1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

Resubmissions

28-06-2024 19:19

240628-x1xvlazbrc 5

28-06-2024 19:11

240628-xv3hwssell 5

28-06-2024 19:10

240628-xvvs2szand 7

Analysis

max time kernel
1702s
max time network
1707s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
28-06-2024 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.1MB
MD5

aee6801792d67607f228be8cec8291f9
SHA1

bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512

09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
SSDEEP

98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 17 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe

Drops file in Windows directory 4 IoCs

Processes:

UserOOBEBroker.exe

description	ioc	process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

AnyDesk.exe

pid process

3864 AnyDesk.exe
3864 AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

AnyDesk.exeAnyDesk.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1672	AnyDesk.exe
1672	AnyDesk.exe
1672	AnyDesk.exe
1672	AnyDesk.exe
1672	AnyDesk.exe
1672	AnyDesk.exe
1672	AnyDesk.exe
1672	AnyDesk.exe
1672	AnyDesk.exe
1672	AnyDesk.exe
1652	AnyDesk.exe
1652	AnyDesk.exe
3364	msedge.exe
3364	msedge.exe
3380	msedge.exe
3380	msedge.exe
1196	msedge.exe
1196	msedge.exe
3872	msedge.exe
3872	msedge.exe
3584	identity_helper.exe
3584	identity_helper.exe
2264	msedge.exe
2264	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3380	msedge.exe
3380	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AnyDesk.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	1672	AnyDesk.exe
Token: 33	1936	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1936	AUDIODG.EXE
Token: SeDebugPrivilege	1672	AnyDesk.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

AnyDesk.exemsedge.exemsedge.exe

pid	process
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3864	AnyDesk.exe

Suspicious use of SendNotifyMessage 40 IoCs

Processes:

AnyDesk.exemsedge.exemsedge.exe

pid	process
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe
3864	AnyDesk.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AnyDesk.exeAnyDesk.exe

pid process

3544 AnyDesk.exe
3544 AnyDesk.exe
532 AnyDesk.exe
532 AnyDesk.exe

pid	process
3544	AnyDesk.exe
3544	AnyDesk.exe
532	AnyDesk.exe
532	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AnyDesk.exemsedge.exe

description	pid	process	target process
PID 1652 wrote to memory of 1672	1652	AnyDesk.exe	AnyDesk.exe
PID 1652 wrote to memory of 1672	1652	AnyDesk.exe	AnyDesk.exe
PID 1652 wrote to memory of 1672	1652	AnyDesk.exe	AnyDesk.exe
PID 1652 wrote to memory of 3864	1652	AnyDesk.exe	AnyDesk.exe
PID 1652 wrote to memory of 3864	1652	AnyDesk.exe	AnyDesk.exe
PID 1652 wrote to memory of 3864	1652	AnyDesk.exe	AnyDesk.exe
PID 3380 wrote to memory of 1420	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1420	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3048	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3364	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3364	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4256	3380	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1672
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - Suspicious use of SetWindowsHookEx
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - Suspicious use of SetWindowsHookEx
    PID:532
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3864

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:568

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:660

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:4292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://anydesl/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c4c33cb8,0x7ff8c4c33cc8,0x7ff8c4c33cd8
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,17509323948080251032,13412353589670687082,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,17509323948080251032,13412353589670687082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,17509323948080251032,13412353589670687082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17509323948080251032,13412353589670687082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,17509323948080251032,13412353589670687082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://anydesk/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c4c33cb8,0x7ff8c4c33cc8,0x7ff8c4c33cd8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3556 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,6972490436827230948,8464151910346405131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a74887034b3a720c50e557d5b1c790bf

SHA1
fb245478258648a65aa189b967590eef6fb167be

SHA256
f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250

SHA512
888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
64f055a833e60505264595e7edbf62f6

SHA1
dad32ce325006c1d094b7c07550aca28a8dac890

SHA256
7172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99

SHA512
86644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
95bdbc5dc4822a82bea7b5cea04f5d0f

SHA1
f433f87c50aa995150632159071abcb6278de446

SHA256
8449ed908a843b90b16cbd3632d8321fab7625c749b3cd6f70d56c36d36b0a82

SHA512
b6b20b8a7afe77537b4ad14153af756443bda432c17a5b811bbe10fde6edef1c7870763f655f78285af3dcc2af9fa2073c2c3c16d35b5d5fc68e6bd1672c1e22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa08a03d3970ab266ceae92505a792a5

