Analysis Overview
SHA256
1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
Threat Level: Likely malicious
The file AnyDesk.exe was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Downloads MZ/PE file
Drops file in System32 directory
Executes dropped EXE
Drops file in Windows directory
Loads dropped DLL
Enumerates physical storage devices
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious behavior: AddClipboardFormatListener
Enumerates system info in registry
NTFS ADS
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-29 10:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-29 10:54
Reported
2024-06-29 11:40
Platform
win11-20240611-en
Max time kernel
2700s
Max time network
2695s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File created | C:\Windows\System32\SettingsEnvironment.Desktop.dll.BAK | C:\Users\Admin\Downloads\sunlock11.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\System32\SettingsEnvironment.Desktop.dll.BAK | C:\Users\Admin\Downloads\sunlock11.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| File opened for modification | C:\Windows\System32\SettingsEnvironment.Desktop.dll | C:\Users\Admin\Downloads\sunlock11.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\sunlock11.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641321709111924" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\localhost\ = "0" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\localhost | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\localhost\NumberOfSubdomains = "0" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\localhost | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\localhost\NumberOfSubdomains = "1" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\localhost\NumberOfSubdomains = "0" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\localhost\ = "0" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\setpm.bat:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\sunlock11.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\ViVeTool-v0.3.3.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\AppSwitcherBar-master.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004EC
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffe17d2ab58,0x7ffe17d2ab68,0x7ffe17d2ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4788 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3200 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4128 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3280 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2884 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\setpm.bat"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\SettingsEnvironment.Desktop.dll /a
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\SettingsEnvironment.Desktop.dll /grant Administrators:F
C:\Users\Admin\Downloads\sunlock11.exe
"C:\Users\Admin\Downloads\sunlock11.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:2
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3888 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1500 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vive/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe15a43cb8,0x7ffe15a43cc8,0x7ffe15a43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,222477786898475147,6554492753928684945,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,222477786898475147,6554492753928684945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,222477786898475147,6554492753928684945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,222477786898475147,6554492753928684945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,222477786898475147,6554492753928684945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,222477786898475147,6554492753928684945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1892 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1768 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5160 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4156 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_ViVeTool-v0.3.3.zip\ViVeTool.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_ViVeTool-v0.3.3.zip\ViVeTool.exe"
C:\Windows\system32\cmd.exe
cmd.exe
C:\Windows\system32\ViVeTool.exe
vivetool /enable /id: 39072097 /variant:x
C:\Windows\system32\ViVeTool.exe
vivetool /enable /id: 40887771
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5360 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5512 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5680 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5772 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 --field-trial-handle=1924,i,3249151075679287390,18305839396650241424,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | boot.net.anydesk.com | udp |
| FR | 37.59.29.33:443 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | 33.29.59.37.in-addr.arpa | udp |
| GB | 57.128.141.164:443 | relay-d4aa0625.net.anydesk.com | tcp |
| IQ | 5.62.132.74:49374 | tcp | |
| IQ | 5.62.132.74:7070 | tcp | |
| IQ | 5.62.132.74:7070 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| IE | 52.111.236.22:443 | tcp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 184.28.176.104:443 | tcp | |
| US | 20.189.173.1:443 | browser.pipe.aria.microsoft.com | tcp |
| BE | 2.17.107.115:443 | r.bing.com | tcp |
| BE | 2.17.107.115:443 | r.bing.com | tcp |
| BE | 2.17.107.115:443 | r.bing.com | tcp |
| BE | 2.17.107.115:443 | r.bing.com | tcp |
| BE | 2.17.107.115:443 | r.bing.com | tcp |
| BE | 2.17.107.115:443 | r.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 2.17.107.99:443 | www.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 2.17.107.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 2.17.107.99:443 | www.bing.com | tcp |
| BE | 2.17.107.99:443 | www.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 88.221.83.217:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 217.83.221.88.in-addr.arpa | udp |
| US | 13.107.246.64:443 | inputsuggestions.msdxcdn.microsoft.com | tcp |
| US | 13.107.246.64:443 | inputsuggestions.msdxcdn.microsoft.com | tcp |
| US | 13.107.246.64:443 | inputsuggestions.msdxcdn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:86 | tcp | |
