1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

Resubmissions

23-06-2024 21:40

240623-1jkeqawhpj 7

23-06-2024 21:31

240623-1c7axasgkb 3

Analysis

max time kernel
359s
max time network
1042s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
23-06-2024 21:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.1MB
MD5

aee6801792d67607f228be8cec8291f9
SHA1

bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512

09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
SSDEEP

98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score

4^/10

Malware Config

Signatures

Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exe

pid process

564 sc.exe
1236 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
564	sc.exe
1236	sc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 8 IoCs

Processes:

AnyDesk.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{920E6DB1-9907-4370-B3A0-BAFC03D81399} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 010000000000000080d5912eb6c5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{16F3DD56-1AF5-4347-846D-7C10C4192619} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 010000000000000090fc912eb6c5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 010000000000000090fc912eb6c5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{08244EE6-92F0-47F2-9FC9-929BAA2E7235} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000c071922eb6c5da01	AnyDesk.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000a0b28f2eb6c5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{99FD978C-D287-4F50-827F-B2C658EDA8E7} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 0100000000000000d027902eb6c5da01	AnyDesk.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF = 010000000000000080d5912eb6c5da01	AnyDesk.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

AnyDesk.exe

pid process

2508 AnyDesk.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

AnyDesk.exechrome.exe

pid process

2068 AnyDesk.exe
792 chrome.exe
792 chrome.exe
2068 AnyDesk.exe
792 chrome.exe
792 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AnyDesk.exe

pid process

2284 AnyDesk.exe

pid	process
2068	AnyDesk.exe
792	chrome.exe
792	chrome.exe
2068	AnyDesk.exe
792	chrome.exe
792	chrome.exe

pid	process
2284	AnyDesk.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAnyDesk.exe

description	pid	process
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeDebugPrivilege	2068	AnyDesk.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

AnyDesk.exechrome.exe

pid	process
2508	AnyDesk.exe
2508	AnyDesk.exe
2508	AnyDesk.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
2508	AnyDesk.exe
2508	AnyDesk.exe
2508	AnyDesk.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

AnyDesk.exechrome.exe

pid	process
2508	AnyDesk.exe
2508	AnyDesk.exe
2508	AnyDesk.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
2508	AnyDesk.exe
2508	AnyDesk.exe
2508	AnyDesk.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

AnyDesk.exe

pid process

2284 AnyDesk.exe
2284 AnyDesk.exe

pid	process
2284	AnyDesk.exe
2284	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AnyDesk.exechrome.exe

description	pid	process	target process
PID 288 wrote to memory of 2068	288	AnyDesk.exe	AnyDesk.exe
PID 288 wrote to memory of 2068	288	AnyDesk.exe	AnyDesk.exe
PID 288 wrote to memory of 2068	288	AnyDesk.exe	AnyDesk.exe
PID 288 wrote to memory of 2068	288	AnyDesk.exe	AnyDesk.exe
PID 288 wrote to memory of 2508	288	AnyDesk.exe	AnyDesk.exe
PID 288 wrote to memory of 2508	288	AnyDesk.exe	AnyDesk.exe
PID 288 wrote to memory of 2508	288	AnyDesk.exe	AnyDesk.exe
PID 288 wrote to memory of 2508	288	AnyDesk.exe	AnyDesk.exe
PID 792 wrote to memory of 856	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 856	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 856	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1632	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1536	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1536	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 1536	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe
PID 792 wrote to memory of 2672	792	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:288
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2068
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Modifies data under HKEY_USERS
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2284
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef61a9758,0x7fef61a9768,0x7fef61a9778
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:8
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1964 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2148 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:2
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1324 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3400 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:8
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:888
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f8e7688,0x13f8e7698,0x13f8e76a8
    3⤵
    PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3716 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1128 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3860 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3676 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1384,i,5789937151981859493,11479507258566544361,131072 /prefetch:8
  2⤵
  PID:1612

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2884

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1660

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:1300
- C:\Windows\system32\sc.exe
  sc query sysmain
  2⤵
  - Launches sc.exe
  PID:564
- C:\Windows\system32\sc.exe
  sc query bam
  2⤵
  - Launches sc.exe
  PID:1236

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7501e82e01ea702a90bcdf6c0cab1eb4