SHA1
56c3560282031e6d40e3d5ee1153a51dfe9483dc

SHA256
d4b91d70d267763ee90ceddbd0c537b2229cd784c9dd8498b894f2c2c2cd4cf7

SHA512
e5d93fb1b1e2270fb87789f9cd81d66e393a5a32aa91d978f7ee1ffd51c9d7b2e38760b91df2c7c4b1b6c8909d09d5f72c15643994e7b0f68dade1f9ceee2baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c718dbb3c79931327b81e16df9915f5f

SHA1
31f486d202a5cc3dcaee9957128c8bf2aa2be008

SHA256
d23112ec6e9af1b25ab1dd271b77a7daf4eff5fa13cafd2c32ca5e0b4fd94224

SHA512
58a0cd34315e61215a0d8ac00c51c9a7548677aa5619516c61bca2dd98c8a07bd5988193dd144b671a57540cab177f892d0563026a5a892106dbc5d095a76c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
72c11a5c648ef7440ced98ad14c58771

SHA1
047efd977f161a4d31cf3302f906e793d761bec4

SHA256
614014a690661ec98eda7b8f015b2f37cc467ffdb8b42d97558ec7fe56a4b736

SHA512
58ba9a696c0940d30c04d6fdc1d63e2c0506fc5171f94bed118734815a77729bdbb9f291b0f7e6f1fb03b0878186109a0daab9d0520a110f80af1ab09bd81ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f7c35e4099e4d0e9d138f3ecaac599a

SHA1
a31fb6909d8d724c2bae5bcd277238595ed0f8c8

SHA256
5a527adacfeadb3a0c8f9b056fa45b087eedd3c8bb391139c7d64fb82adc46dd

SHA512
fdf195a27c99a659d6d8a37c03170136280a9588c9331485ba57c8d3365518ba1cd57e850b87a5316deda1550d6dce3263fe9d2412b471e4aa0ae1bf2248fa4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e0f049725d48d56a32a4eebf6e453d2c

SHA1
9872efae5ebe84d3598013f3e0e97785ec984068

SHA256
779cf3180e607d2c8276dd2b19b91140daca9280a6f2a3b739b505684dd0f337

SHA512
efa87211ccf1f5407f9f0ea270c0938280ca9b04e96286bb2ad26dd26f57974bf3d34dab3cf864474dc0f883bec3eee73f7b00429f6e80ace5b5724df0a019fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5e5d1add9037711f516847e69ae983a9

SHA1
caa6f41f1796a58ef526467f76b3bcff829cda66

SHA256
ae1a65dbb5ce1bfc37df37ab8e9bb06bf9d71429c57257320dd5f918d0eed511

SHA512
43ee01edcfc389ff63be17b478e837c0320a4a53e84b5a9ad7a1b1127b6a9475b6c7610369929dcccb88f1ea8347d3fd9a5c5dcef6c62471c7904007b20eb400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c7c20a821926d0b6b9ff74a17fd88cb

SHA1
ad2829b2697354c3684a33ac83cac1ddba0a580e

SHA256
3f44b5b0b58862a2a847db8b476782cd948286410af2225ef6e3a82676cc9ca2

SHA512
4625b0d9d1490d7608d4a82a1a1db686648f28c501e36d9faabfc16671758d76e734d6296b33e552e9230c186cc616741378aaaba913e07951a8095062a6cd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
358f609afd2a5cf31accf36d4ee24664

SHA1
457b0a5de7abc1bb7d9bda1188d42794b78055ea

SHA256
09fb59bd3114792d0957a476f6f609880173eee81dfc7c881319688d9c68db66

SHA512
6e7dc61a934a7565e10f96e3cff6096e6c1a70cc5e0c9a690a42744d54f4a31b80f18fe15930f0990ef6ee8be6e2bb893d19d3477e791ebf5cc5f2c171b0a64c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
3f5e50c6e45827b0488aa80d49053262

SHA1
bc362ef678db0125b3f3eee62eaf9787b8b024d6

SHA256
edbed466b716fc564e65123fa6e25122747632ea6523a09ab924123e8f0dfca7

SHA512
feb7738e7182fdbe31795b63212c5f8dbd6cd51e475d7d12da7e8377e4abea2b80725c778fc6b3c7e5d25374f8493da18cd34d7092bc49943174973397081d2e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
36KB

