2dbd1033a26118d27915184864ad2a0add89d5ee3153eca157fadaa62ad19af5

Analysis

max time kernel
204s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.txt
Size

168B
MD5

10a317ca10f0fd2af4bf2043ff8dd8fd
SHA1

c02bdb3aba83817ea599a004fcfbf09c419c326b
SHA256

2dbd1033a26118d27915184864ad2a0add89d5ee3153eca157fadaa62ad19af5
SHA512

192f635707607a716f2d12f191cbb12a42f65d1aa5446ea7a6fc6adfe8b1c88d3210488ceec2528d6e276593ed9603fac14939bb431b689702dd4f1829de44e0

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Executes dropped EXE 4 IoCs

pid	Process
4060	AnyDesk.exe
4368	AnyDesk.exe
1748	AnyDesk.exe
4512	AnyDesk.exe

Loads dropped DLL 2 IoCs

pid	Process
1748	AnyDesk.exe
4368	AnyDesk.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673546117431347"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
532	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4056	chrome.exe
4056	chrome.exe
4368	AnyDesk.exe
4368	AnyDesk.exe
4060	AnyDesk.exe
4060	AnyDesk.exe
4512	AnyDesk.exe
4512	AnyDesk.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: 33	2204	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2204	AUDIODG.EXE
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe
Token: SeShutdownPrivilege	4056	chrome.exe
Token: SeCreatePagefilePrivilege	4056	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
1748	AnyDesk.exe
1748	AnyDesk.exe
1748	AnyDesk.exe
4056	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
4056	chrome.exe
1748	AnyDesk.exe
1748	AnyDesk.exe
1748	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 2332	4056	chrome.exe	89
PID 4056 wrote to memory of 2332	4056	chrome.exe	89
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 4272	4056	chrome.exe	90
PID 4056 wrote to memory of 3312	4056	chrome.exe	91
PID 4056 wrote to memory of 3312	4056	chrome.exe	91
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92
PID 4056 wrote to memory of 2520	4056	chrome.exe	92

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\file.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcd395cc40,0x7ffcd395cc4c,0x7ffcd395cc58
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2336,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4420,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4688,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4476,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4572,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4528,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5172,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5660,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5680,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5668,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5708,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6128,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3524,i,11474244384219762994,360090929214578577,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:5076
- C:\Users\Admin\Downloads\AnyDesk.exe
  "C:\Users\Admin\Downloads\AnyDesk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4368
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1748

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2380

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2204

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4744

C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c55ce8ca2f5e2240b9366acd9a3ecff

SHA1
0cd83027ede67060822991f415b4d81002fa52aa

SHA256
01fe941b7b5d4960b8a3499b142b884ab8b2d0ecac3d60abd922b04ed9790df7

SHA512
37a199fb1f99efe9a4b98a15e6cf27ccea5beb23dd4fe5f4f9220deaff69a96fa83ca300dc53070e767ea8518f78b06b6cebbd6421fcc1e1f2525a0151ecf44c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
e074df61228cb7d83fb30ebb162f5291

SHA1
c9fdc0893f9ca19669a2adbf3ef2b1898adf4c12

SHA256
3106b2a67dabc1d6a11d09f6eb9372966069e8ad8a08c9f7c7e390b2ee5f1e97

SHA512
2500960fbb8dd3e1059a4aee1452d87858ddac29256fea0cb7454c656ef3613e986bcd6ceb99376c0cf59e007f36687fce46711f742201025f4b3da403e558a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
273ebffdcd555f077852a6321e54771e

SHA1
92e0f3ac1bafe16e1cd2fcf9382a2e486b27d31c

SHA256
f096ae5c157f6437d5c5b6f64a8d152d9fa8ad21d371d72b93e0f6cec701cbed

SHA512
cf1895a427e452992b50a3b9c19256f0a96e29e94e169d367c8cc8aeebc22123b3b7dfca03ff1ec2d8c0135b71ec9ddb1fa44fcc07191bf6b64064a4f65d0171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d61efe19411216a0f8a6a359903fbd1b