| US | 13.107.246.64:443 | inputsuggestions.msdxcdn.microsoft.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| BE | 88.221.83.217:443 | www.bing.com | tcp |
| GB | 184.28.176.104:443 | tcp | |
| GB | 184.28.176.104:443 | tcp | |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8acd52b100a62273a40d1627d2e8864e.azr.footprintdns.com | udp |
| PL | 20.215.216.50:443 | 8acd52b100a62273a40d1627d2e8864e.azr.footprintdns.com | tcp |
| US | 20.189.173.1:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 254.18.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| FR | 152.199.21.118:443 | static-ecst.licdn.com | tcp |
| US | 8.8.8.8:53 | 50.216.215.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| BE | 2.17.107.115:443 | r.bing.com | tcp |
| US | 13.107.246.64:443 | inputsuggestions.msdxcdn.microsoft.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 184.28.176.104:443 | tcp | |
| GB | 184.28.176.104:443 | tcp | |
| US | 20.189.173.1:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | repository-images.githubusercontent.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 142.250.69.3:443 | beacons.gvt2.com | tcp |
| US | 142.250.69.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gvt2.com | udp |
| QA | 34.124.82.99:443 | beacons2.gvt2.com | tcp |
| QA | 34.124.82.99:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 99.82.124.34.in-addr.arpa | udp |
Files
memory/2432-2-0x0000000000EE4000-0x000000000211A000-memory.dmp
memory/2432-0-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/2432-9-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/3672-10-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | e16d1c717292135410c169284ed8550e |
| SHA1 | 88d405ad68329be1fe6939bf70e684a71d073f24 |
| SHA256 | e1f2209932c491be6249a6acf6a8e5218962ae64feacb168859bb98578e814fa |
| SHA512 | 74068e8f3a114974dd3ee2c43c89aeae5a024461181781da0747cf1b1494e2f9865fd4bebf74ca6ece97d4574d1b34973dd920a0e3aae4d2fa6d2cc17991465b |
memory/3344-12-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | b97a2c8753c050a314602eae763e83e7 |
| SHA1 | e1b74770807d9d55cb797026bf51922e4664edec |
| SHA256 | 651b30a5c23d80541d1e9e435295e30acc452a5508a7f5b9b2b8ee79e140b28f |
| SHA512 | c9baf21919ea868e06c82433f8fa77e55500e30e037f2a681d7e6dff2eef2374ea30cb3ced0e3ca417f97f1d82a053f77c32137b575a91c539d9db63fda998a8 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 10399f03525bb12263228c08ebc4dcd1 |
| SHA1 | 1a54a061111da40a52058ce9410291bed17de58c |
| SHA256 | 042d14dc80e41d47f2ba46979715ac057c425f32252e46a8927b5bbe2843bf38 |
| SHA512 | fe6619745ae4ed0d8f4f14cd27e000dea8aa70247712b629c9eaa9619688b35ef1677259aa27a1864252dc6adbe53c2fd7307a0b3fea10683f7b80592294eeac |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 39d432a126af5210e952dc4c95dfcc2b |
| SHA1 | c0f79e051f9037226b0afb266f4a2c8580d15bd7 |
| SHA256 | 33d7f1854a7bf05316a42b6eb2b98e2a8ca86d707f225193af479fa483983397 |
| SHA512 | a9dd3a53cff880d66ea7835acd52c93ff0b9bf44aada1e2695e6c55551ad9dee777ec09e8b46fd95eb3cce39ca53781e97e8d4255fd182d75d519646fb1a1d60 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 0c04ad1083dc5c7c45e3ee2cd344ae38 |
| SHA1 | f1cf190f8ca93000e56d49732e9e827e2554c46f |
| SHA256 | 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0 |
| SHA512 | 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 4379f758d8d4647efec5e0b92fd15d34 |
| SHA1 | b80d47177c33de21ad4adfe01e390e64c5edc547 |
| SHA256 | 561d68c5687cedf27922419df0940fcd238b4de22bfdcb7d17528c8e03eb8fd0 |
| SHA512 | 4261f5f107dbef2e8f06ebbe3c4fe6158886089589d63ce5c816b9e4b229f3f88e44cae36e82fc37ce7c892bf2ea8c3f25fa1edb9fd1deef66040755c7a9cc1b |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 6092dd0a048c3827cd91dd68e731159c |
| SHA1 | 7e559c0659775c4ebfd323568b88b1cb16e5becc |
| SHA256 | c595d7acae601452f53c86b4c9b90035768fe9aebbf889db42f9ba44a1856fa9 |
| SHA512 | 47d7bac45cdc9dbff24a1b1f20ee0325a9fb932a64ee96750731193742c80313407cbf1934706519c25f6a97e2061fd4d691593bb626f9f182bb40c4b5424985 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 8d01b85d2f2362de35c2dfed0d0ecf04 |
| SHA1 | 866d77f4b0c8af15122a4325e4d42f0c0b98639e |
| SHA256 | 414893f915f774d08d34992887c7ae96fc3b489ca3451ddfe1e439b87488574d |
| SHA512 | c94660662f5818fd5cb8a50c459db95d93d64007e1b2e0a92af3898a3ee3a9e71271672c08a7176072f52f730c183f91cd7e7a32947c67263c11b9cb4cd2fc2f |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 130785942567eb13b8e6287af8d2324d |
| SHA1 | 65a4095241cfdbb78beacf2e4ddbea514d57eee4 |
| SHA256 | 01a0a024f7e5b0bfefbbd6f96eb792bfe044b2469530126cbe88a701567c9540 |
| SHA512 | d8842ce1f3fafe33fac131633a9a8ca23d2e69b9535df19e1a0546b197a1e80c7b1a370adf758eb21c71382ff692be4b54872df9ab6bc4f410af9da1bd0a3f7b |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | a081b64c59be2a62d4c36df9ce914b56 |
| SHA1 | 51a80902f00dc421d7125a82f5f5f8db28b42ec2 |
| SHA256 | 94bce0de2f77abbe58162b7375323a5c710916ed4dcaaa527a63af5ef9408e26 |
| SHA512 | 706f6994822aa63997a28f1e87cab990e6232924369be658a2df29dfa4d09c9b428014b1e32d44948209e131aceed04d0b9eebfbf25261c01185660d961f8279 |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | f0b21237eb4e84c0b9562bcaed1b859b |
| SHA1 | 844bc72f023f1ec46264875e886a867178d207db |
| SHA256 | 5d4805b193c537dffcd1b2d65aec8e2de7d1ed593fda4e026b56e0fcea51b208 |
| SHA512 | ac3c313de5c56ae19c9fdb154df5ab045f076fd967fe691d85f64883f61894fa744fc0462f0c24c5c6a1c6f98a694d78bfb87792b4201c1ebe0b445b7815071b |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | c24cbb36efa0fc84d774eec7a6d86147 |
| SHA1 | 26307c319b88afe160b593c08c6ed767cf024e84 |
| SHA256 | 5b1ded3d2b863783df6f4f6768e6a0631340f9dc251705835ea14cf9c8d81640 |
| SHA512 | 79c723b9192b9e61c7b4002ad5252c1ebb63e8baf72a53c4ae7498c990d84ebc1e0e384471986c115cafa395aa67b9a202afd2e3993dde70993119bb6d08b259 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 852610524f6651e07bba7fb2c5e0ae65 |
| SHA1 | f7757552b6a1be2f1506546518cf083054400a45 |
| SHA256 | 0ffbcde8197a7b9ae3efb7cef04a4263d38b252ae0012e9fd116a00183436d7d |
| SHA512 | 00816f9b994f7cd4b8483e2d4363c0d15be13766d3a43634d37935e82b05bb0b77ba6341c581ecb1ad7e19c1d93a136304936d16f516f9ff86e4323437ada48f |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | f3289e63f94a3047def9caea44f7d94c |
| SHA1 | 00ec0dc8b6c2c396b6bd13203e2306855edbef6b |
| SHA256 | b2f7a28ff24f5f5c466c2dc30debaf1e7e1fb99278971cd61625adf0f238f0d9 |