MD5
63d3bedbbe3444e9879270070d079697

SHA1
88ee2650680ba2ef53552044d8d7bc7c9d02bc5d

SHA256
35a87961cc639edb875729f196f53d870d212e2a8fd015ca456a3870a25cecd7

SHA512
10fc7d105fd4cd412a1d03863f1081b41c1136a36995ee78521095364cae0f61ed6e6eebb0ffb0f23743083b0e8d49bc237eed28901ee32f83b234630f91be44

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
70KB

MD5
a70eb244dbda443115ebbc72024723c6

SHA1
e96ac6d01fa8ede7872f0aa435e6ddb3a68d65e6

SHA256
2dcf8878cb74dc86b9bcaa4bba946e31e6904e0f3c23838e8a80742884a660d3

SHA512
71939d042faa7e1629374ebc307ac8bf4c3026b3763a0896b7e4b8a155cce2e7691b822a091409d8ac9a2fd5e66de9ac279241b3f9b5c448df4e2713c5076065

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
136KB

MD5
8417247ad14f47cda17c09dea07a29d6

SHA1
3cd84e1d85f28815110f7fd068a40c87242ec3a2

SHA256
6eb54e11c184a46e8d91e01a89f864d316b383739039d76c0080f8cbb64a6c28

SHA512
d2aaf86980e3955d6a1e65cd3a7faabbb212d1a4559f2b21f01b241f2e5bb32fb6dbb14dcd9142ad6e22078c1cba99be333dc06c5b961fc211b9426370428e4c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
d8d2fd3d998532b492fd7bd85448c7a5

SHA1
cef74aa33329bd913bb83663b6bf86c93c1d5e2b

SHA256
898a169b7195b6d9bf4bee59d2151e8e6776e148d43ac331160e8b4a262b0d2b

SHA512
7c146a062526078906924930aacd2e50ea7237e4832c28cdbaa871939b691cd2c03098cc9684b5dacd98c0bda26eb4fab7e76b7c0470b3291fee231f696b531f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
71f06c7ad87fe5ba2419ab4157e4b7e1

SHA1
ddfe519c99b9267492d10065f4f23c908a2ff0d0

SHA256
7fcc1a540f9398b7265ec7205ab94ce4975000da52b88164662f7f328ad6dc98

SHA512
8e9174f154a7af264cf6f49cb32d9f65cc693e45f230c941e1ef2b356a369081282e064e681471310d30612b76330892163990cb8262c3a10ad169f39224006b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
372d0fbecf4e2afdad06885dea54f0ce

SHA1
4fc726f4dc927e0445fa16201fda717352f52e07

SHA256
1ca3e8d0711e8f92aa8d7e2905f8e31b8829cb835a6d5bc2cd0f0024d98ac569

SHA512
734c0343b4d5e72822ced189eb43f7ad772108782c70a2b206dd5a835eec940121d3ae417e93d66a685f581598875632a320bdbc4ddc20bf78acd7d809b4e0b1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
701B

MD5
3ca593531ad932342fc8791ef4854e19

SHA1
61fc9b13cbcf1bbf595c73fd670075207cf41b42

SHA256
bd995370dd64e9b167b01fadb9f61b6506b2e6edd03893069218e00b3f145825

SHA512
1beaab872f75b9d5479ea8ddecdf1d84cf5f9faf1158d18539244406dda7b14a3ea117152794ec13e8107b64cb24218ccc1c48a5af0aeedab590e8529fbe31b9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
758B

MD5
dab26945785d2db237cd483477139117

SHA1
c0c05aa1b2db1e471b1a244cce6318d77feb7448

SHA256
ba94bfa6027f0916dde6b62f7e14f4384e9353721c8c15e01b47c17230797cb6

SHA512
e53df9d786f5d09c8f74fc46d1cb5050d5911a9134cfad16b3cab9cb6cc2c75698ea6343e3d9a1da2ff8158aec1f6d33056b39b4a7c7717daefea84d71ea0968

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
dd2de1b261f08f6fdf304cd841c1b0fa

SHA1
b283d05fea3e0f6e2d0c5402b0f725f249ad61fd

SHA256
8e68bd6d2030fbd9cb83b410dc53d540c478a0e1cc41ed5f8975cbb4c4bf54e3

SHA512
553f25dcf06d3c70a7112458592297e1f3acd0f7a3caa9b45249204fc9acf26b70b940e330af13cf3064f276d6961fb89011d6fcc6e1e0d460da1e9f317f0a9b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
671ab3973f04260cb4c1bbe652bdd2ea