SHA1
7e304c8961f9b3a5280b70a3fb0a7cae503e54e7

SHA256
a451c6e4b4134dd00c43238e307c40eaf90b2810862ac822e079b526f1d97788

SHA512
6bd386f1351624ae10f2736c6a104c18022fa57c6da6cc958bfa35ddd4295a5e696ac2bcc002ed18da85643ebb17e729bdd15186adecfd7baa9b3557bcd8c733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bff0e77e1df05a5285dc76a76695ddcc

SHA1
2ab35208811e3d525ed462b9ac30758c69d19ca3

SHA256
8882c2097bc5452226baeb10c302ce60498579d88e1aac7b9b9cc94d46dbc79c

SHA512
bd03243d93c86d7f5ffce3874d2b059945270494b2cb8b6509a25e691d07bb643f3d05cc44caa7ffb4b42bc8c934034cacaff6e214d2181890310913a66da9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3ec504edefe6a4ce7ecbe28b8e2d7b79

SHA1
360be8c09c8745814c098051a904e0eeae5792a6

SHA256
b57d83cfbc8e9f04cae0d7b743f53c332ff918c69d162ada04f97b88f1e9af6a

SHA512
3139f11f144f04268b90e75c3ea724eb59e80f1d85733de27d8e129eab0416c9fd50ce0dd38b9fd0adb8587c6f94a616f5a6dce10294c72529e82a61dd8479a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
785c649f550316d3920d5beff0c88930

SHA1
174be9aa96609c6a4738a605331109a6d7ccd085

SHA256
a69e99cb769889499f6ba59243ca56a655e2a92a35b5661259b297713265704f

SHA512
cfd665db500dcc82e258db018ee0d096c5bbb91b05e4cf5ec835909627b0728cb1c7e2b4bcc14b5f3adf163cd42efcaf50d11cb13bebe292fbebb3c374389bd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt

Filesize
105B

MD5
38f7eed7a4be49951644b0e383634506

SHA1
17ab44a2ba30395d4083a33ad66d60f57bdc9402

SHA256
f22b4d9ebff6d5a702159acc9794960f14072770fb25f5ca7fb5fb4f9f164866

SHA512
e025e1f3e5e947866c6dc4fce415acbf82716f42c5a68db4f640823eb3ce1aeab48d5bd4d074d74c80ca2d61cb14ef784e400e0f76e806cf97d9400884d0d2ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt~RFe581d47.TMP

Filesize
112B

MD5
5d1cd8cfc5d77a5f42120b51b5e8136c

SHA1
9d1816a5dfe856498ef95cc0b2418c261cfa7f5f

SHA256
bfca405563214816c2c44b2cd79efbf9fe3cf7e0230fb1327c69d531268857bd

SHA512
f57700bc6756f5c04993cc2522c3eaf3b99bcfcda562d41796512d4c3fac8aca2bfd55cd1f28fb3388b8dd8bd71d71986debe04c7612debb47812c43e0bd0c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
6605ce9e4f25ba997cb3e9d4280478fe

SHA1
da43e4f4279da45bd58d35788fb43049100c9e08

SHA256
7ddea72dcbda5957f8d224d7f4061292b5b1cc34c77bb0d2f031488bbad130bc

SHA512
7e90d70534dc408462aae3f69ce25b649b11f46e8d3d6edd3b04d8e3ae5cde45534353daaeabc30f3c69c8506cc3f2e7be24a8ae78fec8606155227abace8b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
c2560dbea9af96701da468ed8ad79a47

SHA1
e7d3c86bdc97934a9bebf90bbfc2dc4ba95591b5

SHA256
9e655a47006264182e325fd405f9b9a1b8437960dd4cb0fd6488ec82181d544a

SHA512
7b862ee969576544e944c417913d4cc52beb2b3b69cec40e5d74e4b24a2e85ddb72f32494b5d838d78be546ddb1065d3a43ea3d1f0591ff416e3fcc11c8bae35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b27ea42329bfef5f009e8953cf280c8b