| SHA512 | ca4455647b4c97a0f03674e6900e353ab76f9fe4627af473fcc824ce2a7e47055ff489d923f59e93346673cf58f2c8551a7d8d741441d137d00a1bd003306c49 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 274bc5354fc2a600d19efd8d13aa160c |
| SHA1 | 8f6756ca0424555625c98956b09e9ddca88b8e2f |
| SHA256 | 440635b13fdf9f429c2aef242c8fb3b06ecd5f3d83a112273a25933947ff161d |
| SHA512 | 4c8b8e3bbee2492a5a4cd60b619519e971f34bb9f8aa4e5e3582c2707fbcf7255d071768a04922fdc2690abf516db98346af11eaaf3087d39ec08394bf0ba17d |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | ec9bb9876eab6151d4d4310844a5dc22 |
| SHA1 | 4d9a04c2ed2070383dc1de732e6e5c24e5734538 |
| SHA256 | b82764cd0aaa1caf077d475c930917d1ab4a614ead6baffcff6735131534264b |
| SHA512 | d79901f03de1ec3f9eab67c8279c57b7297a84eebc013c74a2602c19bec15ee2b8cff586a37029cb48ad36433ad13726422a7780311df5a21b327c1b7a4e76b1 |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | fa230966142d9e21cb301e8a20f73e13 |
| SHA1 | 9ed1a048a09c648dd0065714273abd62bd7fc733 |
| SHA256 | a47586de918e889291a9110d06eb8bcef51ffa6b742e2afcfbaad5eb64968313 |
| SHA512 | dd1d834b1bde5e286e8d24d0873a28d0ca9f66d3a84bc738c39093160827ef6ad283673d7bba048d3be3815d344919153e5d53f6f906c5ad73a02409e1ad12c2 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 8bc2d5074d4f37e355279df9324afef9 |
| SHA1 | 4e248e6b98e76e96022c7517dd57bd3a2fb8e761 |
| SHA256 | e549e7ad3850c3dc5aa284c37e10510c1239ef12c1f9e6bbaead5396dc69e965 |
| SHA512 | 184b800a538719f117e218866c43e268ff5f9aa4a5bebcdf98a9cb54b044a75bd6262621134a0a33787f1e7586ee1bf6c721d09bc0287a6860b0cbe57ab8a1e8 |
C:\Users\Admin\AppData\Local\Temp\gcapi.dll
| MD5 | 1ce7d5a1566c8c449d0f6772a8c27900 |
| SHA1 | 60854185f6338e1bfc7497fd41aa44c5c00d8f85 |
| SHA256 | 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf |
| SHA512 | 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753 |
memory/2432-221-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/3672-222-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/3344-223-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/2432-227-0x0000000000EE4000-0x000000000211A000-memory.dmp
memory/2716-229-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 59d929d753bfa6727a52fe7e06b9e488 |
| SHA1 | b51c8954d2f89d61388e36f349edc12a26f7d53e |
| SHA256 | 15032022ef7d318d856f96849f34fcdf42393cc0c1815a2bface5982cca4973b |
| SHA512 | 5c46064cbc057d2dadc38155999bec48a19d94d289802c1af65557568cd69f0e363683876bf92a9633f8be375bdc9cfa6118ae18bd7b6370941a600b0c7b09d2 |
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | 8dbea364c83379d3d6314c4cb5e25eab |
| SHA1 | 74a34d88eaf2bb69670ec3ef953847f6fd3c200c |
| SHA256 | b9b9a7bc45b8aaf924a43b5903d7c4309c5ee195cc35c5f1ab9a18ac80048ccb |
| SHA512 | 4c669fa4a450bbf4a37fc5e8af6ddace40b2a32ade6573adb1dd523beffb44067ef7c77321653beb182ca49976faf2a93dc4abee65d0b08fa9e479938c42618f |
memory/3672-237-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 35a59d0346ccfa7fa56d2566652c70cd |
| SHA1 | 06bcdfdebac548892967069e55c58e7ed0c541a3 |
| SHA256 | 155e0120ed5cc19855fbfc6a5b348e022e0d015344fbc3006835918a3552c4bb |
| SHA512 | dd336365413ce65fc982931c93eb6056ba499c87832b94eceb206686a1dbe3008599d87b37e676c07c79bd1adde137eb23dfd594b43fc71c09342d0271f6e144 |
memory/2716-245-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/3672-246-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/3344-247-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 7d36b2156347cdb6d6892d694ef80478 |
| SHA1 | 41f58e97f803b4a28db5d2852ad00891b999f362 |
| SHA256 | 977ea181a7f1b040e5fcfda2023d50836f2d8143a0e2c8b344de21aee4b3590e |
| SHA512 | 6889d5b49b46a040be7635d3f4619906dc2829bddec36bd1de9dbd7e1336d61fb32eef00758a883224b6657ff44ac57c506a300fb24edddfdf7586bb75789c12 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | c6d4303dea659de573137666e3402c06 |
| SHA1 | 30667165c09581545d3ab3a41b9fa25205bb1342 |
| SHA256 | 2c6d771e06d8c403b4ec4d6fd0ce03061c1af5963d0d0ef1db2e00f38f03b889 |
| SHA512 | 12b160651a92850bf43f866ffc340562a617c16561536b3eac72638206d74f645e77e3ee71631a3f157b25f10073ccf31ed1d3bb15a593aeb2b3151827f8af82 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | 964011724485ce4894d6dcc23a769b25 |
| SHA1 | c6a8e510578e91a3e10744e36a46e367419d71cc |
| SHA256 | fdd1f4aa82204837b8b0a68c9da5affc30f913bddfdd48201273d52ba07b02b3 |
| SHA512 | 72f903a89a34e8dad16a8946182bf51a12c415d90a04b561a8b9226e14f4a3fb9fe3e31ee520b81064bf2029fa73477c822e926d5fbf3b1d36d03ca8cebd36c7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | 65e2476f89c59eff2a261321e54708fe |
| SHA1 | 969c602d04850de83ac268594d788cb5c7924d0f |
| SHA256 | fac74d3c8c441178b2d34cf48e165f00ea783dbaedd2417e0ecc56495517c969 |
| SHA512 | 552b2a169f720d705b007e66a434580bad386f4e1372e8e22d4366f7e64d5e9f5afb0f1dd0b4fbf2a3f44b02dab868af0741f743dd786931b141e675d5bfd31b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | 15e57d897c67f6741e4d5374f1286644 |
| SHA1 | c42baf69006350614882127cc632cb3b4fbc7079 |
| SHA256 | 635eee3d0f19ceb98f0f5799009ff124ed537b8795ef69067605ee7345cb4c98 |
| SHA512 | e1edb9e8038f0cb1b77bc34243948ba40b7f407d4f432a10332562b1c8821cf09767207dc0a2950d17830d9d7bcf404c526e22705d4d02b9676c1c57ef93c1ea |
memory/2716-276-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/2432-291-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/2432-292-0x0000000000EE4000-0x000000000211A000-memory.dmp
memory/3672-293-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\Desktop\InstallStep.aif
| MD5 | 2540687f1d245f30423e3a4816a4768b |
| SHA1 | d3e97290716f4c3e3549f9c70865dd10027e5cbf |
| SHA256 | 97eb7a8094675d506b09d0aa944250b418b4f06467cabab6adae1dad6810f3ec |
| SHA512 | 8183977fa3f85b32249f7b62887c067f8fc4ee41f5890127bd44b1851a706c4bebea9b9017b1d4a11da74e6f6ce7de925581059c5382d5e3f47875205e137a73 |
C:\Users\Admin\Desktop\SetConvertTo.WTV
| MD5 | 0c820ad271266a8f1e51336c207798de |
| SHA1 | 1fc6f7e50fc275bb07bac63174cf6d4931265a43 |
| SHA256 | 79221e63cdcd11e51ff25a234b7364511ebf806f8df2595b3676a5a94f5caa0c |
| SHA512 | e45c1d002a0e533bf4e02653eed6cf845734ca004b99d96c9948d09941996a9d11a9cbb8f8b27b267e5cc340f7d26081836515495b8f7325fc8cdaac9976eba3 |
C:\Users\Admin\Desktop\JoinSet.xlt
| MD5 | e0637fee00b496be6f27278f6a980fbc |
| SHA1 | a491a374965731fe25b86b7ed5d4a3633533cfb9 |