SHA1
50f1f8d1dfa2719ebaa8b74924b9d4219b2c43e1

SHA256
2f42e077af81fd99de37eb61d132f5b850b6d9dda264c02e524626796f9fbce8

SHA512
873e5badb7126d3a0eacf76df4a0a3eb10081397b2d3dbcf480a7b0e31495a145b66ad2286a2493fab42d041cd5c4a0ac00b2b23ef1aac8289708f7783fdfa78

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
196a088ce1242601c5b6ce694583759f

SHA1
41fea598f3961dadce06f43dea05a85439794a16

SHA256
4206cf37dca1e008a13749c364c1f92da1fabd50d737e0f11c6604cbcd87ed4b

SHA512
eb8205c8d4a9e33b012c58a1fe6808a8d02ebc2779fc0f9cd34b06157c2a40804527ad011f8157f7ec6992824df596c41ef8c191e75e966b57bdac33f6050084

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
7fffa4fef58c0395daf246cf1e8e837a

SHA1
3572dd1d997df7381def1d5972a2aa84e595ca1a

SHA256
d570686724238742601b1664463fcec64e56acfffaf5201c9b7d4aa7ecc07c4a

SHA512
953948ed48035127462a23f79b7d1c648ec35b386ba37deb145d51d4e816d94ed36a6fcdceaa45be16e38e07a00441f2d6a2e313e343c869a93feca1aa78fd7c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
88400672ab811a268448e58eb9a56703

SHA1
01b33238099588902471db84d7666f3a16002848

SHA256
bd94f8d30837bcbe64030f2186dea29e8d45373bad4422bbaa26629350f738cf

SHA512
c42275c8fe91febd3fdf019e39e6ab9f3fb775afe9e1dd9cf363bff65653cea7b520410987d2f403597e26cd5fd6d6a3e12256552673902a3cdc6b294b1d2e59

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4ba504d0918d42c5244585b551028117

SHA1
c9a661762b5bea99d6ce2e78c2429efebace0d2f

SHA256
1bbe699e9047e0e1b3e71a8cc6f5266cb6fb5fce9f00e882bc058c4ded3cf7b5

SHA512
19a46ada76bd6855e40caa4d1877606834dcff8ca59f5b231a2deab250d4100a9e4328febee15530918045585ce21fb08bc5ef442959dee21266c648d37bc9f3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
897683ed6284ba98e9d45365ae7bded8

SHA1
8f1043d274b9cb029b7c56fb2c8931ea2459458a

SHA256
1b21ee73adf3e9f3f4b1f61708b1603a74fc61e94bc947e201959c941f988590

SHA512
69208f36580ba6c9839cf46ac8053a67f6c5211cffdf5dde46710052a6f1ee08a19939deed2f606aff737a162cfa8ec3ea6db1383272eecbc15463465981e161

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
14f6550932d7d582c8e03f36cbf1c288

SHA1
6a98c443bde10dcb1ae4dede8535c6ee0470d8b7

SHA256
e22908c64fae99ef6251bf74684b4e72b0b49bdb0fd505b3ffb0711ea8ec070b

SHA512
bfb1432626a5b0237607ca90bd41499a0f0aef7932eb415a686245391ec331fd4f454cc8ad36924a6dc8403ed7d9a29218b59895ec5924b6a3861c340c2a71ae

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
3854e03ab686ebf49effe291531038a8

SHA1
8e0461cd00e19975a87ec48dd0ca2cd2df11581c

SHA256
b50d1e4947935ae56de254aab8527d110beaf08bf3b6ad821ce309171f254440

SHA512
76d43ec5c7fe23b550ab61398c68e6a4f640d92d54852a49cc5260b09e1cf8749b149de391b4d098ec0252678e84f52a0bb47bef9544c04f1658c80ed12c925c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
d1a2ee3d58c08cb9980a3e4d780f8cde

SHA1
4222dae9e6738673648d03b1444466cf857d4299

SHA256
a914fc475e7043af130f4fbe9f85414aaa057a4c2c92ab11c7b09ad311e17ee1

SHA512
becffffd15c2ec35773f5865f41a4352e1ed5c668099aaedd650901e2207872ce85df0c91601ff044b6442714f5d489ebdd3322099774187a2659878f902ecd0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
7615744506fafaa2726d316a3780f6cb