SHA1
9ea8a737de7651bf332387a619335235ec373323

SHA256
9ce4b2d9249826f8a5cb9f6f53cfc13894e47106da9ad0171d217a619d3f719f

SHA512
b8a1aaa9cee2de66a8a7dd8ed0b81f88ad07704265664d1cde64de37a4af2507ad6aa9426cbab3d903c9260f4bf429fd9b0e2fe4bcc0450ce516938bf58109d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
7KB

MD5
fc56e1b0a19c3ad85daa5e658de248ff

SHA1
1fd1a1abaf4838d45b6fc8fd47c796f85b35d930

SHA256
efd728d056d8a9a368f4310ba188b5cbda80e2e784de2ae859e54718047311d9

SHA512
c9eb348df55aa3bc2d654e3c4792c8f40ee163ccbdf889a5517b0807d8f6d0f857ade3c2a97aea50ec1e086dbaeeb4bbf64d2cfd90c16a0c8c17abcf3dd93b1b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
a753f4706f9052a9a0f183446ebbed5a

SHA1
36c375622bde18850af108a81b6e4afdf80e9a83

SHA256
e23ddf14952492d5a86b5613499a75bc327faa06cc0650eabd138eda6258401b

SHA512
36a67047abe4a1a1f4f399fe4d93413e8d61e00127d70c98c4006c1cda5f407b42e3fd9fc99f84430d391a575bfed72fd76e8b7ab1f6b5344d42fd8a320c198a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
8750b9d24d9e1d86d162eb420a2a639d

SHA1
6731599a5ba7d8520f8e561396ba84c9e152dc2e

SHA256
37bcce00a0e0ae865e6c46234d5b79ca2cf958f5dce8ff4c3747a1479cc5e8d9

SHA512
67b1716336b8d1b4af9dd7b35b37a6e3a8196f5305f5f29b69f60f45f4dd036508f0c0d819e1dbffd1bc437aa0cc4d0583fce1acf29b1c3f1a234e5ba641ea00

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
37a6fdacfbb2b096a148e35b6a8fe34e

SHA1
4c9d232a2c50d643e5bb4c3c05ac2fdad605daf1

SHA256
5c344cd0976312ec12e39d22f8d638eb61fe3155e714e8afce7facb3cdd7ff9e

SHA512
e8436e0f351481afcebce3da32ff1fe5133c4440323e872882d8d72f4a0a5ce34e68cbacfbcbe968022b5328e47aedf53ebbd88d3bf741840a59fd4188e2cfe0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
3e0b5493da644fe4d589343e103b12d4

SHA1
34e6744a4cea18493247c67b3e45c0918fccbd91

SHA256
979b1f05525d5be08a359787bf3e6722d5cd7556a9183724f81dabe558bbb97f

SHA512
f4178b7b949d6b583255b9861dbe16f9ed6cda70fdee8a17816b7f32fdb27f1459aa2e25b05c3e42a92ac462334deaf8a37b4fff8135c9a2548b436e64cef4bd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
468B

MD5
a5cc2d00c6f9c61665f2ea1c13548905

SHA1
24d0568fc046e637446bc6348f47da4be4da3272

SHA256
34398b5258d1cafa671ce85eafbff070c5f309ed5819b59f3e66f4b84f0ff8ea

SHA512
d758d7c3196165bc9c661d93d764e6a4e627faa6725df472a71492f7bdcee12bc2ca3256171976b1a88827ce9ab109afc76fa111c6f9e7569bd44dd9398cfca2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
766B