| SHA256 | d67c522c7ae97abda88851380da2ed3d18344b87b866929e79d1ad403b8b9497 |
| SHA512 | ba0517d7d1ed3cc506cb73410925a4b862330afed70a904337a6c1aeba67f4ea9892a45f806ea644caad85feac7ae0c903820701c7c6d08729fededf97ae0ea5 |
C:\Users\Admin\Desktop\ProtectWrite.mpeg2
| MD5 | bab4139cab9016a0c0e692f483e14e76 |
| SHA1 | 0af630e845aa796ba02526d695e8d64897568a1a |
| SHA256 | 8d089a0b92659e8b0945cb4af5ea65028268c5edec1cd05f99feed86c4c6ce04 |
| SHA512 | 3ff1fa74a737e6b662f435b83fa9ed3d5210e2cfaa371484ba07bfa14f950157d8250c0616931f400f3d408f11d787ef6e8620e8742ab92f827d99e658ad0156 |
C:\Users\Admin\Desktop\ReceiveTest.jpg
| MD5 | b17a0561e416b790aae5e64eb2695420 |
| SHA1 | d9a445f8d95134b8bb762be33e3e1381a1eef1d6 |
| SHA256 | e3743f1241cb44b4c65a5aa613442c71905cb72c8a124e5af55a2903c4223088 |
| SHA512 | c8e9fd221adce762e4b1df6c37e72f2faf84d1d918ba92c0f3075062fb841b0e743d00e786ae57508cff8358f8ce425c782d153d908bdef942df6f21ec8fa01e |
C:\Users\Admin\Desktop\UnprotectDebug.vb
| MD5 | 2ff6b2483d31fd8778e3b9c0d3716100 |
| SHA1 | e6a230067ab50b0d1b8639d8600ed73445067047 |
| SHA256 | f22413534ac3a6dc32ee5bbdc849a4b2ed61e1da13cd64eca3488f0e1533a6d8 |
| SHA512 | 82cdce94b350ecfade3805f02c806ccc659c0cadf40622ac461de3e79e2a64bc94d7b19a43536ea02c75cf2830da2c3f633da0a95b94e1fd1080aa0c8548e664 |
C:\Users\Admin\Desktop\UndoExit.jpg
| MD5 | f2addcef7d256f79aa79b8ea30836bd4 |
| SHA1 | 27539dd501e9b68653cbc1736fdbf4663f40ed11 |
| SHA256 | a09f286a32116cb609075c15610f94193ed8848ea15fe2d3fc8da64d2c6e182f |
| SHA512 | 74096356325dccfca6965f98a753f81844aa664c98e5fbbe4e7c1eb4a3eb3a3148fbf87dfc65d238ec782cf79157b70069cee1d88c176e951aa973435c50b3bb |
C:\Users\Admin\Desktop\UnblockUnprotect.vsx
| MD5 | a4240750875a867c81e681680d3a8c17 |
| SHA1 | 36ed259a90912858a1ee37b03ef8e6db30150410 |
| SHA256 | bf2889e2809e736eeeaa33f1975bc0fb6cd5859420d5e5bd634f281aa079ea67 |
| SHA512 | 06c3d801ee81985b70a34c2c72020f7a2d292e155c09995058041cce634c08458b42018c9451d95e05f5550c6f1bd4d8289a67fe00e74b92bde5cb2b9d60f338 |
C:\Users\Admin\Desktop\UnblockSwitch.dot
| MD5 | 350d63c3398fa8c49e0996b35303c754 |
| SHA1 | ddf13cf2aeeb5c796e12c53354b4cd936082be9d |
| SHA256 | c0a208d9c8f622447e4d0f75cb27bec776f768f2d4bf8af5def2261559f28550 |
| SHA512 | 1889de2a98ff355abdea3816ba6dba19f727ca9d8576cbda2fd8eca5582cd7a5f8839c13a61129a9d21521234334ecb16490d741cc111a97c80e6805cfa5a83a |
C:\Users\Admin\Desktop\RevokeConnect.exe
| MD5 | 4c472f64fee9f5b48fef87bd5665049e |
| SHA1 | 6e847356ca82cea99c6ec8aa99149ffbfa453d43 |
| SHA256 | 1ecc8994224165f700ce8d79306d3f3747e362157ac07ea0bf9619f9b8d2d8a8 |
| SHA512 | 23382bed9051986242a0ef07e5c4749344e3cd19e47ada657ca9eda1277514ebf29c9cd0c67a8626ab3b2e05a65bf778c20f439f0734de93a23f01b2d50542fc |
C:\Users\Admin\Desktop\ResizeInstall.xsl
| MD5 | 91b83af8a8b5f54f046290ed59a7ce2d |
| SHA1 | 27741284f8fc57540ddb005574f36d218b9afdc9 |
| SHA256 | 3fdfce0357c7656e3baf91a9a195ba6e0d74cfbf6b9ec331e490dbf59765d9cb |
| SHA512 | 35ae66579422f0e97e4ffd4c6b163c7f707765e7feb2b88d704ec5e563d705bd4e5e1f4fb6a81fa212b3aa6780b746f1054ad79d6f33ff433162358022f37f59 |
C:\Users\Admin\Desktop\RenameEnable.dwfx
| MD5 | 7ccd804df1da102dd9a59f2209ad208b |
| SHA1 | 813acff6b257cd55d6133845d43e52ba3d14053a |
| SHA256 | ebedcf90ec152a9536d80c69b53b009a016b183228942d0638df2c67ca61ad5e |
| SHA512 | d04e7626a70f9144ce32c65930b84081fa4f5d95ca32d150fb9a18309f81ba74f44cec1d3d595f5902b5b554984a8e8f2b5996a81ee7bddca60910735e588b50 |
C:\Users\Admin\Desktop\PopBlock.wav
| MD5 | 26592ef2c8a1009aaeb331db6a32a02d |
| SHA1 | 5b39fac76aaf2bd0aeb53a92a837730d07bf559a |
| SHA256 | f8409ece192e3630468b8817e2bde0a349660ba8de5c030ea0bdc6110c1fd939 |
| SHA512 | 0a6df119a3e4f57fc3ccacf103fdaeff2997a9dc2fa0a1e73a729541a0583c960b497ed7369f1113e67d2d22736ee90f068bfefeea567e1f28aa56e926c41183 |
C:\Users\Admin\Desktop\MeasureBlock.vdx
| MD5 | 211a1fe6e9652c778b9db3ae3c4015dd |
| SHA1 | eb4edc024aff8a6392dedb7051605a0d5a129db2 |
| SHA256 | c275df53b580afe6c3fa1bcc320043a631fd3da8e57c3e451431f69695a003ac |
| SHA512 | 70c52b41b01edd1ce6cc549320d9a0387afd0bc750881e01a2606e254fbd37acc171d5cce6528878ebc8886088416ee4db20b6504972cca3e8c0ab11c7c4db09 |
C:\Users\Admin\Desktop\JoinCopy.jpe
| MD5 | 9ecc274ee668dc41fa5cec2a327eb6c8 |
| SHA1 | c2ff59b9ad9daab1fa63dc874721be1525952e3b |
| SHA256 | cd8edeb3b33414e784711940c4f3a05d979a638822fcfa74775f530d4bc946db |
| SHA512 | fa3d36862a8b5adc1646d7503a8b783aa0e0818c9d99012064f426c7a9bf0b0e2b38d7b9ec03a24ec2b03988aa60b3be6b6b12f552d48a4305d70120615dfbba |
C:\Users\Admin\Desktop\InvokeStop.xml
| MD5 | 9c87cebedc21e8f05f1b9e59506b20d0 |
| SHA1 | b1b3621ac9b325941d23b06fb55438c22181be22 |
| SHA256 | b542bec77c2ef66900d8f42b0072d0942b0a949c131137bb66e304aec7dfb23f |
| SHA512 | 6695192e3c1b8d7fc5c8d8e819c9ba1ae917f0f9a9018487336e5b4cc64acce77c0a0118292f29797b6032cd5a533be62011aad27cbf63c00167b8a4c750c642 |
C:\Users\Admin\Desktop\ExpandComplete.vsd
| MD5 | 7781ab188c8709ab46ce91f7cdc48bad |
| SHA1 | aa4473a974737ac19601573c1254ed6b7a812d9e |
| SHA256 | 8a12e73c8556d39672ce148f68151f6b2a3595d359a0fee835057d5c22389da3 |
| SHA512 | e62be72706fbde566b8d4f9571ab1220613000d6523831b3b7eed85878d2fff9971ca85026b904a25642ee08f3294e00e0c81af39a9b7a06c90034acc997a2f5 |
C:\Users\Admin\Desktop\ExitStop.docm
| MD5 | e5c95dd1be54c1e417f112020b272f99 |
| SHA1 | 11f3f69df483d4e2609791cb3a044f90152998e3 |
| SHA256 | fa75231827384c2fe2feee6b16e3c1051b4907f4cc91104f851538cd05c7d0b8 |
| SHA512 | 9d7f310e1da95b0af7e740cca60dca54025d21c17a4f3c32880555bb2c5a62f3bfc816ee0353a058a147650fd0940b3f353e73dff2170f54c0e3eab55309cde1 |
C:\Users\Admin\Desktop\EditEnable.clr
| MD5 | 20ba578c7fbb9f5989d1c1753677f6bc |
| SHA1 | d212a5480cf25d51a9a0802f6d29d59652b2954e |
| SHA256 | e741cedd96763b7e7763279053282471930db2f15310b8d02cc361e5470d5293 |
| SHA512 | 104bf1e3b428ad8dd0b635932ef7dec4288a9b5184d868efaf34e0796c9ee9063b01880f62154773a759620f3dca3bc74be0fd3679732b3b0edbf771ee563060 |
C:\Users\Admin\Desktop\UnregisterDeny.xlt
| MD5 | 3d7475c7722a03a0aa288ac84d0cc847 |
| SHA1 | 589f27531ededb8ecd821d8cda0fa59d9fad2e46 |
| SHA256 | c24e15197d220c6f51264e88b7fe7a3d5904b134a098b3fbc1179efa02020f9e |
| SHA512 | a370126ed052a51f2f2ea5f2c220b05b1b061350ed3a5b62a9c4b0f7f697a59421326e8fd5e41ec2c22be9bdfc3807748be2441631bea03b9753999feda15416 |
C:\Users\Admin\Desktop\ConfirmRepair.001