SHA1
77845abee867427eed68eb39bec565df7829009f

SHA256
03c47dc7cdac76822a3d1d8c2ed905b1cfad80e19287689708fc22b715def884

SHA512
481f9815c6a938a652e9ee14f43e980804e97a4d51b2567576a71abd6e06b960dd4c68f3fa1b175d2760efee4947d44a0a587371404c37df2b898619b956c6d7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
48042244a5fd62a5f5b56bed9b3a700b

SHA1
361fb562b3b020ef3a2519a3074a136c75a394b2

SHA256
754581f08acd44ee36b806880938d4e9b3062d0990ebd1b36ebae12049ecf008

SHA512
df4f6871d713df503484896b110982ad1f7d1a00d18f94bd7175a0fb1a79bca807d1d2e66c9da7c9ad611813a65a8dc73444d409fcad3b7b206ae004b42c548c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
99d77ee0fca4cf7e0c7425cffbaae046

SHA1
16877357524a423a578f317558d18e3b489994de

SHA256
7c1f69cf10eb325d36731ae47afdaf78218f8d2cfcfb0c2ad8726bf31b227c93

SHA512
4c792c4953036ad1a13609f7d72ad7c5439972209147e1c048d198e0d59b864e8e04c3a0a692730957d7d285e8c324fb7acc2bc35009d4543913cd4ecbc08a3c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
b64bd6b0acbf5743a4555547a0ef53fc

SHA1
18f3a84e9eaf200cb230f8f2df7a3de8f80a84f4

SHA256
3f31619af10651836fb6d571f885529b6004945d9ee70509d680be9bc885aa61

SHA512
fbbadf58d1157eb5865f5848f15cc22b6f2b75bd5ba153f03658adcafa720109d224d0e8e2c924286e538e5a856703810cbe32b8d5b6d0ab7263992426083562

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
9e87b40df2d1bbf042c81e6ed5ce2502

SHA1
cc4fac216912038548aec7b31ec7ec4d6c0ec441

SHA256
e291cec69ae10bb6e2dda273065a53efb375f760c954219769898cc1ded15381

SHA512
2bb4cdadc9ce1fd8e87446785cb27fb50c6a0944c35984aa288c2d5a57121e2184228383df1e534062f003950e7892e4a2f1081ab4e5d33ce6e11835ac027e98

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
b0c8a91a3b5adc730658670f03d18641

SHA1
a101f05a8b62ed0755ddb6d6f1902a955118ca86

SHA256
9fa689e37177669490319eab4a314c584de07db9394294abe8fd47ca046bbf98

SHA512
df7350f3c17bcfdab229fcf5d768b2287ef2d78cbea03e143711b90fea67fe84c24011913295d4ccbed37734659ca8dbe7a0ff800224fb2a650732cc004510d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
9818448529d74c99fdb119ac940a702b

SHA1
72322866092734a848320e1805af0869481fbd29

SHA256
07ed6f1c73a79f92980a5284f95b05937f6028974765ff25feeaf1d1a9759777

SHA512
3918ded87d3cb99fafc3acc2b68db8c37ec962ce0275bb80c2ebd498f19a7a5a1d69147801521a04f12384ffade0b5fcfccb359ad6ce7f9bef4ef8e55c5ad3f4

Download Submit
C:\Users\Admin\Desktop\AddDeny.hta

Filesize
338KB

MD5
ea1b1e1237acda3c2e83994faba1950d

SHA1
2b8c8bdbfb4d211a52879ce88adb35f07ffccde9

SHA256
ca95bd6f6ea88bdffb2e62836e7e124f630acbd969c39e05abfdef991b501113

SHA512
97d37beda34026434e4922899823c7f69aa32c3c54414caffd04497bc16b0d95cbf65397562cf31e418b980295eb2f84472a6c40638734809897ded370eff33e

Download Submit
C:\Users\Admin\Desktop\ClearSplit.eprtx

Filesize
365KB

MD5
1b22c2e194e32992e073a29f33ba667c

SHA1
251a128e109804d5253f992dcd41d8a74d86c7f7

SHA256
79041841a665e7d938ca45d76e7a356497fef81d414cc2b5eff44fd7aaa1f1b7

SHA512
c5c8b05c52f1a2727c20e9ba367b31e8d30c4858c82e27df24ed37f669dea62191717db123c9fae5a4290d60e3384cbbbb792e13746bc0942d9a5acb1602cc8e

