bc747e3bf7b6e02c09f3d18bdd0e64eef62b940b2f16c9c72e647eec85cf0138

max time kernel
86s
max time network
87s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10-10-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.2MB
MD5

37e172be64b12f3207300d11b74656b8
SHA1

1895d7c4f785f92e48b5191fd812822593cbc73f
SHA256

bc747e3bf7b6e02c09f3d18bdd0e64eef62b940b2f16c9c72e647eec85cf0138
SHA512

98cf7a591beb4af2066ddd9d17caee69b3cbb42343cb4dc0d517fb99983159ae8e960c315030487b3ea22b2512359f108a6cfe15ec3b725c040ac06b877c88ff
SSDEEP

98304:pgBOLscYr9NrQO6lSdAd7qvlyBhbUhrZsTY3ycd8izlxGhzAqK3:KOoc+dQO6+Ad7qdriTYlfzlIhMt

Score

5^/10

discovery

Malware Config

Signatures

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	23	https://app.nimbleway.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8d08b2f06c249559	5

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133730587964937540"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
788	AnyDesk.exe
788	AnyDesk.exe
4776	chrome.exe
4776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe
Token: SeShutdownPrivilege	4776	chrome.exe
Token: SeCreatePagefilePrivilege	4776	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2216	AnyDesk.exe
2216	AnyDesk.exe
2216	AnyDesk.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
2216	AnyDesk.exe
2216	AnyDesk.exe
2216	AnyDesk.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe
4776	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 788	4764	AnyDesk.exe	78
PID 4764 wrote to memory of 788	4764	AnyDesk.exe	78
PID 4764 wrote to memory of 788	4764	AnyDesk.exe	78
PID 4764 wrote to memory of 2216	4764	AnyDesk.exe	79
PID 4764 wrote to memory of 2216	4764	AnyDesk.exe	79
PID 4764 wrote to memory of 2216	4764	AnyDesk.exe	79
PID 4776 wrote to memory of 4476	4776	chrome.exe	83
PID 4776 wrote to memory of 4476	4776	chrome.exe	83
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 1980	4776	chrome.exe	85
PID 4776 wrote to memory of 2912	4776	chrome.exe	86
PID 4776 wrote to memory of 2912	4776	chrome.exe	86
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87
PID 4776 wrote to memory of 4100	4776	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:788
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa09dfcc40,0x7ffa09dfcc4c,0x7ffa09dfcc58
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2088,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4404,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4228,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4224,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4412 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4244,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5224,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4544,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3364,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5152,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5148,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3196,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5364,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5480,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3324,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4512,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5804,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3088,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5932,i,2021088306256530758,5167105453944750239,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2492

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
109KB

MD5
24e2a32e7e8a190a08af9d386f5b59b3

SHA1
4a609894398d5e85d07af10af19f85edfedb7f17

SHA256
a99e8f750e7601902e9fd11052906362b1031381f9f6fe63ffe2c4cd2b8a6d05

SHA512
901e49d54709d2232b1dc521a1f91098d38efa173d1a40247019dbe74cbf624fb2c546f4f643e24056137b08c3365cc2cd67841ec522fdcd5cf77ee9d613f8f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
43dcddaee6959aa1e183a4ad3ad4e939

SHA1
af8923edf37927315ca6c1fc9b3249487492d1a3

SHA256
904f983381abf0ab22813e5dcb223664223d28aa47102958c3caec7721bdef2f

SHA512
c10f3b93097dd4e0f92ff25b5a65a7f7fb1a769dd5b946e2425ceda25aeea0d069d7cd4d6ef0ce3be8146203990b09359834201d98beb07d74158c83847acc32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ae1c2c3ff56ea3e544af87dc4da3ce2e

SHA1
c106d469e0a2970258dcf52d3fe926c79030fc70

SHA256
aa98b8acc26da3e823bcbe15141dda3dbad1250cdb48f19f7a3d670185883082

SHA512
fe78bdeae5f3882468825a419b286898ef056799d9b407ecee3ad15f2a9f2a5ded97daa576494c5389ef2abb5703e7ce9ba4f29f39f738ccbcdbe8c845ee2c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bc7f7e241e4ac190fefb9fef233d3140

SHA1
ad4590b2ff2444e163dd94f903bc0beeb55cf58e

SHA256
de7d337d20a201d4b37a6694ce917af0c853e6830a3ff374fe77dbc0989f750e

SHA512
6ae03426b13caa468d0043ec2b3599b549f4da0dbb83ed5a54b01e690cc0a99fd8bdf2c6a091e2ab14142c8408f0f481f8b2762c4926a3f0ff6ab3ea13318bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b13dbe4ac0cab043d2f5e42b3c1d822f

