004F70000-0x0000000004F71000-memory.dmp

Filesize
4KB

Download
memory/3380-792-0x0000000004A30000-0x0000000004A31000-memory.dmp

Filesize
4KB

Download
memory/3380-791-0x0000000004A40000-0x0000000004A41000-memory.dmp

Filesize
4KB

Download
memory/3380-794-0x0000000000950000-0x0000000002087000-memory.dmp

Filesize
23.2MB

Download
memory/3380-565-0x0000000000950000-0x0000000002087000-memory.dmp

Filesize
23.2MB

Download
memory/3380-564-0x0000000000950000-0x0000000002087000-memory.dmp

Filesize
23.2MB

Download
memory/3380-590-0x00000000039F0000-0x00000000039F1000-memory.dmp

Filesize
4KB

Download
memory/3380-569-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/3380-780-0x0000000000950000-0x0000000002087000-memory.dmp

Filesize
23.2MB

Download
memory/3544-789-0x0000000000950000-0x0000000002087000-memory.dmp

Filesize
23.2MB

Download
memory/3544-582-0x0000000000950000-0x0000000002087000-memory.dmp

Filesize
23.2MB

Download
memory/3544-602-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/3556-595-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/3556-581-0x0000000000950000-0x0000000002087000-memory.dmp

Filesize
23.2MB

Download
memory/3556-790-0x0000000000950000-0x0000000002087000-memory.dmp

Filesize
23.2MB

Download