Download Submit
C:\Users\Admin\Desktop\CloseGroup.wmf

Filesize
310KB

MD5
22392bb4f52e7059b5eed6fec656262e

SHA1
235dc6b03922278e7a2c2c7fdc293ac5432e2eec

SHA256
6304348ba43f12b0fad62280837981cd11e6fc0358829444e2c6e6a8bcfa315d

SHA512
00dea4fd3c5b377186aafbde6cfc84c696de5fe7eacddeb8f8fffbf3f89876695225326e3cf190039a39412f3c0cd1fdf00277959b0e1efe07af93c51ec71293

Download Submit
C:\Users\Admin\Desktop\CloseSuspend.wmf

Filesize
246KB

MD5
a2e5f21088ffca7bdbdc7955eb46236e

SHA1
2019838700f95d997f3f0d465f4710c49ad9e3e1

SHA256
2ee11b1439f3569bba48ec4713d1de155afb41e7476da26099d4362f56487926

SHA512
2d1fc39168a6de77a3a01ce475bd1bcfe703e86800ccdd7427422718b77b3eb1f6a8c0a17d3f8e7aa45467d14a33c032048ae5259f92dfff294200c8fe4977fa

Download Submit
C:\Users\Admin\Desktop\CloseSync.rar

Filesize
182KB

MD5
94fc5acee39e7f6c33d35293dc1f0435

SHA1
0c7a002af8cccbe31cf2e7ca099475ca7c79513d

SHA256
5647eb868086243b20b7a8d6813c3571bb7ee2c9140d43b8539ec3c1410a2bfd

SHA512
1bcd2f9b11869396e7b62e94caf0a6886bec4c8924719af322a36f5e20a54705a817caf785e1a72a3a7e79d2a5447b83c125dc5e7735743c0a800c09ca6f0bd3

Download Submit
C:\Users\Admin\Desktop\CompareAdd.wmf

Filesize
329KB

MD5
9d566d2d30a8cabded965a6bcfa48fb1

SHA1
0dd6f09a35fde20aff83895d517e725e0eecacbf

SHA256
c00df076cb0f32ab38f9cee6345cdbb3f7dc031547f14a852b481994d69a57ef

SHA512
d0e4804b28325f41f6f7966b52f725138b51804d21d1769f5c1b51018f7acb34cc6285f7a2a690cf6c7a278a317a92c86b7aea940bf735f0ff5353cf3f74b554

Download Submit
C:\Users\Admin\Desktop\CopyUnblock.dotm

Filesize
173KB

MD5
6c04a737e34f1012cdde3f48ec963ee7

SHA1
fcfe17a315e7c4f47eb633b99b46cde0ff70ab18

SHA256
f8cee2b3524139cbd649cebad04dfd05b47ae2a6275792457e69317e1931aea8

SHA512
a93119977b1c21c24466605d8439e635867eac8a6ca63954c6719415a61ccf3299ffa54113a09355ad87bc8d065ec6fba653aa18dae692903a8fcf4d82ae266c

Download Submit
C:\Users\Admin\Desktop\DisconnectUnblock.potx

Filesize
255KB

MD5
e6208106571ef0b33d9c67a54a8b5fda

SHA1
892835714d3eb029801146e32c3aa46ea650a848

SHA256
bea5d78a9933f5da97d929d9a5192ca1db6b8e5b925b29adb1415cba5e0894a5

SHA512
e24641a38e8d3ee0caabfe16c2907e5efc94a0d76671ffd966d7e55ab5d55e52b61b6953049fdcb6526b66417ceb738131bdc11762a79d3e6282a92f1b2af742

Download Submit
C:\Users\Admin\Desktop\ExpandSave.au

Filesize
155KB

MD5
f514a7052f6fcc0f40b395e4b19fde2f

SHA1
874533517ec8e0abf0fe64351c9d7df25d550f9c

SHA256
12b6c4a22f9413fb46ffd45448c1d669e966b09f56c0c3d815c4adb7b32e4b76

SHA512
5a4c05be24fb177f09ceffe4dd6491957dbef937af74e525dcc0709513873fa4e91cf86ec6daf74520d64d9316c3e3a0db74b2a029def4fc0485d49de970fc8d