SHA1
003020c0c1db74e5da1c4c26d2bf40c7db86cbfb

SHA256
17bf25e10b355936d777177ec8c3df8bc3e951c014f0e8163c21d3802cb50e40

SHA512
2d92eecba116173b66873549dbd9610e078b2d0adf9f9bd999d2a2dc5db6999368811e8d4f160c490914936b1b56227e9276336bb75def659ef405dde3189cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0d795e69-1e1b-4404-832e-85a27914027d.tmp

Filesize
300KB

MD5
6b172ea76f9e45201fb6ed2bb1abf56d

SHA1
a2ad54295758628e0133aa5ca2d8ffd839b1aa6c

SHA256
09dfba890a221e67c7b17d328f477b4c51b32d8b7a812f9aae5e88ec982d4f99

SHA512
957cfba82e4a467485a4c3f3b228e4de93aa8739f00a2ed409273eaef9791902f7068c22330f81734aeddea14f0d42998a7afd9b0d9813b7f4c87043f28db801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6dbed76f-0eb4-4a7c-8ac7-e275dc8e5df0.tmp

Filesize
6KB

MD5
72226927d525ec44fc44a2ddbf93e424

SHA1
d929c39a18f3cfc351ae9d86aed8e37aca11b4ff

SHA256
f70a98f6f63d5034fecb7e700f393d73623f7b629d6cf3bf8c74eae26e3eb58c

SHA512
99e0bb3e97173fe7edc7e6731972ef60b93f1c424bf19acbc3e1911042f44c8e53ac596a97523fd2326664f3f6a0fa521bbc9401048fcd7cd506f347caddd2c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
5b16d5b286c759469f9f0c17a1e645e9

SHA1
43914dc83f9cae9f18b270696ee38fca9a515007

SHA256
26f484c68b2f03175277b57e4d0e0ef6b85076d8bff0c5227d4bca2408e3f83e

SHA512
575fc60320cf2c0e32c5c5a10b5d9383c774c3458f5037e9c4f2ae42e9e5db9fa3ddb856ef0f3811c3cfd9f9d3525294d698743f6166980e96eb6b376fad558c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
aff739eb3fe097dc1962662878b0288c

SHA1
cedd1f3063cf1bc25fb317de83f8970e2eed7c96

SHA256
d67794a097005e626e2bc9f2af077203b5ce74d4228e223020b5937aedd01002

SHA512
b3303ccb813606de2a7a112e5c57c1ce4bcc8d087544a30d39ca727487718a0442878cd64f563af094fd113f0034c7f8e06c28de6cec6694933aa76e404d0c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
454B

MD5
f73352890c46eb8a39bdebcff7b77c49

SHA1
ca4bc589ae0cac2469b01e1dfff75f5ed0a02821

SHA256
674af2fc89443e730ad742272ef134ae57c9fe8f7a464b1cb1afd08fedf704b0

SHA512
55398513a43cce6ce270820fb3bbfc3fd8ddca03bca69f57bd807c3143c07c5f86814f5056d12d1f844d5e95cf242f001ecff0e6dfdb8c72e26a076869d6214a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a9df799cc26b485eed7fdbb93c01cbe8

SHA1
04dd608caa87f587687dab0f1c670115941a24c2

SHA256
22fa06ecf1d6713d2ced46ccd8bdac8403663a9efad0358f6f08a742b46ccc5e

SHA512
af6ee658fca11b17e382db8a8f7092d90c7ea45fc152ffaea87130ffa77c1702e9af3b1e6ebe0a920fd154bbbf99c85fa0429425976df925ceac5104cdd16357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7a726b72af132773e77c4bb43cc11612

SHA1
aaf8ab36b339355b3689c04a8ed69c2d2863ece6

SHA256
964a274ac9a126156f65ea75e168202bf90213dfaf91bb56862381001f1c7db0

SHA512
40b878cd3e3ef0e961e017e6166643e84bc48059fb328a34914de891848a960897b8df59679d72ef1f5d9fb2a2c669592098786917be69fcb324b17e78fa2841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e8c5260d082ebb7956706f328aed164c

SHA1
14344142cf4743ec7adb4649aeaec0cae0ed626a

SHA256
268d4786f674cddfaf536e42b9a9a3bff046280c38648d4b451b05c6c2ebdfc9

SHA512
76201b29a4a9d6f2a10305aa9bba98d16b343f4bf901631cc5a2c426bed76f1b3b936cc370ec44400be903ca7750240325c769ff09e20844cef82f1ebae76a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
200B