SHA1
2a4bd0e4a7d048ade54527ff3accf5205f826600

SHA256
1e887e3569dd8bb296d39bd853795dcdb191c872c31d88855770025c7720f2e2

SHA512
4d57b735f182d9c0f41c087d1c9fe32223f4ae06c2f8f72c9dbe4f303e5f0d422a12e58e65f528a59b9dab53a4aca533b68f43d6368c8aad7f9edb1c7a31553c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3a89e9704ab5e6beafbddaa66e41c23e

SHA1
6a20ff1b111f09565c00c661c0d7c08fed79b82f

SHA256
24e2d468f4bf107079cb0391ba01f9b230449cb0d2df32e98cc3cb2cf84b7a80

SHA512
dc91aeccab6f2a3c83a39098caf20f62e9d912e775dc43a31e8baefc1a0e7d4c20364c6ed376baa569576333502c9fb7701f22c4f7fdb034e42d72f3303de9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c923e3375bb53810555fe81bcf4e84ab

SHA1
6837c40287a1a1ddfd26a94a37244ad300a5b6e8

SHA256
61067a4551bfea07607d68eec6e4814db693ae278deceb52ac6e41a86f1007e9

SHA512
616f4eece0b90c598f5117df47ef353a6c733741783830bc125d21ab310eaa85d8a2aa06626e815988192fcb2612212e317c7a238d1a0c70098b1caaddc27808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
aaab03790b6630b9f567b16e689744fd

SHA1
9b1e5da6ba87150a4e6dd9b089fdb0b3e70b7bff

SHA256
7b343d4754ed9e34760dc012160396a9dcbb19d9c105d52a0103bbdd4aab17fd

SHA512
45f7b1bb8ffb56a2ec0cab51795432b9f3395d348e55a8f36e57806816c1384b1c6165132380e63b76dde9ee463651885183f3aee7637e828f1ac6a7629875be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d01d7b6ad42b672462701385bfc4b972

SHA1
3512d2bac22fa220c75922a694c8772bdf92f6fd

SHA256
47c01ea60ecb7fbc0dfff4a257a8ac26fbe976338bc850f5de60306b8466b2ee

SHA512
89a287ac1bb8cbc605c4e74cfb921818da7e36199732c8f5f615106c708ff4ff604569c2b8eaeb25a71e3c59fc1724c9d89913695a0818ad75e159114d6c99fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15d661254ec13818a954f20d34cd0f3e

SHA1
d909772394026c8ba15414b30f6befc3d7e3a33b

SHA256
cfef68ddce473c7fd2935b4f79320170d95327d27045543e4672833868ced7a8

SHA512
38cfc418ce1b5df69d8bc3a665c33d6c516259f126af6115cd3aab68706593c264370938e617eb858199964556f642566a8c08b56158ee9f9d2a763e771d7e8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06a02a014cd56fe8cc8e29d24d94f001

SHA1
8e2c158405068c1f3d7075015cc6bf0f5f5fd032

SHA256
1d64ba3661898f335af860e1aeab4f88e42b61b9828ac3371b65b6754d1d1f36

SHA512
2896a34798f2e213982486322e9455f75b97ffd381c6de26155ecd8a611977400ce6feeee3d6d40f10fe097fde8a6de775e3f91541ac5aaf74a0ef388e15ae9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
098e27532dedd2f6dc9baf25321968f7

SHA1
f11da0ae40d5bf88ca7271153b597869c117730f

SHA256
fb1790a3ceffdea451ba565a9d8f1acb76add71ede0f145c5b013d799cddc7ec

SHA512
ce4ff2903e86df0720f1640eaa1eedfa1ea7d42361613fd09075c11439ffe9da31dd03710755be1dfc44eccd1ef5a68896cb2a9aa3c3481702ac952c6b9165c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67abe12223b575d00215b6625fd4c7ed

SHA1
60fae4ba59a354e6b4390490e3461d85b976d112

SHA256
9e0e2cf8c9385c4727ed61317407e5122a580a42afe626eb73d2a1bde9a6a34e

SHA512
5706dd617bb98428626ef31965b7468c950bae0b8d7b3a38147d0f8060c5d6299d3a7e6bdb57aac2b3a1571a71751357d975f80175799120d3321b55c5b24f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9332251971a7db44467e1eff958c7d7

SHA1
76554c6932f5f28a64ec15633f66100785bdb6b7

SHA256
ec855405b412689aa414563e7090726db3779cdaaef2e639c2341ee538652866

SHA512
31ce741205fd47cc447ad0331928f80c4a03abdaba85f9fa4c2f20098c5cae254108fed4f4c12373c8cb9c9499bed1bd0fcb8ce8414092b2d76beb12662733b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f10c46b7996327b726b62c32c7de0ed1