Download Submit
C:\Users\Admin\Desktop\GetReset.kix

Filesize
219KB

MD5
b3c76058a1cc840ab658a3b843c03362

SHA1
28723caa243f6a22ed2a570f9571d548ec725c1a

SHA256
264104fe4b72c9add949ce949765013d67891a67f8ff7ec426fb24d6d2dc4106

SHA512
7dc923f4d5d61b998f3b10108f16500a2738f760dcca997ea2a19f1ef27a915ecaca371506dd529b403731b455a88718b318ceaffa01e48a6945d1936956def8

Download Submit
C:\Users\Admin\Desktop\GroupReceive.au

Filesize
137KB

MD5
df0e7182ef8ac5dfbfaa2ad872a61cc7

SHA1
bc5168c2d271819c7d6dcae42f3866368ad9a9f7

SHA256
3145e6262f526227ac258c17902625ba91b8ce394d92cf3b0677b44766f0574c

SHA512
94b1a341bdcf50da68fffc424728601f5c2c2e8545e24d25bb90f1ab116d6d2590788460c42eba1e3d4640c35bd0dfe2af91b6fa3f917f884bb4c604226307b8

Download Submit
C:\Users\Admin\Desktop\InvokeNew.mhtml

Filesize
319KB

MD5
cdf004a58547cf4db138502d0ad20ddc

SHA1
d5cff9ed94d72e316f372e47f3b86d9e2778bb75

SHA256
c636fdb464a02a531e85816a00edf23901e73255cbf52328e6a12a238b11672f

SHA512
b37c09850952950917f16ce1ab4cb0144b1544b8a1644ee937d5be9d8b19894d6cd6020f9f42fab56033fb392cc1c645882b38b56ab85fe71a0c2657c040a83c

Download Submit
C:\Users\Admin\Desktop\MergeRead.otf

Filesize
228KB

MD5
b94921fcea4a431b5e50b81601b56b7c

SHA1
b9d5211527c70297279c2b3582887db0ad1c4fda

SHA256
085d1919fc667106029346cb84dc75992c1efdbfa5a4570c1cd7cf5dfd403b42

SHA512
d63b96104db83dd15bf2c35bd5443592b9867a0049e2eebf55d131973543331dfa3beaaa4141df73dbbe965dd0cde9ed3ed0977dec075d5908d44d2177f64333

Download Submit
C:\Users\Admin\Desktop\OpenClose.mp2v

Filesize
201KB

MD5
e6bb779a6b25c583b78c3b00ce6a932c

SHA1
210008c8af0f452fcb8f1bfb5df74c3772665843

SHA256
6b1d8aa30cbb5e734b8da931f8c4822777333f1b046884cc9fa1a49efbc2b1e0

SHA512
526eb40c9bded69ace46737499c4e759a8cd78ef7afa8672f814e771ee43505635805b73aff2871ca01e1190d08893a198ae2a6c26f0cf9ea82aea9e48ea86f6

Download Submit
C:\Users\Admin\Desktop\OpenRevoke.vstx

Filesize
274KB

MD5
74edc0d7860e5f3d32d8bac2f86b289a

SHA1
c9a82c316f9bfb7446426b2a76dfbfd68111413d

SHA256
7264109b32724c9c75d93cbd9148f04db18574f9d132c655acf0531015652b4b

SHA512
4ebc20d6a169a05c44b2242d85c1548cf0a3994fef35c83326793d12a2d394751c72b8a45cb14b8b039c4ff99b8965de71344f147db65bd21fb1d4875729488f

Download Submit
C:\Users\Admin\Desktop\OptimizeMeasure.i64

Filesize
283KB

MD5
21db61eae4b62aab29fa6961efeacc6d

SHA1
bc61cf7d53270383dddabf4ee6035b32b9d7d8f4

SHA256
ca9f4705de4b2739e3c866a76a247c2ba94f20d75b1e551fd40c239143d7146d

SHA512
8ed8e5e14b41dddf563d503fcc1b23fda5e1a7e59c2ae5003461669fcea7ea7492d85be94525d45f9f5d16968989574aa82129d903f18bd2699bd194fdbe4843

Download Submit
C:\Users\Admin\Desktop\RepairUninstall.vdx

Filesize
237KB

MD5
afc7f6b4de4f04955a89c863e80c3a79

SHA1
e8bdbeed4210c517811620410b3bdc1a663c519a

SHA256
4f3e2081aa45aa5b7f29ca77efc3a8e61786461e8d957cec74af841be449b098

SHA512
79c9234995969b6a563699ad6c78049e0c6fd26784b8b9ba5bec2b119b5472638acb2b56ff4019ae7e40560629679ee194933411708cddef54af8a02a8bc7b75