MD5
e3637f80d2115b6f0f41ee7d22a66b29

SHA1
86cc9ad8831890f7a9d9705f49e6cf78c6b39b0d

SHA256
b8827d210ca18150e5848cef93f29072dc61f6a3f724023440bbbbfe12085c6c

SHA512
6ca214b078e2c56ddbb26e74a442d99758799681bc549d0a48384f723edb9d6573262580d9dcf2ef11b5741b2f3c250ee03eefc2d54f309b2f36f6f7d02606e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
51679391365eca1acc69942624c2f57f

SHA1
163e4f644989620c2fb860a99f2fd5a75502c1b9

SHA256
6257c14321dfadd80aa56aba4356bb69338e382d71a2f275f2fd92659cd4ebf0

SHA512
44a5f419d10c6f4a85c794a2bc88e869b07ffd988cd5ca10b734827113ae36c16626e99ba84580dddcdf34bafea59ec53fbd186c515359fb652dd7fd124642b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
8aa6e39ff0e592be8f1125024a454563

SHA1
fd824c9adcd9564b94452b232167e50412672cce

SHA256
86962b30c1a8e6322ff1e62bc1c59fca1576164511bd3c1cda3f9df1d5a0f5d8

SHA512
20faaaf93415963cebcf39f8dd5ec7f2be2dae69e0176dfdcf83b102b2ec8865868c7eb91d1afdc6395c733c76db89500eba29bfafeecac3527afa527ef62389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
485335c3d5f0a488ca6d8e87179afaf5

SHA1
48b4b501e315c7b4d9d3d01601822f1e5a2d1f2c

SHA256
91b8c1c696efafb8b6e688d1fe06db920e3e2ba53426e4e45a45a0cd2aecd95b

SHA512
94ba47d5679962f50a10925d51cbc0dde9d798359d7a5946bd3fd04ff9de4860c4444d8ae1145b46170ebf8ba75116f17a99e0656d92f680d9a13b8877a0bdc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4afc7df92fa37a0de794ee66ae8c2179

SHA1
b00d4be4e014132d214fc77ff0b9ccfda466c402

SHA256
7da81abafc5d1080075e7cfc3f6987a4f02f2ed23a9c0c0825846ca1243efe0f

SHA512
756b57e54a80b264ac8fac064b08dff898d464b06a9cf205acf8ed1cc12b57764445a911c0c1b2730155f2171a9273e4aee89c2a14d3f44c0cc826782b6c8a6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eb1849414e534d8c5d6813ed6d15616d

SHA1
063911575ad5362ccd257a6115763cce21992bce

SHA256
be43a866cd662cd4b601869e671c34d0a52d3af79e92665edf11f80d49fc94f8

SHA512
2e04fc4362bb05a52750602884e6d0613fb85c82fab6114f0378374d0a5067b5d3462bd00c66e509f7ff180184486a91fc0b22aa5013c51b67d50358a14804f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b1482e116f829602653d295889273f29

SHA1
da390ed7780775f14607becdbd02a21c339fead0

SHA256
379f820db654225970ae8a00b2a939f16b76046c40ca6fba7e586a1368c7c528

SHA512
dae780ed86dc14f18ac55237138cb7cb2a4b6fc502d33bf4a6fdeb821b18b7d768de76ba990a3833fb0e73c7651f004172612f5d67bbfcade9f774aff8132818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
92b7714255e1b564a0c4c05f03093b12

SHA1
67b6fabd586b383deeb4567330e25ad54cd90779

SHA256
5a1896407bd955c1b4efd8ed0b24117ff090f0915501d17146eb090793063dd5

SHA512
a13ab5161d2ee959d2f913b01c1310d582c6735448cbbba3b55f896c6f223d4c1569f51f57c2b882fd4d4f78e050b045e4cda6c380f1a2472207120ebeefd288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f2588cf108a7d0ad29d8d937a8be45e9

SHA1
edc3a6641a1118c42966cf9b1c5a992ab012746d

SHA256
23a7c9861a9f6aebda428f1726776c40dfb6542ffe757619833847afd42d02e0

SHA512
7a043a253cb4a5b14f4fd465ba35a924bfd7d3ffa01cc9e9ec391dcdebb95c1b57cfdb6481e822010c66597c7ad6422f919f3ce42db5213a41ef59458d718cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
300KB