MD5
74d43634531d82b9f8d4974935a9fa17

SHA1
b08ea3311e0267b1d561955e45c32cff639bc3ed

SHA256
92a53fde4dae683407686a2b7791bc29e112482c4a114e54929a49a7edd99039

SHA512
428eb860c77ed2f481bcd3a2a92b787ec13d69a5a9fb1f30a8394f6b2cbd5a4396ca54bc85f7f2a3c5141fad889dbc48f2f393d5727d7b01b5439e65cfbc8491

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
774B

MD5
a558b642adff0cefe067f50a7d2125dd

SHA1
21b57bff1b18ca0e655154f80cf43ecc6ce84a54

SHA256
62711a038518db0df525ae37ab4a998f08bf428a1544924c3a5bdb26873c6db3

SHA512
09491d43b4a8438ad3820f2c2d200f77727829aadef9a22e074c1deab1dfb93f732c91bcaa011cc9eb7f483bfd970eecacea885470aece44d670f45b8318c7c3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
831B

MD5
d90bbe1a569b409b570523d3e136320d

SHA1
381d6097d23b00cc3ee3a25f58d9ecbd12146929

SHA256
93b4be0cbed458fe1bc2600dd8646dff3339305b02ea6820aee333e225effae1

SHA512
ede421381ad894319678bf60c270278ef2a75ab571dc00636d8eff7987c23659d00416bd10fcade6c3dec9c6a1110e1e3091310295c30a7ad70c1dbfff50998b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
bd52853031e0671120c0de424a8d19a8

SHA1
94d2e9e64ccefd6dfa0ba56939940babf70852f7

SHA256
e96491992269f202492816065b36a59bf923bb5ad54bfb094af148ed26547e3d

SHA512
3d0b44d4b972dbe45c3168b82d4cd0c2c83915ae92766092f8c394133a59ffb29bd21b582486fd71687dfd216b3819961cb2f5311fea1b1f58186dc28cb04ab0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
6f47456bedfeaaac63fecc42db1e4fdd

SHA1
43b2be88d3524147b0db46bfaf6c806368c5677f

SHA256
192c9d7a5b5640175809324de14b97ce3ff01871c9fd3e82201bc800111fe2ce

SHA512
1f63e62b52dd3a01fef89bef8de779b676d4d16d9b756e9a666820d23ad8edeb7df5593788d5fc5281802fdf026c6239c4298bb22b2d3a267ef7133b8e27e283

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
3b4f220a7e5150ae4d5d971e0c853ff0

SHA1
55bc6ff1e7fafda77613251123060f5335fe8cef

SHA256
c1f2bf490c8a59ea23ef6965dced3e7482154dadf6cb1bd55fa13584b1166dd9

SHA512
04efb673fe635ff13e27a64f219b97b0aac93c595a8f3040c412ba957f17fecc041a8c138cf3ba18bef4cbdebef87ecc3989a08e38e44c726b4731d7b68ca99e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
53fb1ffec6ad8ed809f0aa67eb22551b

SHA1
fcf76e5f1be44b9545a53062abbd3e00a13d7e15

SHA256
d0ddd7278dfd3ba7ad35dd3333788902254dd0863b0e1d718fa9b292a96e00bf

SHA512
43ed0575ffd5789a1aced3645a84b5020cc18a0c2f153c262f5d6fba74abc856f1c2b0d5adc51e69fb09d772dc2860cef20ae0c71aac149af3a0c2b56da87648

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
8c5bac139c6a0caabb3e5d6a133031d5

SHA1
a0db1b708e8c7efbf6258a75a7143bba9cbd445e

SHA256
e3cee03d287e610796135a3eb5d4ed3f0d2539db5d140466e4fbab48e1eaa2f1

SHA512
444d89882225baf3957032201b28f3e70677ffef6534ee9ee6548c291cf79cefc0c234a12d87e46a80e1a305785c1f846d3e8b9b14f73b08e0e6934043f485b0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
b71cd421c3a804b621520fabef08ad97