SHA1
91df7dc6b4a71f0ec432b41b64f0159f1840f5dc

SHA256
b5dffa6ff3c361d1d10eda0e368a1b41fc85a4b280ac5d9d879ec5accfee1141

SHA512
aa0cfdff614ab88f625acb7e0993076ed9e0ee542e7b8d6f1fb777a70ef47e68f2fababac330f6bf8927a18fb47b553e270053bced08b7da99ba7b918dc85f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
bc5eeba50de4f8690a91bcc7773765be

SHA1
61b08c8597e25006c250a9a8793b73d0955ede11

SHA256
f89e3106fb07303f6b21375e562902178c348a930d05cfe6566443dbff58725b

SHA512
5351a3a0f394389fa6cb1ccffa667a2dbc642f68576e59ab00ce661c902256279dd2bf46a5388f8a148809ace37f893af015ee698b7721d56ac9c42941afca87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2f91cb303732cba975326027fc32b8c8

SHA1
aa3f1866e56421779437a293da176e4d12755ec3

SHA256
5044e90363cf178cda61452ce152b7254c61e5a482d884611f2be18983686679

SHA512
5efe4473f8d87e26cfe9654fb7c338ba96f75ef5455fed896090cfed624dc1f51d0cbee7ba14e23a3176f47aa33f08ff76f59b47616b843dbea696d7bc8f745b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
60bca7ef2dbd580dfef0d322e3d8ed69

SHA1
f0b14011b57f05f8940433f3f6c571a8d88b3a4b

SHA256
54582dbb5d4b69d568c07116bac3cf60cd26f90ae826af371a936ff5f3d1d90f

SHA512
eae23d69fcb8ad9f084b899d2f51ac45559caae4861bcde1742cbe33bdfc1658117eca105c9976388d87e2b56dcf624bb63d537faa44f62750495ceab991c9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e79c15cc371c5b639eba2a837f4e8f17

SHA1
7f418dbb5255a318025e4aa6b8c593141b62d220

SHA256
b13a597201b3a00792704584449899b1275c5dab34e59302b201f8874dd890ee

SHA512
9b424b98de195aa5c6074275584e6545e16277131a6facbf87aa224ea306115dd878c15c4b7ecb2962986eb8f8d9daece504d3f93c843ab97741aa3569337e95

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
94601c8142c366e19bca76cc729b4543

SHA1
96e67b0680d3ccdc001785337b46f3218a3f8d0e

SHA256
6c101f1fd21d633ac7402c9d2447d280621ed532a17e1c2b348b2ba3cfcf95af

SHA512
e83eba9197752d439f5fb3ebab95ed86a76d953affc5208e3a1da497c7b225b64c54f46472e30cf3a306850593bd2ddfcf614c0b71ff13bd78a20d6394944746

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
901ac039a476166697a8d18ebf0d4fad

SHA1
d98edb480c98be4cb89532a07f1602424534a4b6

SHA256
94299068288ac4fd1110bd795b76f9d38335e2fed67db588b568baed249e5e5d

SHA512
73cfe896e95f3a13675f1281a48b48d72823c3e8aad85fc45f4774220d70472dada06f63f627297167f5a6f78f43b03a60ef6145fdd1d10a0cbc46b858304182

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
fa7f64a9ab0eab8966c23f5eb8137469

SHA1
cc19caca548dee30c42e061c0a245c6d1c8d694c

SHA256
2947ddadac907611768768b2896fe207b948af856b5d212676754475af598f3e

SHA512
34f8f4f2e5f64bc1261f6b37255b3155d894a27961c0905009a3e28916127dcda5d1933a11a2f85813ef331cbf19f70b0c33abc68d0ce767d9a89a47448e43e6

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
fa1cceab71d9c0ce5c073a8443b33100

SHA1
3f55d60bf3157b092881721066bd7cf9f8fc6957

SHA256
b9391be3d9e8c2d32458bf1f61ffe2267511338e5bbea103108510a4567b0786

SHA512
5da46cf96290d488a60a68f146daa870b562e61d8637f2e5f6a1035082fe1e152b2160a72743bb66cdd223652cb2de2588015cf7afbcff9d0fe903142b556d91

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
a4729be330bce37496c27aebd592d587

SHA1
fef5a403ed82b1836f7ff13647fbfee5ef5a6bc4

SHA256
201763941f9e0e0d8e0601f527aca172ced3f7aec696f0232350152320a382a3

SHA512
08becaa4ebcb6b8111e7db472866cc8d0db15f5057a94844961c28eb648a19897727e73a3785a8d7d6fe1c27daf2ec9e835886169f3517dabe6718eb71d1041d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
738B