MD5
e63b58521cb8781ea590a20c01cdbac8

SHA1
a2b4fd83811723dd144560e076cb21789f07476f

SHA256
12909dbf72782100286fc379deecf4e9f5ebfe370dc65c4dc58b1700157b042d

SHA512
6e68b829478a31668c0e93ac449ffe28e5030e3919ebc2b2379aac4f2ad5672c3067d0b649e14f76cb73ea343d83724f37d09406a925fcc1bfa2fde357425973

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFE7D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFEBE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
5KB

MD5
3e6bff01fe9247352250b4b501a6afc0

SHA1
89e58b20858b2bae051aff52f3375efd6c0758a5

SHA256
ef159c562541562b77086b0442b5b8137a7fabe1bbc315256eb3aca0110bd11c

SHA512
c78f77b0851139a83f273b8a61302bcc3cdc0faf98953d09e457f40a500382040716626b7a7ee0e1d1584a056c4621a5c32326cb91d60cd71f97c73545b109ed

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
74fea6301a401497a9cc08d99f23337e

SHA1
0d84373ddff65f5ab8f6ae964822d3f7861fce7f

SHA256
4d95b55b5bd134865b44566353093eff38cd70dc8f379d83b1f76c2d831e54ae

SHA512
dd8a9e11d23cd0445d1c9bfafd1210bc765fead2a948ae57dadd1325fc6196243cdb39c33e6ed82c85a17337e5152fa0b9fb7da8a6927c72a00361acd698b9ee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
34KB

MD5
5a3872dbfcfd71b59b30e68bd3c42e9c

SHA1
c2d57592568c605efc16139b7fb04a73ae72f806

SHA256
e94790088baa766854f78cb3986aa5c79de3884cebb8a7ecfcad7be1ab8d948b

SHA512
f29bc134e0b2d099d9221a705f426d882eadb3d11bb2e832a8241642e033cd4e21f928709cce072f17d30bbad0196ac4395600e9226678977d9d177da55feed2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
d8f49a5fb45d8f1587e36dceab66233e

SHA1
bc590e24e4f55bc863f165cf62764b317017b17c

SHA256
f28b3b964812c182e5987d67f054bfbf949ba469929303d9fec8590e286e7933

SHA512
aa7631012a023124799111e13db841757d2bbc6b540d4b537c0b9c343d526de7c2c3cbf7c9844d5c825f45794bd098b9dacf400aa61cdfdcccca0325860d6fa8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
802220b2f277300289298e6ed995cbbf

SHA1
1fbab683b07e96156dd25272d01b70084fe13523

SHA256
d50bef12a240c6e1716f3a7b7991cddfc72d4a5d0a95a008916d0b3f8dea9706

SHA512
0089ebad79c07526939de19833d79a8898996bd3e620f8b7c121901d87dd48bc0c76024c0b403e850c724ae4b0ace7799fbb752ed073589ec89ce60058bd6fe3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
701B

MD5
8d1add8ea069f466a6f0de1fe2abcd93

SHA1
21ea29504f62822f6caeccd87566cc9032a30e88

SHA256
aaadcbd3d78bf60e5d590c4df49ed42a286c260d398dc6a3a8db3a4534a9d9ba

SHA512
98f6c176ae08cc8536f14c764305c92b63a013a2cdc8a2a1cefc188760b2fda36d2bee8be1a16a38d0be4b10698e87fc950cada740dd5c27c3e2bda945e04660

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
758B

MD5
733a9c946d7e5aba7beada3b88fcf9b4

SHA1
ad1dcb9944f4c73498c911e1c5bf95b1f841eed7

SHA256
673b409005433299dc8c7d8a609f77ed1e606250e93769579fee35bc2e9892f5

SHA512
03d1c1a585c3a59d68bcada8c17fb9e90d6d8032a405fa0869ae330d74ac498ddf7b14fe8b1e6223c35702fe1ad03b7396729e4ef5521bfc9f6ba2c1cab2f336

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
b948aaf2107fd3666d70d8e9d5e87604