SHA1
11c0f21b07436643a49076928c413b5e0c76c048

SHA256
c9375ef3f824843ae7d4a75ff1fe8c45fbaf5698ad39d6717a84f54c58ff7912

SHA512
ac042108481d1554c781a6d4ba8ea4c5506ce58c75c588e7284b971ed2d129755d965e94392afbd516c6f43c71468de335742cb200d26ed1b7318380b3409148

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
6c3ce3224995d7b5dd1449f1f292a58d

SHA1
297c7092c478d28922c71f649afc3475750d5e2a

SHA256
f020844a243787891b0b0efbf434766fd0779a1f42b64debb7cb19f7373baa44

SHA512
fd1e0929da0d5521627e6dd0ca5217ce2fadf5331c74f8818259868e48e9b7e0ccca68534e1a2081358e839d504dea799c0183a4e05e9d6599faaac857253f99

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
207bf7dcdd3a60afa094101f490af68e

SHA1
294ffe63c73f2e209698c05d04e042edd91b126b

SHA256
39fa4bbb68030b810bde176e327a09e4d006e9f6981082772fdc30592229a69f

SHA512
bc04c36e8d3d952fe7ddcd777a6dff8001a27d93b24f78957f005672a299e04dd0db8cf3055190a035cdfd961676f72112ff3c0401fe60eb9e3eba2c25e27954

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
efd40e36b4f251352e6ed3c0b7182158

SHA1
3b9f692fbcb6793263251dfdaa302f2be7442693

SHA256
b9243d6326ebbb984650417fda2aa0af472ae974d9089f1b02114e4b7c70c332

SHA512
b5ff7e99b3d12c0d33d9fb7994f44b43e6743199dd8b2ba5d85cbc06ca7192fe1b3287e4d305845d83e4f56b339198c590b146d2cb501e51eeb62c2b57e1c74d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
b98f1978b3e3d8e18ebcac95debab252

SHA1
cdbf9c53bc5a8fa80a20bd628ebe6bb99378e6a7

SHA256
ea9ddba0709530e9741e04c6ea4bbfa513fad6d579424b56dd1652cff1cbea09

SHA512
68cf4c251106da0195a0501d47b4d0deac5ebf0c03f49adac11d52bb0f0f1ea750fbb6cbc454f734a628729cac517dde018aec805b2d737a2019e8480a533fc6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
39cf4563a30724898ec2513cfa957a9b

SHA1
834e0e71dd4daaa47d7bc3320ced451e03b0ece3

SHA256
a58d28b0e3c84785225331b8349b5b2a44fba1972ac271273f5259287591c9d1

SHA512
8b4436ac4a003f57153cac5b3f292cab01f104872a79ebc6527fe4bc9afff5da75836c490feb6c6d7a4b53c1e6040b69d1b195eb9cffe586441f45e4d696d7b6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
088654f0a74b7166681529ac3a02b500

SHA1
461428a933152dacbcbd36fe933a9725a4e06ab9

SHA256
06d35dbaf0e49b62366d337c87fde0885753cf326e5b7874b05b2e4f4c38f190

SHA512
c1363e6040c17244e19102a1e3f471be04cdc2bc229a08228ec0872ee4530b66c330022599088d51afad4d057cc0724e466eb5920375771dc41593904fd65a5c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
87a00dc18c640899d98dcb0c66840eca

SHA1
3a8ac69e1ffb9ecc2a276f8339b3adfa8ed6de6b

SHA256
0e2c2d04f6e03403b26584f9045e09d5fb61f60293042d87ad2c85231920e829

SHA512
06a340e11e5408b5d72b24bf4750dd6fecd4bdcaa95cb0aa33b9d713d618c179634fb0277aba484860f3e56b064f926b7f65a54bfc9685bfde646358f3ed4de7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
fc0982c6f88230f968a1f17628ebeeb8