| MD5 | 4427e609c48c25d4f97a186cf4ee2adf |
| SHA1 | ef27b42292faa004328ff2f61f4b9881ab2d567d |
| SHA256 | 28ff724d315a971e01434dc0280a9be1d036d8e9aa4afb24a221613c01f5e5b7 |
| SHA512 | 86c2337f327ba7a5f67eebca11eb33fca25d4195012cde71c4816ed0fa3ae6373a4fa481e4f2268c86e2ec5402fde9809ff88286209856c1670a865516ec7f1d |
C:\Users\Admin\Desktop\DismountConnect.vsw
| MD5 | d7cdcb8873db2cab854255bac846cae4 |
| SHA1 | c125f4ba8c9a9435de7c61a45589b693199d676a |
| SHA256 | d7b41adfbb8d20c6c92789346f8f8609f02d72a076efeae96d76d4438a992095 |
| SHA512 | a398912579fe5a870299adf199425239a30973883c6bdaca222e51d72cb14a34d681433d42b0a2129d78e4f74c9a336b33077259f82a9f1a35254795cb6c8e6c |
C:\Users\Admin\Desktop\DebugMount.mhtml
| MD5 | 2a8d823d8b07b4ff9e02def018bc9573 |
| SHA1 | 356bb48a569c296d9759f286badf67703f382d51 |
| SHA256 | cb6b7a8dff584ad8527d6f92bbc33e1798462a3233dd6f2d7baa85d5a013e16d |
| SHA512 | e537d73ee06efa11f59311787ce8791c546e8ce3a3006124c5520bb5090cc63b75aaade6510362efcf31b8205c29a9a63e9c4b39b7b310ac8a110cfe1f50a950 |
C:\Users\Admin\Desktop\CompareApprove.bmp
| MD5 | f8ea40fe87e2785381f84e2f28cbd274 |
| SHA1 | a2d3d307f1f08766586716783011054e706957ac |
| SHA256 | 802ebc2b67cc8217f340dd210869d64a2730de66ab4df339ceb008a896a2609a |
| SHA512 | 4d9b49374b3fb4313c6c1bb0492f327db8d9c957db90bf9fb88e14d886e71f8af5e0162d5fbb5009ded65c23203eca4eb5b3b275e48bd58e8292d537a99bb2ae |
C:\Users\Admin\Desktop\BackupSelect.txt
| MD5 | 359b47af76ab5742ebc48e3a5d6da72a |
| SHA1 | 25358014cac80ea5a6454ebb8a943cfa65c3b096 |
| SHA256 | df23b4b1ef9f4bc7c64dff5aaa54a6a453cf1c13c22b902a051ae466513708a4 |
| SHA512 | 8d53ada9be6f00e16e8742f973579273dc84f35814df9febfedc6ba44fd113ccbe58a04480c797d95c310f0e5fa5ae6fd4a94840a7d56d01bdac8dc56070fe99 |
C:\Users\Admin\Desktop\UpdateImport.htm
| MD5 | 5030aa0f6b8ab3e487d10e333b3a9257 |
| SHA1 | c5ca47358d8959377139fd4291620e20e6a37609 |
| SHA256 | 7ee4e1ae3e93a6ecefa840a11b7a3551e794f4bcd715a8ff84f33e3b8a945920 |
| SHA512 | 830407f8cfa1951a88234f5c28aa834482f6377b2115fc933cd7015c4a909f8d41b806220894657bcd6ca5e2865815ad0423fcf4b48324a8b6a48632356011d5 |
C:\Users\Admin\Desktop\SyncOut.ini
| MD5 | eb691c7bf94f590e58ceebef64d2e963 |
| SHA1 | 148baf9afed82874c9c2c728c2afd9fb09826af0 |
| SHA256 | c89591f10584661e356a3b7e68094e156668e19ed3049a9d6c788a2193eea28f |
| SHA512 | f35a438b7085ee20fb47d4eb9040980e603c1e838e091d24103da5c0377bc0530fb2be24746659e69be27fbce90e3848a9e34fa89ee766e992d1d45e3e89288b |
memory/2716-322-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/3672-325-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/2716-358-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ed39d85f2ace752fc5b2e99eeb5c6b60 |
| SHA1 | 0b14b0424bc2a36cb3f2b24e97bedb836a3e8a0f |
| SHA256 | 2a5e098302a5ea1a48c439a9319f1ea889ca52d3c8b274fe5e329ad953bde6a3 |
| SHA512 | 691740a5425bc05a721cf835558e04dd86f0e7300a07a778a5a3806a19f4b4814253b42b6b6f4043ca30c6e9015b14786ccf1ce40d0861c90da6534aed55466e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e2fa343fc9e306e37cf9e166ea96dbad |
| SHA1 | e156a1799436384ae08597f8cd79f62a78a7a749 |
| SHA256 | f3e1a5c24d2561598d267eab1dce986f59eb5e75855940e5a6395f7de1bb3a5d |
| SHA512 | d347f4ac617930e88b29d7798b5b7a52bc397d33fbd5e177b3340c14347d545eeeddc82c5f81f961c784331bfcc53693c7666e33d200284b58a946bc2b4e1ca0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0b6906a714da7c2a5cd7598be25d8463 |
| SHA1 | 19c355bfa74a8b00157ad02a4f5a97f705ae9b1c |
| SHA256 | 9be3b651c54941878de59f84f4924ca8992869a6bce96a71bde16e1f1b76f672 |
| SHA512 | f29389990d4c8f2482773d2ffd9db46e1dadff08addcf5a71cff33cc896368b81ba7ba5e3a4db0b8edfc0af724c18b69e453538853a7d632b7dd3847dafd7881 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | b2b718259324b4f3104970bf8718cf02 |
| SHA1 | 99009e7a0dd7b1276a8b986db89fdbc125f9586b |
| SHA256 | 5412d81dfd49b3b8780e2db6fecb5253aa67d82191454870b6ad630d371b9c9b |
| SHA512 | fed0fc385bc0584f5b730c9d73f4a009f17f7066d9b8215ba73dc152dcce945d3adad8a1e0f1ac207af8db4fd21891533736a1755feb3fd6ac00d8bf273ab011 |
memory/3672-393-0x0000000000EE0000-0x0000000002629000-memory.dmp
memory/3672-495-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a0f047cd2ccff367c3448e75fe572194 |
| SHA1 | 9805101e10a090b0b06b1d0fc94a605588d4b28f |
| SHA256 | 8f9907ea5ebe2126557ebb6a3fed485211d52437a2607aa06c5aeebea2331589 |
| SHA512 | 9c6c4e819aae270ac3a85d41afdeb25495b12928f5cf10540750d4158b1d152e327b1b23ab60e4b5307ec78c2a2c04c8fcce17f88fb2632997ea84594118117b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4a01cedf7cb5d6325c1c002819885d4a |
| SHA1 | 70c55c059c96506299713258f8656cd0a018ff7b |
| SHA256 | c45495ce2055483771bb07dda143510c334519ab880068938bc869e3ed3cbb84 |
| SHA512 | 61861a9285e2284a7547d45cdea994c6ee76265933eabb2f4bddf8adc244fbdfc63ff8881ee5526d1481cd160aa417d9095b8cbb9304949d9516c13325162f5e |
memory/3672-526-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3595eb7871386a0e56cfe9b0ed2822c0 |
| SHA1 | e248ed85768eb2f6e1c9fefa0259f2aa5c03fd83 |
| SHA256 | 919bdadc79bb8ca042a7e08310997a0fbde455770ba726187bbd227c80ac9457 |
| SHA512 | d2dfb06a5d30a4e6204951e5709da226dd9bed43406ee7ed8fb2f9165c95dc808491f75dbafbc5deaf7ec24fb3f584a88cdcbc8e8fe8ad1ab11b5a13921a37bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d164.TMP
| MD5 | 14d2996c0bd525ea335282a47d034cde |
| SHA1 | b2544773cf9a6e7ac99a7300adec2223bbc5c65c |
| SHA256 | ae09d9a1924f0df4ba8d6c7e96e32dce8e009c0d7cb70c18016b6d7c02ceedfb |
| SHA512 | 79444d092dad331140339c61ac6435c70a8871a053b69904f1d20ea8498768d26980fa62781d8a836784fd4a99024206573bc8bce4a945039bf47261fd653e75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e5ea10d81439d0e74a5154b82f3a0cce |
| SHA1 | c1c4170e2f9c7c469300423ae7899ddde7dc177e |
| SHA256 | b4c25a2bb300961cafea46498f056feabace24ffa399efa202252b3c8fb84c51 |
| SHA512 | e4f45639255715f425b1cd89e5eeaf32ecc46ddc4f46b9b4b436dfff31510531378c4389850078b92490db01a4bd9e019785e8e5c257004759b9085f5bb7a470 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2b97e1e996fa04ae576d172fafec5477 |
| SHA1 | a6931aecc6db03892614064d4677b484ce3fa78b |
| SHA256 | 5860780f42882158ee39f6f4407dadc5ff28c0ea4798764ee6a426be06199e28 |
| SHA512 | 2d77806337f16becd2d5494de303b4608bcef031612d487f2143d8add239e78dd4bc0d83acea66a50349738141337ef5ef0fc12dd4b040aaccb1e692e947fcb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5ef7ba6f52b1c6a61304fa73fb227a6 |