Download Submit
C:\Users\Admin\Desktop\ResumeClose.wvx

Filesize
356KB

MD5
bf7fe9b654e5fca44b1ea47b39a5d97d

SHA1
2986183ad28b88abceac837414d86f0f23099b6b

SHA256
11a8f66af906672900026693aa978dc1954e1a1fca1cb3b7f9c10b162b6293c4

SHA512
430d1bd38d7a103692269b096c96e0cf35093c426dac366f928d26fe39ae26ac2593ccbd6a32ee4c6924c805c8d236db76da02180b6a79e2cd4382917945294f

Download Submit
C:\Users\Admin\Desktop\RevokeSplit.m1v

Filesize
301KB

MD5
65ed1155545cd8684397bbf5cd2ce6dd

SHA1
3035b782ad244b0a0702d493f12ad585fbcdad77

SHA256
d100cd314a9a403dbacc065f99318ae72e151af2ef52e9758bb74ff96a2fe3de

SHA512
cae023937b88b85f4cd9babc669cc52f13ab0d909a2fa22e0f2cbe7cdc11d67e1f5de0b23d2bc46cb91303a7b15c39c9eb836366dc057914641d7019a93dddb6

Download Submit
C:\Users\Admin\Desktop\SyncCompress.mid

Filesize
164KB

MD5
8ee541fe11a54f56b4f2ef3c2a7b9834

SHA1
a5187b9c71a171b695b543f54e910a3c91df16f8

SHA256
823821b06459c8dd0473738c57d198b669d5308877989fb12c5a1bfd033095cd

SHA512
d9eb41590339ad4d9ed1a0d775520298ed05bc23a06a545608fe876ef290d812bb2c0d96d06c10fd316d11453ad3a3694aa5106669b801695299e0c6a4c3e945

Download Submit
C:\Users\Admin\Desktop\SyncReset.vsdx

Filesize
191KB

MD5
f2f023d2dcd0d20f6124ef6a31bd36ef

SHA1
560cabf0315571fa3e66217c93df2b8aeebae565

SHA256
6595f8606c2dce4fed9911b7005a81658d5a075f55fffe175432c97286886141

SHA512
5ad33fa03a8ad9f8109c748b12c14fbf0e4f04398dc16a147d63f23a4a30dfa31b0a0194db7d149ed437fcd29c9f482064ab007e7ba61260f3c6188d18db6643

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

Filesize
1024KB

MD5
c0a8d8fb18ba3599470ac07e9d4c21da

SHA1
2f2224b6cc6a91d2fa459341bcc56939d9aaa964

SHA256
9c779ba622e829246d42aad03d6d5eeb4763d87669009d4910b2a0bb75f1abe4

SHA512
81d1d7b3d1b8faa18d1e735c2ddce71141bab23862bef1649dda90b6d67afc705306a13b352b578f1a30b22522a60524c3382b9a86503c981b6f58c88050388b

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
7KB

MD5
14bda2f1ac3ff6639c3c240fbfca881a

SHA1
5850f40a49e51fccfd4c45fc251b6e76d1d91d44

SHA256
13530fe3ccbf7c3e7e3f57932e2d86174041250362f350f87f9ebcc1a8a16eeb

SHA512
f2ccbb9706ae08e591c2dbd21c5c5bd289ca3772be1dc7bf970bac6fc31dd5aa283d66425cd1ce04d01a80ac9f50e1315f0700878fd35387bc97dd791c9b7993

Download Submit
memory/532-316-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/532-333-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/532-379-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/532-415-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1652-7-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1652-16-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1652-236-0x0000000000B04000-0x0000000001D3A000-memory.dmp

Filesize
18.2MB

Download
memory/1652-378-0x0000000000B04000-0x0000000001D3A000-memory.dmp

Filesize
18.2MB

Download
memory/1652-377-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1652-2-0x0000000000B04000-0x0000000001D3A000-memory.dmp

Filesize
18.2MB

Download
memory/1652-336-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1652-0-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1652-233-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-244-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-272-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-404-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-407-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-19-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-416-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-234-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-337-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-254-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-326-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-265-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/1672-401-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/3544-274-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/3544-315-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/3544-256-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/3544-246-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/3864-273-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/3864-327-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/3864-235-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/3864-417-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/3864-18-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download
memory/3864-338-0x0000000000B00000-0x0000000002249000-memory.dmp

Filesize
23.3MB

Download