SHA1
2dedd3aa65449ffe69266ae06560c5debe97a2a3

SHA256
9a0d6f0993fdfd1aaf01256b2ba863d07da967fcd705c786231e15e5b770b588

SHA512
47d8ac7ba59c54cb1d52cd32d27dc206b9b421634f630b6894e67b95374a3f915446f9706179dc56d51bd8519ce3438dc9236ef7f21cbe34422b347357d6252b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
7e216cdc83442fdf019a76511e361544

SHA1
1ca5a7af388fd8807797ac3ad29434874811d91f

SHA256
dcc89e5ce8f6a81bc84d45d88a6d4311f07080a6264fff06ff7cf77ef928f877

SHA512
6862826133c65cbdd0e26ff4d2cf2bee4480740399bb0cc7fc44721c396cfb0cc04469121354cf458ec234f010b31967b0b3646250b213dbf44c75ff5b892e23

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
62799b48c3c0705c47255e8c2d1b4b0a

SHA1
54646ecebc36d062da3f432a54293f0327ead63a

SHA256
1bc822266b96cd3e5fcbc6b0c2ca1b91adf7ad3018a8de50d0d32ffa5f23d89f

SHA512
3a16d45da03eb933625c50404371c15039fbcffb5e432272ee97df969bc9e815f93db81d4f9f8339c8d5aae6fe22bb5355dfdcd1b0457b854e73c4d5096a7614

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
33ebb1cc83e85aba85f5091c17e22995

SHA1
c1e9a3cc6c7e24aa6260100edd89725fbd92fe0b

SHA256
2f84ee75a6b02dea818af3868ca4c584682deb9f06a06ca46450607ac32bb67c

SHA512
5aec52960f6fa0b3d69563994ddbab9885953113a52c70d1ba5a4a5b435fed01ffc9826832f8e417f2c9fae1e0195925da065406efbcdec6a74e3fda5806fc4b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
b24ea7fdcc896b58ad850f058397d7b6

SHA1
e923e180aa6be489c1b2c2845cff11deda2a7d47

SHA256
064bbef3f7fa53f63758c77ee14d0df90c748ac0f39d77ed7b340bb6ca09656d

SHA512
49012ccf743fe2b68fcbd9e7124483c8c85258396a15f9973fb506265660ffd03f3a045a92dc0e90b742c55757376e06476c3a3976e42c9c2182559933e744df

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
ab4b78589f89ee96b04477d54d1178e4

SHA1
d4afe6d58ff417182abce382727d9d772373cf27

SHA256
9321932e10284b6c148c7725987219bc4a8df8dd424ab0fd1864f8dc11d17968

SHA512
ad6c48e4ee3b3d7c0082b48542eaeb4c4992a34e502aa52cfa31cb41298f714f364fa482349933482bf9aa0a75504dd0c4d81b919b08178c748a7cc2fe8949ea

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
00d2f3db72b0d4a4e45720a38bacc4bf

SHA1
5ab6801c1659bd3c5a2c61febda6924cbc7b48cb

SHA256
08cf783b4cde30bc4e2143bc2f04cf4915e57c6cef95f80daa0a43ffaba9524b

SHA512
c86fc184a3326e330565d6cf52caadd4bd076e29a9fe676aece28a6498730263d0e5252334491b7c81ac14eabc4e5652b7767fe136cfb595cdb3e988f8617ee3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
1b13078bdaee565fb65747c8de4adbdc

SHA1
29a85802af6d51be8ae9aaeba7d383da69a52964

SHA256
88cf6fdaabf03f6a8418e6c59d9e4ac0db4a0057f33ef4e3948f79a9da94e704

SHA512
a1e9cfca9515cd551a40618b1e2949cf52a38da1e5788cffd22457aba72832b88c92452d341220e9ee2727f90658a632399a483e7647483a0ae57ec5b3163138

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
b3e263969e7c6eda47a787dab2d81ac2

SHA1
adfb1ace1f3365f634343d5a3f3d96f38befd1b7

SHA256
497e7e4755bbd311d38458765ff9287fb84a5b7f06944c8bd14664c4c71e2b50

SHA512
dc661ee94ab178fd9121276f1eb8562a6331e9c0165ab6565f8cacff7028fcb7d2b60847f42523e01ef3f0e0e67b6ce27515c1f0308f93bf66133377215f1de9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
a054a85eab6912d9f2414187458ca093