| SHA1 | b31ea7be01ce7eec2b0b186a8d43ae8efc050f60 |
| SHA256 | af6572d045097be61b38d36a47b4d58a8abb76fa4e6440c782569e3de0f3d57f |
| SHA512 | 330beaf6f1869820a404de55a543cee25d56d2c962c7c40da12ae9c7deeacec6398ace2441ac5b0325d132a9c083af7d7f79c6c42dd7d8b2335e0fe1c9a2ee2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3c027062e31a52dcb44d68b03581a3de |
| SHA1 | 198ba1e9eae86cdc38bac6c7578f4bafb5405039 |
| SHA256 | 3af3d4a75599fc5f9a7c387af724bc2520e4b1c49bdcae55e2fbe8784b2e11a7 |
| SHA512 | 1b2bf8cc8a010604ece8d948ecaa325a9d3255bfa7fde2084652ab5e3c4f492860d75fe226793e20cf16be82f2636b759991e194ccefed82c690bedb41cc638c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae6b2a64527cea9ed637ce413cfb75cd |
| SHA1 | 0e0d95cd83f7007a2e82f2bd28b0a2bf83bd4b85 |
| SHA256 | 8aeca3c42fd4414fa822d3b2694ddadb9376ab9864dc57f0f5e30b53c3de3fa9 |
| SHA512 | 07d99f754eee4babecef7db2861812fed18b55f9ab7b1ef3a1a09053fdbce39d80b28d41874b2e8be2b7176e70d88681fd967ac59c524ad53efe24c8bc75ae7b |
memory/2716-618-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 57f43d5de28b0da5a2733a39d8ac565a |
| SHA1 | 1c4c80fd418bb2ac0152937d47ad807c32582729 |
| SHA256 | 387e76aea1b83bfe3dc322c91b379838fcff12a5e4838f7fe7578daaa6ba8976 |
| SHA512 | 134ab9baf105b47f91e8636e5adce84472046feeb25b8617642551956391e4d8c7c86750cf2f92fc4e329dc1c9ddb71238ce73d664910732bab129e1b389f024 |
memory/4852-628-0x00007FF68F550000-0x00007FF68F5A9000-memory.dmp
memory/2716-629-0x0000000000EE0000-0x0000000002629000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 14e19e5708d49f56a2618627d1993de0 |
| SHA1 | 44e22e0dfc1a68a78ab25a2920b8ffe9fe97e3b2 |
| SHA256 | dc4976305f04528ad30bc084009fc6d5cfdd0952e2394c804884d7970c715d2c |
| SHA512 | f41c7d543bf753e2185dea47295e7970d707c8f3a84da442462f2c5e1d5b6a0b24458bce4be66a421502633e1547dc9c5d159c005ed04c078975b58133d594a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 050e914e98ca04ab03d396a5682a6ea5 |
| SHA1 | 6e787a405bda018e8b0967f17a2897324beae92e |
| SHA256 | 882f550c9db952ef7ecafa2132f0e7f48c8d1d6716793f98002e653af9fca2c2 |
| SHA512 | a06b50b6843b4c43505df84daf53921073ea541cb872546b9a6cc48cb298134e65ef27df23cb6393ea885cb18a2f11fb5646f2ca181c8fc3b014d972ebf00cda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5cfe9967b55ea5b7360482751c295c2a |
| SHA1 | b754af5b061889de845d52eba62afb7d24c6492c |
| SHA256 | 2297da6d10245ff455a5e4a8c3b20ec4681847ee6dd26e7c3f466c504c5ebbfa |
| SHA512 | d6eb5d8ece580c3cab95fdea47e01024bbdbc4a64646992f710d72e7359d541232782cd0e43a072d86b1b128385c1a66dfabd08f22b687208e3b620f745c7a86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bbfb66ff6f5e565ac00d12dbb0f4113d |
| SHA1 | 8ee31313329123750487278afb3192d106752f17 |
| SHA256 | 165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754 |
| SHA512 | 8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9a91b6dd57fc9c4880d34e9e7c6b760f |
| SHA1 | 77a09da6ef4343a8b232386e000cd2d6b9fc30a3 |
| SHA256 | 0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a |
| SHA512 | 9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f26af04e8656a8cd738e5dff50b86b2 |
| SHA1 | 2f1b9b1102f3b019fff3322da22c94776d71871b |
| SHA256 | 8678df9f9ac77ca5046a7604ec2ff66a80e4c52c675d832e6b631fca727c3ea1 |
| SHA512 | 3b6125ec6a6e940bde3b8aa759bdf9b41e2e9143bef03fd46a79474f5d63b510bd52c709ac426b9367cfcc18dd54829898500998cce1e41326e6db1c75edecf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8ca11f1fdc193ce2af4f5d61f751e839 |
| SHA1 | 2cf51a321db228a6bdba4282c9f3a9ccd5180445 |
| SHA256 | 0534a9c7797f93cdf0673bfa86cfa2de888feaed3008cf7c51d6822c662be4cd |
| SHA512 | 806737ff6ac9968b44f9cc456779f318b2bd0130e3b5e91036ce71ed6193abd5ffa280a51371e265118a541c8e63c8b3eae365b300db5ebfbadc3077d6d4b28b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e069192d73f377492e343d6d5440d07 |
| SHA1 | 5a33229fe2cf3a90131c8fdbb4da1398ea3cc521 |
| SHA256 | 53e20c5fdfa62f0030dde14acc7b467e11511fc0169fb48a1af3bcdbdcf25458 |
| SHA512 | 98b320c6ae31675ef88e3930166e916c7901e06a1007b789c0d07540e05ec343cc68c0514679c98e30c968d9df9910acd64376c8ab4102e16e4960b35198dce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.1a46svqsis5j3g6moubux69mf.tmp
| MD5 | 530f1945913c81b38450c5a468428ee6 |
| SHA1 | 0c6d47f5376342002ffdbc9a26ebec22c48dca37 |
| SHA256 | 4112d529734d33abda74478c199f6ddc5098767e69214a00d80f23d2ea7291ff |
| SHA512 | 3906427ffb8f2dfea76ba9bb8cac6bd7dece3ebee7e94ea92da5bbdb55d8859c41260a2bda4e84fab7e1fb857ad12a2e286694ea64d00d0aa6cab200fbbf64f0 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.p4ydw237bhct7gcoq5mo16p8e.tmp
| MD5 | 4085b7b25606706f1a1ad9a88211a9b7 |
| SHA1 | 31019f39a5e0bf2b1aa9fe5dda31856b30e963cc |
| SHA256 | b64efcb638291c1e1c132ed5636afbb198031cee44384f3ecf67d82b73accecc |
| SHA512 | 9537559523839e3e708feabe8c04f40236add7d200ec36bad00c10a69337a15001103c17093dcc0d8cadb4713d911f39a6411624c1db4cbf1ea1af272a716168 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.8sm4apisygulcg6a2dxkytymh.tmp
| MD5 | 24ebdb1228a1818eee374bc8794869b7 |
| SHA1 | 79fc3adb42a5d7ee12ff6729ef5f7a81e563cd2d |
| SHA256 | 92a7d7d3b0bfac458ddcef07afcdad3646653ba7f4ad048fdd7a5ec673235923 |
| SHA512 | 63764d99a0118fac409327d5bf70f2aa9b31caf5277c4bc1e595016a50c524cd6c3d67924321b0fcad12cd968de1a62bd292151e35fd907034efd0f40b743d6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 270062d0d6f7f8f824d456c1ab06a7a4 |
| SHA1 | 835ba9402c781e6b6fac74146e7d02eb00669e23 |
| SHA256 | 627be6a9becef83aa39978c902f4ac6579f01315c616b552f7a3bba541d4e4cb |
| SHA512 | 86211ec008685f7c722ad8ab901976401ed0958d9c27cfc5a2a4d5dcd630543a27dc34766d773c3bd3b5e89a30269c115a5d7b99a9eabb88f9dcd3b93430f322 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2c76e1cb6507b0cf9d302d7c02bfbc0d |
| SHA1 | f4394689af42a231797c2b6c4a297b3ae1e237f5 |
| SHA256 | 268d575648dac9fc46bf55698be8dd22e1eaa22652b42aa243f497f656c0bdfd |
| SHA512 | 4e1913de8f1a5587023d7633d4e3aded46ae8a111ee7d68d40bdc97d931540b6db9c4a69abbed185f2b7f16cb943eaa66bf4c197637cef9c67b9046b532ad641 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 66ceaa05a3241da6ba63a5973f894a0b |
| SHA1 | f46efffdcb3ed18694bdc9b07278f527c54d3f98 |
| SHA256 | d905523394f1c1060d2d050cb761cd0ff30ec026b53ed729bb77782a98c5d90a |