SHA1
33ce526ac9941af9016e591cf290b709a53ff415

SHA256
5f4c1d9497625243e48b823d16f27f1b141378658e7ede85926bc795a8b2cd09

SHA512
611aee2487b1056057d3c02585290b9187027762e7ca12fe831601daf97d6941a9e8eaef9fe70c3d4dc6396befda2595990200f372bf5c7e91c713282e16be50

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
dd23d94f3ccd6192a9763f8732bcd212

SHA1
f51a1087c4fef3011b256f27283ed5b7fdab8cb8

SHA256
b5858713555cde9ce644834e491b38736edd76e62289ccd9091c03762539c317

SHA512
5e51336a0912e6d1d5d87ad4f484e65ce11fe51717a6b06ac8b501396ab2cee2d34f6397109af2d11c186b027188ce68898ee2f0efc686148da35cf091c74569

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
1133883b8d8766a4c042d30bb0d749d6

SHA1
266bff990f258490c76afbd48ab243e1c8962a0e

SHA256
d2f79e26e048ef9dfecad8632ae88650efedcc92b2eee24d9d4237fe7dd978ad

SHA512
cabe0c0621ee16d9d6ba391ce1d4325aef6336878572338df927ad54fbe917106af017b595ae1a2a41b4b5cdfb4e314120613b8589eff0c88ffad4bc8edc1375

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
2f37f4097cdfc066652b3a711c304ebc

SHA1
c5fb498cf02923aae47767df750e8fa4cef248cd

SHA256
3ff0ecfe6e3e2e0825511068c4856c8fd236fd0b66e329f60f2496d3f5d9369c

SHA512
b2dddfc3f54c532bf9210533266e47fedc79b2118099b27b755f171bb112b23fcb743d39a43f888417cc03648a6498bb59add3cf270bd4e41831a1a3d92f761b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
32c3748dad0849683f6b06017a22c23a

SHA1
fd66cc6f99f96f10ebcfa7c299eba50a95a319ba

SHA256
80a02a5cc8143de8de56eafc73990a7eadee0f56dc310b9f4a180cbe12bf239c

SHA512
ffbec8148e47aa899196e35fc86d9a0be6ba934dee6070eb0c797dac7efd867f3fd629c7f5435ad7fbe30564008d95c24abd8638925510f7212bef7ee7443eb2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
11383d3185d55ad4dec071ca03ba43dd

SHA1
12caa973a1dbe6cb42a4cb3df55281cf62d5e300

SHA256
02dfd24562e46ee59fdd0971ac81a5582d0807e4231fab0017dbb149ae784827

SHA512
37c1dc38812c82dea978b5c10aa7de94e5b51a8f69e22675a7986a64d3dcedbf15a55be62b1dc8ed8aa7be18d9c8f965435f2ae78b5101ed69f1809871680644

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
159ada2be2386f5975dc5e3cc439ef64

SHA1
d541085b785a7f9ef3e3f87a0bfaaf0f75721e11

SHA256
fa6bd6e58185efddbf3af952bb3c42353f9c6899735610cb8b887f0e41d17b98

SHA512
f6c366463ec12f841589c7e4a9ae8c1564eb70b70f7e5577127045ec788b4d11276d6a93fa4b0553167c16141a2a71b253d47d765dc59228ffc6d3e3e386fe36

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4c2074d2dfaa0dcfca99cb1e3afe3982

SHA1
b557a5ed9f1ca5a7940988f62c5e0c4fb0017f3f

SHA256
b4c6ef09b55c5a4e164cae6d066be5884a54989777b5bd0b8cc62e90a0fc606d

SHA512
a6141426cce84c1c59bb9e1c8ba777dbb162e1baf6857fbb9749a8802b72bf20bedeaa19ce5b26c8c3bc6b584a539ea1ddd7827f891df33ffb3f61e08feb0c48

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
f5ea012481c269110b5364a5e4653615

SHA1
b740593c4dbbcc074b7d10620b3d37b7fda996e7

SHA256
00c089efc4170677c07106f5d2bfc49eb7326b1ebed4109e2ebc44203f3a17e7

SHA512
f439df09de876495e20702f4f5d950d4e930062508c986584f96907a364bcf5d4e686983b6bddb0251819caa54e5801dfbc655f9c2fcc5174f599f4867046303

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
ca7c8b6479e908f80fab16ea7de5eacc