SHA1
c79e2462b4d7420a305e20850f39aaf52688ac17

SHA256
95fc4bed8d21450a0173c24cf1f6f62c8d521f128200f89301bf75aefecf034e

SHA512
699ac47f288ae8dda7b1be316f430ada89648e6fd26c445b493f3a324b24fd7a90a25cde2faa0f2b773cd740bdcfcd61f77188cd0ea3eb7a1ced3e73e8ec0ef0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
d5d982a442d995c2eb27f603790aeb44

SHA1
8ab0b532b569ffb7caa7d0dc9fd932d82a8b087e

SHA256
7a6e41b27644241c5dc2478665bcf23c8fec0a70128fe377bd06f506d86e63d7

SHA512
550877a4198acb15144d3c01def5e5cd880c9cf963d5d2ae1a82b38cffb0a90998e6c52ba65299e20034a9369e2c2918ee452088381e8bd44192130ce3cd0028

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
01c7a296f1eeca7eaab4a1565c455626

SHA1
e179277968ebfc14537a723fd458b97823bda56c

SHA256
d27fe6bc325d518ab238a241573d8d5d9aaae062a53d8147eb5a1479a3afaf35

SHA512
3143492603fd9b7cc7e7ed69a1e3f5ad98058ba66d4ed039013cdb6883f120c757c4dcdb2bb58814447a0e9a87dfeb32543e51a6c86c87d45b9682347e24cacb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
d5b7cafc0ac8b3e1d29d3f8bad8090e2

SHA1
7373be13510ce47ad5f2a84bb409e005715d629d

SHA256
2448de17e3980968370b6a69f6ad366476e5340b48f1f55142e4d5be50d6dd26

SHA512
5368dde450420a92b3b8881c333b4776a332328a13d53d73e5cfbb179e499f8dedf5e0d8d9cfd8c37f2ae05660cc1fd09c2e03d29b461ce55791a9e7597aadae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
5fdf084ed7e504b6b9cf363c370b48d2

SHA1
d89f165cebaf7e71a92d61734312e269161fb4d1

SHA256
dc2ae526aa0108b637d4fba8e4137cf9d1b82e573ebdd4a01d4a40c11ddd8d41

SHA512
0d7b2adf32e5a8171bd8c43bca637bc85f82998651fb02f6b9d6f13a1ccfa573aa61c79c6ebafc87f6d92734b38beec2b32a23f6581cfaa6939743e42f336774

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 260965.crdownload

Filesize
5.1MB

MD5
c8246dc58903007ccf749a8ad70f5587

SHA1
0b8b0ec823c7ca36bf821b75e2b92d16868da05e

SHA256
347e7d26f98de9ac2e998739d695028fa761c3f035dbe5890731e30e53a955b3

SHA512
02f5ee6fa5365498ea537f931bab82e3d95178cb8ca42a108030649283290520c27490557a2b642649533b935503ad240acedab005bcbf3dd7691f5671caf975

Download Submit
memory/1748-371-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/1748-914-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/1748-744-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4060-359-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4060-779-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4060-769-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4060-875-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4060-742-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4060-828-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4060-838-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4368-370-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4368-401-0x0000000005C50000-0x0000000005C6B000-memory.dmp

Filesize
108KB

Download
memory/4368-402-0x0000000005C50000-0x0000000005C6B000-memory.dmp

Filesize
108KB

Download
memory/4368-743-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4368-913-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4368-398-0x0000000005C50000-0x0000000005C6B000-memory.dmp

Filesize
108KB

Download
memory/4512-876-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4512-919-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download
memory/4512-938-0x0000000000F80000-0x00000000026EF000-memory.dmp

Filesize
23.4MB

Download