| SHA512 | 364375fc52c751db7f08c7a75049f95f7826d9174586b5e0ae7c862f6516e5253aebcb1e17ddb0500e3a01ac3eb236d85a6d2168fc631a248eab585f8e65cf8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | baef009bc5be17fc9973aa7f031e1146 |
| SHA1 | 1350a4118e9c395db1f045233b7e999a08182f12 |
| SHA256 | 9dd8379e66533d70a27e64d3a91eecc14fddc4c20582dbf40deb95b2a8b03d46 |
| SHA512 | 7adfe12dd2ca191f0e7f40178d44d7d71a14c551c22ee7b8230b38da2ef7b1cf53ef1bebcf6a408020d390133865c49c6e7e6bfb7a4c7ecd99e50fcdd3b3d212 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ffe9f3e1b528d2eae5a8d758b26f283e |
| SHA1 | 95749b5f51021a7d19aff5d16b8c8631a3f9ec83 |
| SHA256 | d0d631b2d9e122edf463f0d7c032b16971492bcf24fb449d21379e8dbf79f385 |
| SHA512 | 30ce7f04d54e45e43ca0720500ddef397dfa84a5eabf3d74ced5e6d81080b670074f55e738383866accfc6842972ab77ae7d29ad3b8817820a810875f06081d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8a9a3b36ce681475ec1f8a4185a281cf |
| SHA1 | 65691232a1987e26eb01304418f6296a2d8fff9d |
| SHA256 | 20ca9110be3c2385e73225e7ad69f2c3dba65825251bd4606462af3442fae2d3 |
| SHA512 | 0c9eea2325026d09e36a0a104dcf564c8c8962f67526abd079a477b631327794a4191a724e519b338913d7b22091d9849c6282f7d389d7d6f3586cd90b42a7e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 87b8552ab6d6cc7553fb25eae2b28c57 |
| SHA1 | 178ddfbef490d4879d08a5723139119ac5315e4f |
| SHA256 | ae2d9979e3efddd8158489353e57f6e2c2b633796ee3e893c22684e93eb3f70e |
| SHA512 | 528814d6e829185c1a50c346c7e329968dda615df18eab8d88d6368fbbe03138fb84db168dfc4fa5d0372d8b55b5138c35ee9c6fd5e47e6b95413588f7e01d15 |
memory/2828-1996-0x000001BCB3CF0000-0x000001BCB3D02000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2803c7d28fa7f1d9ee57b994f439b778 |
| SHA1 | a0c4473f43124c30f124d6c93114bb75b6149103 |
| SHA256 | 648e1ed36912674a6e3ad19cb4f50ed41b42c7262741a7e50eb6989b399a0fbe |
| SHA512 | e3b507a51da49e477ff2ae75eb19f2c52a717e5503e7fab04bfa938c4eb123b419fc9b1bb1710b56b600cd8e508af6afe5017d0325170739882067a8937fbbba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 416ea32cb61d12ef0a7336a75113825f |
| SHA1 | bb752eda2261b768a8d15ebb34f95be0ca5c95a0 |
| SHA256 | f34d776ac4c3d8eb8a5f4e788333b10f367613b49c7bba4fd814dc34c016c5a9 |
| SHA512 | a4026ea7630a63ffda567aa3da54b8ec745202e60b8c4422a248b74f39af3a990bbefbd0166408b4a764e174eadd3e36651f65b2dd276227c1509f00a3302419 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a6fdcf77fd4ef784932f6d2ff905f5ff |
| SHA1 | 590a3acb5b5b5b5c408b6a181b192428828c7a23 |
| SHA256 | ae0ef2982bb942de31c514d6e59e2a1ccab626e6d9a542c12b10c475b88a4512 |
| SHA512 | ea70a0a8525c7ec340eba6b00a40f517a76e1551081ae0d4e6ce507b8709e8b87e93de1616e3df96c61ef7e458e41286f67972a2e825b951ec8efefb60a6b76d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4261a62e0f58e07e9996a2b3a8a05c1b |
| SHA1 | 60b0bd5e180e2196d2a4c356b407d62de8be4d0b |
| SHA256 | afa2764c4e04777c74a1fb20142f2d1b8443ee34ab17e5b0da5cbf5eb7abbd84 |
| SHA512 | b50a43c04bd8b09b8fa1a7152751b69ac2580ae34d5c90a62e87301d74cae8e4a9e58a55e1e7c6b8dc600a666bd0ada975d993f07146f0bc8bd3ab29b1aaf465 |
memory/5784-2113-0x0000021986290000-0x000002198629A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bd36224215e0e73629eadb6ec7c87e74 |
| SHA1 | 8716de1c2a671fc0a0e6ae3bf16a7047a0853979 |
| SHA256 | 1f2fd16fcd5fea1ebd685b781105166d95158a554a593e659937aa6c2153dd86 |
| SHA512 | e96eef6622a9a6f16436b690799b7102f439a86b4dcc1759cd34f298fecbb0a312796ba19c906f94539b29ccf0a254a06061c56979a920f3f8079d2e650de530 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | ebdb4566a509bf737e7f3726b8e5d003 |
| SHA1 | bfabb2b07b9cad82a182d5564c4bf61a6a40d61b |
| SHA256 | 29704bfd9a2326469e78055f8e9b54d6e0affbc5982608478beeb1c91a4cb6f8 |
| SHA512 | 30f4cacb2db6a19f221f90e1547d4ecea075de7f73dffb0573cc3a2971a2bf92f4c2ea02bc0b622fcc6fb5ba47a8f21d656dc552f676476e0abf779e8a52b77d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6d381447d8f9740ad861cf0a395e5773 |
| SHA1 | 88ea056e69d1c2c67e3b8fffff95dda6a2dda9c9 |
| SHA256 | e10934c43497cd3bae04387afc321d3d50c2bce88bba2c6bb90c22f17ccfd65e |
| SHA512 | 03bba9f59bbad24bcdbd6aadda765f409aaf4177ffad90a34c0388ca1c861b952a157875955e5bf08460ef07ac2f0a41fab61260585219e343f097f0d0af27ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6fd9ce9b612edef645c785776818eb06 |
| SHA1 | 9e474f20947ef759e8ba243e4b3c7834aa318ae0 |
| SHA256 | 1d01ea3d2fb8a75aef247b45ac7627cf8dddcf6b26017f3aa20c8d099d68a149 |
| SHA512 | 8dd79db84487c2e3aefe5dbcfe14ba208c8739125b1498c23fcd9481268ac21fa091533edf27544bdde92b96a94e08f67a5f51b087143a54577d5f14ebd54637 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 628ba8d31375849e0943894669cd033c |
| SHA1 | 4fa6d50a37fa2dadec892474d3e713ef9de2d8a1 |
| SHA256 | 80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6 |
| SHA512 | d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 9446510042bf99532b01766c30fc2c89 |
| SHA1 | 670bf1cb1199501ac3c2af52ca072c6e18ab59c1 |
| SHA256 | aad677ed5c4458689811b5e0c3532827a9fcf6602e99baa7fd62b1a7fa900732 |
| SHA512 | 84c45125cb56f56ef84808fa9db47f7ae7618cc4a75824c22ff075bbdabc6f10bc195703e4c0a1c7eadaa9db492ad2c280e724ed4e3f50c8357f69c16df39266 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 4bc7fdb1eed64d29f27a427feea007b5 |
| SHA1 | 62b5f0e1731484517796e3d512c5529d0af2666b |
| SHA256 | 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6 |
| SHA512 | 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 7011d04c03675c1a8781e462d44fa631 |
| SHA1 | c5ed8051f347633da24268b2d8d234de8b81540f |
| SHA256 | 7f4e6f1c365783b8d95f86371e4ca0a1c76fd35140f4bc7c128a83477c1aa121 |
| SHA512 | 10ff7595bfa0a51741ba6f51e4f5f03dd3d50361afb0b257bafd548b879952c8204cd549657372af74623775d987fa3584d45fc3da0087e35915667a250d49d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 0f3de113dc536643a187f641efae47f4 |
| SHA1 | 729e48891d13fb7581697f5fee8175f60519615e |
| SHA256 | 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8 |
| SHA512 | 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | bd020e9040ce5d0e8fde2c6fe3ff32b9 |
| SHA1 | 1fc3668cfb1103b9dae1c8f6b74ae0b14186da39 |
| SHA256 | 4d79de6a8a36100cc1181fc7d01b0aba71be35ec6f5119e30effabfc4945c945 |
| SHA512 | 70c9ca94e8ea5d257cf2c7b211b5fde7eec6b0cd51e688c3e4553b5ed02e90a6911d0df5cf37f105b9df708da7f5aa3b0129990587957d98d9b8da0b0e27dd45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | f9d7c9aef654e1e17a11be30db91ca01 |