SHA1
d3f2dbe693c5d261c386691bfc5e43a3bf4d0c4e

SHA256
366745128a42497e6b24e1a8bab1afbbe43406497b2658e3e8a9ead66e4555f3

SHA512
361523a967edc03228b8c1eb422aca6c4d9cbf89a04ad2013345c636f29d46a1c935833f7b72fc08aa828fd2d3dbff8bb5fc40091c28fb9868cf4ef352bb59dd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
13cb278e85bfc01617fb5f30c56a2a29

SHA1
e90fa576866a13fb9b3cbbfd4f97f9d8b22100e4

SHA256
463e7c10b5a7e862529cc47296d0143d49e1ff6407bce1bca57347c4cb914f09

SHA512
a2ab76756b540219f7d9dce13713d0dc5f081166616c6c246e82dc6f5b8144300506c224b839a3dc3cd62cdb9b5e09d17b15ca7ee63d306755e1c7cb22b2ba0a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
9fc82910f356e77cb04fbae093411553

SHA1
e411ad667dc045ab549305f4372eb552e84ffe1f

SHA256
b76cfcbbfa254565260e1524ef2747f7f41b5ed35b5175edb6bdbff8f66cd1d6

SHA512
84ae54bca847537515d57e2b6c732b50b8a1c40b89647040abee3c60600ad99c4f39a45dd1bf22433aac07ad1d3400c81ff5f0117500daad3327788759f3f99e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
8a620de8c69b3421cd245bc1e5f51bbd

SHA1
d96c249ff77d3cee27ace40dc6a1a2889fe8b01c

SHA256
a26b1cc87c89d0be2f35b997dad644ff9c74236ccdaa0e1ac3205ac57b12bad0

SHA512
3e67b474a7c1be7b164f677740191332b4e948dd9c478f5806164fb13e0d3fff4c96012396094470d56b180c2cddf4b8b5b70d2ac39f14c8d5abbefe3f33910d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
b38876aa8076f5342959cf6008e0e102

SHA1
08932d3e0bc8fa79f65e801f3a94af5d3b5046c5

SHA256
788d00512fd9150406d659fb5874b2b4e7bab5c2e62e16f838a765fb0aef58de

SHA512
ef82a5da5c698cbb644270d0942d1944c3e02236bb8f920d24cafa49909a0645342ceaa0c1a4266550e89574d62b68eb2c3a6738ecb333b241c270cad582797a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
cafb24cbf6a41a51a13b90d961ac6e3f

SHA1
201a8a6684bd7bd538d1fa262d3403a26756fb2f

SHA256
595d2036f4722feb7f605bb68707e02e23e9bbdc5baaeb32d7c1f9071ee597f1

SHA512
e6eb8aafbb71abe1a9716a8b6843d7c99df1110ca0365342c9403f117c67a9af66b50181bfed8d8a5d8228b41ad369397e0bb351cdde857183734213e2b3a4b0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
1ef96290017de0ef53fa13981232a409

SHA1
1912a484134f3932013fa6e4005ad6b7006a463c

SHA256
644c286852838a62d2012cd3e08232d69943ec55cd55aeb21add82b24254a520

SHA512
81671ccbe065592fdb446f06f02e316b30b7d0a98e366530ac25efd2163c2034d38cc84782fe30ff7064de881acad2d11d6d6ee0344258bcfcd084294ab0ee1b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
989b7b9831b20b60d5cb7df637fbb01f

SHA1
219c1ac88192686847808291d9dcf71c6484f0e2

SHA256
3673df75d91442c57efd2479a9d538802bfa79d08faa222b5185a7d7ed5617a6

SHA512
07f9e959b47cba539c8724194532440e4282eef78092c4e05bb7d7bb529677b25fd919eb71727339ec9613c8da5133c38f75d2485be65a8b0c0b0fa5eafc2b23

Download Submit
memory/288-2-0x00000000009C4000-0x0000000001BFA000-memory.dmp

Filesize
18.2MB

Download
memory/288-251-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/288-4-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/288-257-0x00000000009C4000-0x0000000001BFA000-memory.dmp

Filesize
18.2MB

Download
memory/288-657-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/288-0-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2068-634-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2068-605-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2068-10-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2068-252-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2068-585-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2284-688-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2284-594-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2284-669-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2284-614-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2284-537-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2284-632-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2508-606-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2508-12-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download
memory/2508-253-0x00000000009C0000-0x0000000002109000-memory.dmp

Filesize
23.3MB

Download