MD5
bcc26c382b727e702d9a24cd390dfd9b

SHA1
496aa6e7e6644314f8b33717d880517e2ff58529

SHA256
671c06988ae2490b7d7b711dbe079585e5f05afb9a051fc49314ea62aedf4df2

SHA512
bdb0070519647149b6f94801625ec1ee7470fee24555e848944edca11b5512b5a971e772b025d99caad01d77651d73b11135c3c07711dd865286ce38f94ee238

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
afae28a0f546d32f681a29b269b9a1a1

SHA1
28a6df830e152f290510aaa0d1a4488a12af69be

SHA256
60672b82058ea7e1d8ed614502dd843b6c6cd326b54a2c4f6e442d199920a2f6

SHA512
178eec2a4571c0675d5ea1cbe97ac1dedb6b9c0ee847852445b093be1e5e76f8daf4c44d0e65883c153e6b8442398aecdba68cbd8649da1ccb5d6d2431788051

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f0749ccb20b1a4bb9fefcad3e3d31d7e

SHA1
12d2af24a4353ed710f0c4924b03912186c191d0

SHA256
bfa63b7d6be9a23c82eb6e71f341da3887b9c917eedfe0d1f941469c48bdca20

SHA512
fb7601c3232807e99120a630df45249a65ba1249f7355b9d5e4af048ee5b4ed3de64e5b4d0e07358bea783c6bc56ffa697db6fc1dd7bb478ffe534f75651c33f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
001e89a0926d84648030b5eafad784a7

SHA1
0e72264727d47ddd14def69a12eadc927d365995

SHA256
f9d592ae30720cb6ed11c32f2f6e0fff19eed3fb8d04e3a4ec35916847a2097f

SHA512
109d840db9803f2dd08ed9dd3df56999d79723420e52fbdeb8fe8cd589f2028b3b2717b52d5ee7fc9a9cb2ac24365f47eb084bb11dcef36cc19c217b51d8c483

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fcb528dbc417dd689f1eeddaa848d507

SHA1
69a977691e8502a07feb0a840ab8fa23c4e0ae35

SHA256
5dd43f7ed5b1f5c4e7146da57a859cf12c723ecdd458e0b41c9104456d1653d0

SHA512
2902627d5f723022f96843d78730eee60c38554aa8754d08d2b6a11d6df0c51f78cfda60f6b56aeed82f1a28d5fbd2a3997eb3a84d36de2839c85e586309a69b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
d267dd1b79d9436a3db42a9bbcbabf0f

SHA1
e5f0f2f3f70b3fcf8001bf0ae3730fddd94f2b15

SHA256
072db43672641797a6ea368f017779349a920fc07653608522338e1434ed4cb4

SHA512
a63d60c600d5ce513f22fec0540df7871694656d26875ce02768223e0b74a0eb0f04026bd86783c37c2f439f50fd5831f7bf9b0fdcb76436797d35775cdf8813

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
13b48d23cf877213f84fcb1bbae855f5

SHA1
bb1adb5e94ebb2df701543c1b039f49b010fd6b1

SHA256
e4996d5eef80270d57041d4490cb97d37ebea893610e5fa2220d0f09738d023b

SHA512
8d39743c4ac376bab2aca6f41ce9b0ad18bd7c0333d87ed1f9e05cdd8e924027492a13e0980f510e0993896db25dedf906dfef457327e63bfe77d5cbbe351e9f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/788-280-0x0000000000130000-0x00000000018CA000-memory.dmp

Filesize
23.6MB

Download
memory/788-17-0x0000000000130000-0x00000000018CA000-memory.dmp

Filesize
23.6MB

Download
memory/2216-281-0x0000000000130000-0x00000000018CA000-memory.dmp

Filesize
23.6MB

Download
memory/2216-19-0x0000000000130000-0x00000000018CA000-memory.dmp

Filesize
23.6MB

Download
memory/4764-279-0x0000000000134000-0x0000000001393000-memory.dmp

Filesize
18.4MB

Download
memory/4764-278-0x0000000000130000-0x00000000018CA000-memory.dmp

Filesize
23.6MB

Download
memory/4764-0-0x0000000000134000-0x0000000001393000-memory.dmp

Filesize
18.4MB

Download
memory/4764-8-0x0000000000130000-0x00000000018CA000-memory.dmp

Filesize
23.6MB

Download
memory/4764-1-0x0000000000130000-0x00000000018CA000-memory.dmp

Filesize
23.6MB

Download