| SHA1 | 33b723c11219afca1a29848fd8d704f30f7393c0 |
| SHA256 | 33c33ea60091eb455c214a4db497629538bd6fa9501948469982513da0277e87 |
| SHA512 | fde2b9fa466bb082b0359902282f90688c61bbd0f364c1e60bcb923b7c7397e7b3f6c64fdef14fa1a54787c12dda9724688e86526e579954c30efef782a6e8aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 669b1563b95fce26d9ddc3c7e9bdc538 |
| SHA1 | 275e4ae2606a0da908003b77ea06b24ea8b66214 |
| SHA256 | d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667 |
| SHA512 | 09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 0e52c094a93d5bcd8875cce575d7da9a |
| SHA1 | de9ecbf399f77a497c96c1a4b3509153ad9751a2 |
| SHA256 | abafb66ae53e45e075a02ab40e19bc2dbb0126d83f4da5f1fbd3bed1a4b4fdce |
| SHA512 | b2cbb5075eb1cf84b9b24c2a2f3165675496d506d5e98a8868c18514c5740c366b5a29a925dcf6f6cacdb8ce6e39eb8673b15ebb55c5e9078e0d7eff631905cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f3da27756fa71a144d2743e5b064be3b |
| SHA1 | d00202a102aedd69792973d4de5cc2e281a3ff1b |
| SHA256 | 51b75d4e0b8a62744aa58e7414bc55d23491055a552869f7080e84930c282208 |
| SHA512 | 31d50fb61a75fd769c5ed340f75784320b863cf15f4d9a9f3d5e46f49585e083dfd38fd529cdcb20ddad9b34af97b30e1c9703d7849b56e92ac6d80df333d06d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 7525eb7aa22001b97867802c8f4f7bf5 |
| SHA1 | 310052312d37e6691455805436126167de70fd7d |
| SHA256 | d04a76912e0c936eff8579f4957d4b6322feb0be044b40bb9596a8cbeb2916b9 |
| SHA512 | 8f387009dbd1840469859ba9d5f36f038d8280d8d3838f2fd8d4e244b1b489aa348d0cea956ab1d3f235f88f434a32d11fb7360ac0acf2ac4b317088a85d31f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e7174953972c020bcb15b377a716f03 |
| SHA1 | 5b277350c9447473c1ded8cc4b3212903493992c |
| SHA256 | 65fcc394771e91744d0c37f7a8b986df3f1810b1870d3ee69efb49f384d6934c |
| SHA512 | 6cbc66a0cf8c8e3336729d294933b4e709408ffce870e1c89c4b5438a1691d393c020acfbca76e7a057687af8a22a856c51337a7c075b0ce1578f31e0d5e156c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8016677c2d46c8a2c909325c95e68cce |
| SHA1 | be47e6e3850c8d4dac70a4a79f80c067f8d76f1b |
| SHA256 | 2b4b1bed1df236c80f6c6bb9eb3c60e6f136cf6420b3440678af5938ba3f173d |
| SHA512 | f7e6ab9288b557a51c943df26571e16b994a299f52de4bad43e47b452f5860ea7c3b087958a9516fdf9de9c29ca87778c65490f87683ee8b50008ca01df227e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 28f461efb53333382f75612d4a88f875 |
| SHA1 | f1c483e102d85261240c540a06ff4e9e84a2f3da |
| SHA256 | f60656c45ad56b6490cdd808cb80420761e4c99b185e68d927d43384f50fa140 |
| SHA512 | e35466e347ef1b58d6542b46378c44350d19fa8cda4d2e2a3b294781fcd4f70aed198e5cce2afb9fc3878c0cd8469b418caae2dd21a2e77128e30641ef3c232a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 58bbc6a55b4411a3553b08682de54157 |
| SHA1 | 47a23000e263d47517af3dd7fd73eb62028ab264 |
| SHA256 | d2f0722616fe36cd5a0ee5d1feeb15a39f1f78c4274145e22c5ba2c25bcef777 |
| SHA512 | 12e269c1323939d25512bbb1cedeb17b9a13806f1cff000d52fd0ebfec0de9b218903752c3f4a3391c4368d61c3fabe3022bb1638547b39ab6a76d7852d500b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 70837299893ea5ef4e895143fba913c0 |
| SHA1 | ea05d6b28d78a9feda515f9f1f2e716bd8a8933a |
| SHA256 | e68da074a68cb7a29a20c8585fcdc86ec1fd995dac95da756ca0eb61899d3121 |
| SHA512 | 6fa8f05159a536b80761c81ec7e6d71dfda5ec2192cf8cc2580ee7621417ca67d339e19748b7c382928b828b4568e6a5decd4355cbe174598082f3ec2dea28d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cc61872436000a264ba977bc3019d96d |
| SHA1 | c5166241f0d608d51fe8f2ca7f72c55ddd3944a8 |
| SHA256 | 37dad7266bad9789e621368453dd57f6f9a785f9bd6f84c1a7d74c69a1592ac5 |
| SHA512 | 17bdca563e5ac20de7e79c530186cca242c3c36a33a800031dae57e4a16d90798a0a65d1f1fc36f53d19e2c70f54bb0736c64add684f4ba1fbc0ba2b08a8c296 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1f189b262a95f5ed479d35a4abb0b08d |
| SHA1 | 839042926fec01822bba6e991d5e2e503d71b6d8 |
| SHA256 | 4c3413b47b767171991ed66eca23bbaa42ac0c836ce2a3ecabf91fad932ca6fa |
| SHA512 | f4a1b25b22c827462d43b994a64ca0b74c8369c783295135d6232ed7b5be1f17e437ebfc98cdf47840ee6141625e15237776dea18a8d3b8be921444e742d5c5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9d5b44a3443407086f2b78df11d5da5a |
| SHA1 | 0d09e467bbaf81f4affc759547695d607d4e21d0 |
| SHA256 | d28da9d00130867f6eec24397d81e09bd692a3e51555bcf17701acd26c232f6f |
| SHA512 | 2949f7922d80afa8f49e79149f5913388b1ca6333140ef9d6eefd5464358964a58375a1772495066bcd137ee76f3e770e21d595ba7bb4bfd25d48115dd6df8c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2113fe61e34c92206b4cd3e31730ad4a |
| SHA1 | d74cc762905079eba8e6fee23322892de9c1608b |
| SHA256 | 2859067eb04902f85d6f68c1373aa91ab182bbda17b20d5f557f2aedf23f1a34 |
| SHA512 | 5e0f14c9f9b2c16bfa908010492c00db68eb6f6691a7b37cecd2f96edec6c37b5f719ef0ab59e09d0dec621d71598649a5e983f75fe9d1a0ea046b017c451d6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 72465a56376b61b662de015c47d7f32f |
| SHA1 | 6ea24884cd8437e32520d4a8d80def9dff01bf36 |
| SHA256 | 21808727a6259e7d38180e3db02f590b2a853acb5d4cf8a5f1ca01913a4c497e |
| SHA512 | 4fbabf191dbb0330e2edcda272635e90d207da036bace6a8b11ddac44114838efda2d4479873c63f1eb28f2e583f940d90721b1a9e96e4a031892c183a150f4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | bc0332d0d035e91328e1fff918dbc317 |
| SHA1 | a2382e2b26b63bebbd43ddd5df65dc6680cf4539 |
| SHA256 | abbbc99f1870de2e281e5502dd5c1124a53c221a1b14d8add1d583d8f24f6d3f |
| SHA512 | 3b61c3f5fcf9a4428740f4b56cea0063bb89e5c312624a9c7eee0e456d62fb4730bde6244aaf00384b2dd46cfe2a104697ec255da1dac214a2ba50d59f4ffb5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3ab1093b14e572381e534c543eb2ae12 |
| SHA1 | d5f4dd364474ca346ff7a49dd6af22b628bd6898 |
| SHA256 | 3eef00f4814a5839aabbc4681894796c2b71cc3df7b7b69a9dea3b64126ba35e |
| SHA512 | 7ac82fe56adc057d639b6e9e87eb3e8d6b9a7d243e28636a454b09518355d455ee726a051e3cbb4bc4667023464b7db9a934a67725d74deeb043f360d72a66d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8e0d316179adfb46014d19837275208a |
| SHA1 | 7dbc18c839d7419322091e11ccad5233df10dda3 |
| SHA256 | 1e617388f8fdb3d20de65db5e79b0058154f7b27966305e7db290f34537ddffb |
| SHA512 | 9cc8a075ae447ed8a765946ab64913d6ac8e2bb682cf6b30895f00749f05f13f1be5c2fa73f36693a940ef8818c22739d9005b6c3bd2b90d8cfc5b7e060c2ee3 |